Smart card on NoMachine Terminal Server

Forum / NoMachine Terminal Server Products / Smart card on NoMachine Terminal Server

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #40081
    zen
    Participant

    Local computer: Windows 10 Pro with smartcard Rutoken

    Remote computer: Ubuntu on vmware

    $uname -r

    15.0-47-generic

    $ lsb_release -a

    No LSB modules are available.

    Distributor ID: Ubuntu

    Description: Ubuntu 22.04.1 LTS

    Release: 22.04

    Codename: jammy

    Nomachine Enterprise Terminal Server Evalution: 7.10.1

    I checked cat /usr/NX/var/log/nxinstall.log | grep -i usb

    Saw NX> 700 Cannot compile USB module.

    And did https://kb.nomachine.com/AR12J00658

    $sudo  apt-get install gcc

    $sudo apt-get install make

    $cd /usr/NX/share/src/nxusb

    $su –

    #make

    #cp nxusb.ko /usr/NX/bin/drivers/

    #make clean

    $lsmod | grep nxusb

    nxusb                  32768  5

    I see srvadm3@l-rdp04:~$ lsusb

    Bus 001 Device 002: ID 0a89:0030 Aktiv Rutoken ECP

    Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

    $ insmod /usr/NX/bin/drivers/nxusb.ko

    insmod: ERROR: could not insert module /usr/NX/bin/drivers/nxusb.ko: Operation not permitted

    Run the Cryptopro program. CryptoPro CSP 5.0.12500

    It does not see the container.

    $ tail -f /var/log/auth.log

    Sep  9 08:57:23 l-rdp04 dbus-daemon[830]: [system] Failed to activate service ‘org.bluez’: timed out (service_start_timeout=25000ms)

    Sep  9 08:57:23 l-rdp04 cptools: 08:57:23.800616 support_an_fopen:90 p:162955 t:0x0x7f1af92be590 support_an_fopen(“/etc/opt/cprocsp/config64.ini”, “r+b”) = 0x(nil) fail Permission denied(13)

    Sep  9 08:57:23 l-rdp04 cptools: 08:57:23.800822 support_an_fopen:90 p:162955 t:0x0x7f1af92be590 support_an_fopen(“/etc/opt/cprocsp/config64.ini”, “r+b”) = 0x(nil) fail Permission denied(13)

    Sep  9 08:57:26 l-rdp04 cptools: 08:57:26.951507 support_an_fopen:90 p:162955 t:0x0x7f1af92be590 support_an_fopen(“/var/opt/cprocsp/users/global.ini”, “rb”) = 0x(nil) fail Permission denied(13)

    $sudo dmesg

    [145627.211249] nxusb_vhci_hcd nxusb_vhci_hcd.0: NXUSB Virtual Host Controller Interface — Version 1.0 (2016-11-29)

    [145627.211253] nxusb_vhci_hcd nxusb_vhci_hcd.0: –> Backend: USB VHCI user-mode IOCTL-interface

    [145627.211256] nxusb_vhci_hcd nxusb_vhci_hcd.0: NXUSB Virtual Host Controller Interface

    [145627.211259] nxusb_vhci_hcd nxusb_vhci_hcd.0: new USB bus registered, assigned bus number 1

    [145627.211294] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.15

    [145627.211296] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1

    [145627.211297] usb usb1: Product: NXUSB Virtual Host Controller Interface

    [145627.211299] usb usb1: Manufacturer: Linux 5.15.0-47-generic nxusb_vhci_hcd

    [145627.211300] usb usb1: SerialNumber: nxusb_vhci_hcd.0

    [145627.211838] hub 1-0:1.0: USB hub found

    [145627.211843] hub 1-0:1.0: 15 ports detected

    [145627.212028] nxusb_vhci_iocifc: Usb bus #1

    [145631.212547] usb 1-1: new full-speed USB device number 2 using nxusb_vhci_hcd

    [145631.431717] usb 1-1: New USB device found, idVendor=0a89, idProduct=0030, bcdDevice= 1.00

    [145631.431722] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0

    [145631.431724] usb 1-1: Product: Rutoken ECP

    [145631.431725] usb 1-1: Manufacturer: Aktiv

    [167416.294409] usb 1-1: USB disconnect, device number 2

    [167416.350421] nxusb_vhci_hcd nxusb_vhci_hcd.0: remove, state 1

    [167416.350431] usb usb1: USB disconnect, device number 1

    [167416.383680] nxusb_vhci_hcd nxusb_vhci_hcd.0: stopped

    [167416.383685] nxusb_vhci_hcd nxusb_vhci_hcd.0: USB bus 1 deregistered

    [213477.165210] audit: type=1400 audit(1662681605.799:165): apparmor=”DENIED” operation=”capable” profile=”/usr/sbin/cupsd” pid=157639 comm=”cupsd” capability=12  capname=”net_admin”

