Afternoon all,

 

We recently moved from the older Common Access Cards (CAC) to the Next Gen Gemalto 144k CAC.  I am not sure how the network admins had it configured before, but they had used some way of logging into the Mac by mapping the Unix hash to the Active Directory.  Like I said they had no idea what they were doing.  They followed some post they found on Google.

 

That way has crashed and burned since we moved to the NG CAC.  We are no longer able to log in with the CAC and it will not communicate with any of the web servers using SSL and that are CAC enabled.  We get the following error:

 

                “The website <WEBSITE ADDRESS> did not accept the certificate <CERTIFICATE NAME>”

 

No matter what certificate we select it displays this error with the list of certificates that are on the card.

 

We do have the CAC-NG package installed.  We have Leopard 10.5.8 installed and the CAC-NG package associated with that version installed as well. 

 

When we open the Keychain Access app the Smart Card will show up as CACNG instead of CAC and it does allow us to unlock the CAC and view the certs that are on the card.  The certs even display as being verified.

 

We are wondering if there is an official Mac document on what needs to be done to get this working on Leopard 10.5.8.  The network admins are dragging their feet and grumble, grumble, grumble when we tell them to contact someone at apple who does this for a living.  All other branches of the Federal Government and Military who are using Macs have them CAC enabled without any problems (they even talk to the Active Directory).  Im wondering if they just messed things up when they “locked down” the computers to put them on the network.

 

Any help is greatly appreciated.

 

Thanks,

 

Kevin Mills

46 SK/SKI

TYBRIN Corp.