RE: [Fed-Talk] New Mac user - how to enable remote desktop connection using CAC reader/CAC & PIN
RE: [Fed-Talk] New Mac user - how to enable remote desktop connection using CAC reader/CAC & PIN
- Subject: RE: [Fed-Talk] New Mac user - how to enable remote desktop connection using CAC reader/CAC & PIN
- From: "Vega, Ramon G Jr Mr CIV USAF AFMC 682 ARSS/EN" <email@hidden>
- Date: Mon, 19 Oct 2009 08:16:16 -0500
- Thread-topic: [Fed-Talk] New Mac user - how to enable remote desktop connection using CAC reader/CAC & PIN
Well, well, this is disappointing. Tried to use smart card log-in to AF
portal and webmail over the week end and lo and behold - didn't work! AF
Portal in all instances came back with a pull-down to select another
certificate to try. Webmail came back with something about rejecting SSL
(sorry I don't have the exact error messages with me). Retraced my steps,
played around with the Key Access program, went back through the same
process I used before (referenced CAC for MAC document) and could not get it
to work again. Quite frustrating. Also, why wouldn't Microsoft enable
smart card in it remote desktop s/w for mac? I found a note on mactopia
that said "You cannot use a smart card with Microsoft Remote Desktop
Connection Client for Mac 2."
Seems the easiest, least frustrating way to guarantee CAC access to secure
websites/apps is via boot camp......bummer.
On a positive mac note, imported all my digi-photos onto the mac and used
iPhoto's "faces" face-recognition tool. Very cool.
v/r
RV
-----Original Message-----
From: Vega, Ramon G Jr Mr CIV USAF AFMC 682 ARSS/EN
Sent: Thursday, October 15, 2009 3:36 PM
To: 'Kerry Matthews'; Arendt, Christopher D Capt USAF AETC AFLMA/AFLMA/LGY
Cc: Timothy J. Miller; email@hidden
Subject: RE: [Fed-Talk] New Mac user - how to enable remote desktop
connection using CAC reader/CAC & PIN
OK - I now understand "rdesktop" is a different app from the MS app so I'll
go give that a try. I should have mentioned I'm on "Snow Leopard" and a
2009 MBP.
As to getting Safari working, I used sections 3.2-3.4 of the
"CAC_for_a_MAC_v1.2.doc" from the MAC OS CAC Resource Page @
https://sites.google.com/a/compsolve.net/mac-cac/ (same site Kerry just
posted below)
I was able to skip section 3.1 as the CAC reader was already recognized by
the OS and the key chains access app was already up to date and did not
require downloading/installing apple smart card services update.
I did have to do one thing different in section 3.2 step 10: double
clicking the downloaded ".cer" file did not appear to do anything, so
instead I had to do a certificate import and that did the trick.
v/r
RV
-----Original Message-----
From: Kerry Matthews [mailto:email@hidden]
Sent: Thursday, October 15, 2009 3:32 PM
To: Arendt, Christopher D Capt USAF AETC AFLMA/AFLMA/LGY
Cc: Timothy J. Miller; Vega, Ramon G Jr Mr CIV USAF AFMC 682 ARSS/EN;
email@hidden
Subject: Re: [Fed-Talk] New Mac user - how to enable remote desktop
connectionusing CAC reader/CAC & PIN
For most CAC-enabled websites you will need an "Identity Preference" to make
sure Safari chooses the right cert per site. This is a pretty common
problem unfortunately. Here's a link to a reference I've used in the past:
CAC_for_a_Mac_v1.2.doc
http://idisk.mac.com/dp.hayes-Public/?view=web
Also, just FYI - always make sure you're card reader has been updated (on a
Windows box...sorry) to the latest "CCID" compliant firmware. It's
dependent on card vendor.
Kerry Matthews | email@hidden
Information Systems Security Manager
CSC @ Alabama Supercomputer Program
On Oct 15, 2009, at 3:24 PM, Arendt, Christopher D Capt USAF AETC
AFLMA/AFLMA/LGY wrote:
For AF Portal,
Here's a new method I've had about a 50% success rate with:
1. Connect Card reader to Mac
2. Insert CAC
3. Navigate to AF Portal
4. Click "Log In" for CAC/ECA Login
5. When prompted, enter PIN
6. When prompted to select certificate, WAIT 5 MINUTES!!
7. After 5 minutes has expired, select correct (EMAIL) certificate
and
click "OK"
-----Original Message-----
From:
fed-talk-bounces+christopher.arendt=email@hidden
[mailto:fed-talk-bounces+christopher.arendt=email@hidden.c
om] On Behalf Of Timothy J. Miller
Sent: Thursday, October 15, 2009 2:49 PM
To: Vega, Ramon G Jr Mr CIV USAF AFMC 682 ARSS/EN
Cc: email@hidden
Subject: Re: [Fed-Talk] New Mac user - how to enable remote desktop
connectionusing CAC reader/CAC & PIN
Vega, Ramon G Jr Mr CIV USAF AFMC 682 ARSS/EN wrote:
Hello, I'm new to mac world and would like to enable CAC
login to our
unit's remote desktop connection. I have successfully
enabled CAC
using key access guidelines for webmail and AF Portal (on
Safari) but
when I start the latest Microsoft mac version of "remote
desktop
connection" - the program starts but asks for username and
password
but does not recognize the CAC and ask for a PIN.
Microsoft's Remote Desktop Client for OS X doesn't support remote
smartcard readers.
If you're feeling adventurous, you can install X11 and recompile
rdesktop from MacPorts with --enable-smartcard set. That *might*
work
(I've never tried).
I'm curious how you got Safari working with the AF Portal.
-- Tim
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden