[SmartcardServices-Users] Next Gen SmartCard Help (Gemalto 144)

Mills, Kevin S CTR USAF AFMC 46 SK/SKI Kevin.Mills.ctr at Eglin.af.mil
Wed Jun 23 13:13:33 PDT 2010 

Afternoon all,

 

We recently moved from the older Common Access Cards (CAC) to the Next
Gen Gemalto 144k CAC.  I am not sure how the network admins had it
configured before, but they had used some way of logging into the Mac by
mapping the Unix hash to the Active Directory.  Like I said they had no
idea what they were doing.  They followed some post they found on
Google. 

 

That way has crashed and burned since we moved to the NG CAC.  We are no
longer able to log in with the CAC and it will not communicate with any
of the web servers using SSL and that are CAC enabled.  We get the
following error:

 

                "The website <WEBSITE ADDRESS> did not accept the
certificate <CERTIFICATE NAME>"

 

No matter what certificate we select it displays this error with the
list of certificates that are on the card.

 

We do have the CAC-NG package installed.  We have Leopard 10.5.8
installed and the CAC-NG package associated with that version installed
as well.  

 

When we open the Keychain Access app the Smart Card will show up as
CACNG instead of CAC and it does allow us to unlock the CAC and view the
certs that are on the card.  The certs even display as being verified.

 

We are wondering if there is an official Mac document on what needs to
be done to get this working on Leopard 10.5.8.  The network admins are
dragging their feet and grumble, grumble, grumble when we tell them to
contact someone at apple who does this for a living.  All other branches
of the Federal Government and Military who are using Macs have them CAC
enabled without any problems (they even talk to the Active Directory).
Im wondering if they just messed things up when they "locked down" the
computers to put them on the network.

 

Any help is greatly appreciated.

 

Thanks, 

 

Kevin Mills

46 SK/SKI

TYBRIN Corp.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20100623/e5c81ea3/attachment.html>

More information about the SmartcardServices-Users mailing list