Forum / NoMachine for Linux / Export this smart card reader at session startup does not work
- This topic has 6 replies, 3 voices, and was last updated 5 months, 3 weeks ago by Britgirl.
-
AuthorPosts
-
April 17, 2024 at 00:03 #47801opoplawskiParticipant
I can connect my smart card reader to the remote desktop and that works fine. However, there is a checkbox labeled “Export this smart card reader at session startup”, which I would assume would share the reader everytime I connect. However, this is not the case and I must manually share the reader each time.
NoMachine Workstation 8.11.3
Alma Linux 8.9April 22, 2024 at 09:31 #47894pfitasParticipantHi
Is this smart card reader a usb device? Have you tried sharing it through usb devices tab? Does smard card reader work without issues when shared manualy?April 22, 2024 at 20:06 #47911opoplawskiParticipantThis is a YubiKey – so yes a USB device. Generally manually sharing the smartcard reader works just fine, though a current test of reconnecting to an old session with a rebooted client fails. PKCS11 operations seem to hang. I see the following repeated in the strace of p11tool –list-token-urls:
sendto(6, “NXCLIENT-4.0.0 cookie=AD2186647C3824FF8D0ACD921D66B992,command=set,target=local,option=smartcard,value=:1004:3319770 “, 117, 0, NULL, 0) = 117
recvfrom(6, “NXAGENT-8.11.3 “, 10240, 0, NULL, NULL) = 15
recvfrom(6, “error=0,value=retry “, 10225, 0, NULL, NULL) = 20The YK device is not listed in the “Connect a USB device” menu, probably because it is already in use by the client machine. Unless the USB device could be used simultaneously by both machines (which seems doubtful), this would no be helpful to us because both the client and the remote session would need access to the smart card.
June 20, 2024 at 15:19 #48600BritgirlKeymasterWe have a Trouble Report open in relation to forwarding smartcard which does not work correctly when the automount option is enabled. It’s caused by some changes introduced to the ssh-agent in an OpenSSH update which, in order to increase the security level, block the execution of PKCS#11 libraries not in the default path or in the verified path. Smartcard will be mounted correctly after user navigates manually to smartcard panel in the menu to add it there. Btw, general improvements to device forwarding are coming in the release of NoMachine 9, including the possibility to detect devices newly plugged in during the session.
June 20, 2024 at 15:25 #48601opoplawskiParticipantIs the trouble report publicly visible?
We do add a pkcs#11 module to help with forwarding:
/usr/share/p11-kit/modules/nomachine.module:
module: /usr/NX/lib/libpkcs11.so
But that hasn’t had an effect on the auto-forwarding. I guess we’ll see what version 9 brings. Is there an ETA on that?
June 20, 2024 at 17:28 #48605BritgirlKeymasterAbout the TR being public, not yet, we are going to publish it soon, when it’s ready I will paste the link here.
June 21, 2024 at 11:51 #48610BritgirlKeymasterPlease disregard my previous explanation about the bug related to smartcard forwarding. This was a misunderstanding on my part of what developers had been investigating and their findings. The Trouble Report for your issue is available at the following link:
-
AuthorPosts
This topic was marked as solved, you can't post.