    [213477.187216] audit: type=1400 audit(1662681605.823:166): apparmor=”DENIED” operation=”capable” profile=”/usr/sbin/cups-browsed” pid=157650 comm=”cups-browsed” capability=23  capname=”sys_nice”

    [243882.103716] nxusb_vhci_hcd nxusb_vhci_hcd.0: NXUSB Virtual Host Controller Interface — Version 1.0 (2016-11-29)

    [243882.103734] nxusb_vhci_hcd nxusb_vhci_hcd.0: –> Backend: USB VHCI user-mode IOCTL-interface

    [243882.103745] nxusb_vhci_hcd nxusb_vhci_hcd.0: NXUSB Virtual Host Controller Interface

    [243882.103754] nxusb_vhci_hcd nxusb_vhci_hcd.0: new USB bus registered, assigned bus number 1

    [243882.104876] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.15

    [243882.104885] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1

    [243882.104887] usb usb1: Product: NXUSB Virtual Host Controller Interface

    [243882.104889] usb usb1: Manufacturer: Linux 5.15.0-47-generic nxusb_vhci_hcd

    [243882.104891] usb usb1: SerialNumber: nxusb_vhci_hcd.0

    [243882.105084] hub 1-0:1.0: USB hub found

    [243882.105093] hub 1-0:1.0: 15 ports detected

    [243882.105892] nxusb_vhci_iocifc: Usb bus #1

    [243886.099824] usb 1-1: new full-speed USB device number 2 using nxusb_vhci_hcd

    [243886.347625] usb 1-1: New USB device found, idVendor=0a89, idProduct=0030, bcdDevice= 1.00

    [243886.347633] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0

    [243886.347635] usb 1-1: Product: Rutoken ECP

    [243886.347637] usb 1-1: Manufacturer: Aktiv

    $ pcsc_scan

    Using reader plug’n play mechanism

    Scanning present readers…

    0: Aktiv Rutoken ECP 00 00

    Fri Sep  9 08:42:26 2022

    Reader 0: Aktiv Rutoken ECP 00 00

    Event number: 0

    Card state: Card inserted,

    ATR: 3B 8B 01 52 75 74 6F 6B 65 6E 20 44 53 20 C1

    ATR: 3B 8B 01 52 75 74 6F 6B 65 6E 20 44 53 20 C1

    + TS = 3B –> Direct Convention

    + T0 = 8B, Y(1): 1000, K: 11 (historical bytes)

    TD(1) = 01 –> Y(i+1) = 0000, Protocol T = 1

    —–

    + Historical bytes: 52 75 74 6F 6B 65 6E 20 44 53 20

    Category indicator byte: 52 (proprietary format)

    + TCK = C1 (correct checksum)

    Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):

    3B 8B 01 52 75 74 6F 6B 65 6E 20 44 53 20 C1

    Aktiv Rutoken ECP

    https://www.rutoken.ru/products/all/rutoken-ecp/

    #40202
    Kacper K.
    Participant

    Hi,

    I’m sorry for the delay. Thank you for providing all the information about the issue.

    It looks like the nxusb.ko loads correctly after manual compilation. I’d like to ask you some additional questions:

    – Do you see a green dot in the corner of your smart card reader icon in “Menu -> Devices -> Connect a USB Device” tab when forwarding?

    – Do you see both local and remote devices in the tab?

    If you don’t see the devices, especially for the remote side, please make sure that the nxusb module is launched after opening “Menu -> Devices -> Connect a USB Device”:

    – on Ubuntu you need to run ‘ps ax | grep nxusbd | grep -v grep’, the output should be non-empty

    – on Windows you need to go to ‘Program Files/NoMachine/bin’ or ‘Program Files (x86)/NoMachine/bin’ and run ‘./nxservice64.exe –status nxusb’ (nxservice32.exe for 32-bit OS), the output should be ‘Running’

    If you encounter any errors, you can post or attach the output of the commands and/or a screenshot of USB tab.

    #40238
    zen
    Participant

    Hi,

    >>– Do you see a green dot in the corner of your smart card reader icon in “Menu -> Devices -> Connect a USB Device” tab when >>forwarding?

    >>– Do you see both local and remote devices in the tab?

    Yes, all good, please, find attach.

    Also in terminal:

    $ sudo ps ax | grep nxusbd | grep -v grep

    3745 ?        S<sl   0:00 /usr/NX/bin/nxusbd

     

    Did an additional test.

    On PC installed Ubuntu Server. Connected USB to this PC. USB is working.

    Then installed NoMachine Enterprise Terminal Server Evalution: 7.10.1. And did https://kb.nomachine.com/AR12J00658

    Connected from remote PC NoMachine Enterprise Client.

    The situation is the same, I cannot work with the keys in the session.

    Attachments:
    #40349
    Dawid.G
    Participant

    Hello, did you try connecting your smartcard via a dedicated service?

    Here’s how to do it: https://kb.nomachine.com/DT10O00156#4.5

Viewing 4 posts - 1 through 4 (of 4 total)

This topic was marked as closed, you can't post.