[FreeRDP-devel] Smartcard redirection

Discussion:

Prof. Dr. Michael Schefczyk

2016-03-07 16:17:26 UTC

Dear All,

My aim is to connect from a Debian Jessie PC to Windows Server 2008 R2 via RDP using FreeRDP with (a) two monitors and (b) smartcard redirection. The purpose of smartcard redirection is not Windows logon but use of the smartcard within a running Windows session. I am using single monitor RDP for a few years without issues based on rdesktop with smartcard and usb redirection like this:

#!/bin/bash rdesktop -f [ip of WTS] -r scard -r disk:usb=/media/local -u "[Domain]\[User]" -d [Domain] -p -

Unfortunately, I feel that resktop cannot handle the dual monitor setting while I am unable to get smartcard redirection to work with FreeRDP, at least with the version in the Debian Jessie packages ("This is FreeRDP version 1.1.0-beta1 (git n/a)").

A basic multimonitor connection does work, as long as no smartcard is involved:

xfreerdp /multimon /u:[User, probably also Domain\User] /v:[IP of WTS]

lsusb provides the following output regarding my smartcard:

Bus 001 Device 002: ID 04e6:5116 SCM Microsystems, Inc. SCR331-LC1 / SCR3310 SmartCard Reader

The following variant lead to no smartcard redirection:

xfreerdp /multimon /u:[User] /v:[IP of WTS] /smartcard

The following variants lead to a segfault:

xfreerdp /multimon /u:[User] /v:[IP of WTS] /smartcard:"SCM Microsystems, Inc. SCR331-LC1 / SCR3310 SmartCard Reader"
xfreerdp /multimon /u:[User] /v:[IP of WTS] /smartcard:"SCM Microsystems, Inc. SCR3310" [name based on pcsc_scan]

Other variants end up with "Warning smartcard_mark_duplicate_id (166): CompletionID number 0 is now marked as a duplicate.":

xfreerdp /multimon /u:[User] /v:[IP of WTS] /smartcard:"SCARD"
xfreerdp /multimon /u:[User] /v:[IP of WTS] /smartcard:"SCM Microsystems Inc. SCR 3310 [CCID Interface] (21120536114994) 00 00" [name based on pcsc_scan]

Plain USB redirection (while uncertain if it would solve the issue if it did work) seems to be no alternative either due to a bug (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788005):

xfreerdp /multimon /u:[User] /v:[IP of WTS] /usb:id04e6:5116

The "best" variant seems to be:

xfreerdp /multimon /u:[User] /v:[IP of WTS] /smartcard:SCARD

Then, Windows seems to recognize the reader but without being able to read the card (unlike rdesktop single monitor).

I am aware, that similar questions have been asked in this list before, however, with no solutions as far as I can see.
Would anyone please be so kind to point me to the right direction?

Regards,

Michael

Bernhard Miklautz

2016-03-07 17:10:33 UTC

Permalink

Hi Michael,

Post by Prof. Dr. Michael Schefczyk
Unfortunately, I feel that resktop cannot handle the dual monitor setting while I am unable to get smartcard redirection to work with FreeRDP, at least with the version in the Debian Jessie packages ("This is FreeRDP version 1.1.0-beta1 (git n/a)").

could you give the nightly binaries a try and see if the problem still
exists there?

https://ci.freerdp.com/job/freerdp-nightly-binaries/

Thank you,
best regards,
Bernhard

Prof. Dr. Michael Schefczyk

2016-03-07 18:23:09 UTC

Permalink

Hi Bernhard,

Thank you very much for your prompt response! I did install the nightly binary version (2.0.0). Two (probably somewhat silly) questions remain:

1) The nightly binary does not seem to replace /usr/bin/xfreerdp. Is there a simple way to execute the binary from the command line after installing it from the repository via apt-get?

2) Among the multiple alternatives I tried to get the smart card redirection going, is there one which you would suspect to be the correct approach?

Regards,

Michael

-----Ursprüngliche Nachricht-----
Von: Bernhard Miklautz [mailto:***@shacknet.at]
Gesendet: Montag, 7. März 2016 18:11
An: Prof. Dr. Michael Schefczyk <***@schefczyk.net>
Cc: 'freerdp-***@lists.sourceforge.net' <freerdp-***@lists.sourceforge.net>
Betreff: Re: [FreeRDP-devel] Smartcard redirection

Hi Michael,

could you give the nightly binaries a try and see if the problem still exists there?

https://ci.freerdp.com/job/freerdp-nightly-binaries/

Thank you,
best regards,
Bernhard

Armin Novak

2016-03-08 07:07:38 UTC

Permalink

Hi Michael,

the nightly binaries install to /opt/freerdp-nightly/bin/xfreerdp
As for smartcard, /smartcard should redirect all devices
but if there are issues with that it is possible to redirect only
specific ones with /smartcard:<device name>.
The name you can get from the output of opensc-tool --list-readers

Regards
Armin

Post by Prof. Dr. Michael Schefczyk
Hi Bernhard,
1) The nightly binary does not seem to replace /usr/bin/xfreerdp. Is there a simple way to execute the binary from the command line after installing it from the repository via apt-get?
2) Among the multiple alternatives I tried to get the smart card redirection going, is there one which you would suspect to be the correct approach?
Regards,
Michael
-----Ursprüngliche Nachricht-----
Gesendet: Montag, 7. März 2016 18:11
Betreff: Re: [FreeRDP-devel] Smartcard redirection
Hi Michael,

could you give the nightly binaries a try and see if the problem still exists there?
https://ci.freerdp.com/job/freerdp-nightly-binaries/
Thank you,
best regards,
Bernhard
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
FreeRDP-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel

Дмитрий Бастрон

2016-03-08 17:17:57 UTC

Permalink

Hi Michael!

AFAIK the "/v:server" command line key should be the last one.
Try this:
xfreerdp /smartcard /v:serverName
____
Best regards
Dmitry Bastron

-----Исходное сообщение-----
От: "Armin Novak" <***@thincast.com>
Отправлено: ‎08.‎03.‎2016 21:30
Кому: "freerdp-***@lists.sourceforge.net" <freerdp-***@lists.sourceforge.net>
Тема: Re: [FreeRDP-devel] Smartcard redirection

Hi Michael,

the nightly binaries install to /opt/freerdp-nightly/bin/xfreerdp
As for smartcard, /smartcard should redirect all devices
but if there are issues with that it is possible to redirect only
specific ones with /smartcard:<device name>.
The name you can get from the output of opensc-tool --list-readers

Regards
Armin

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
FreeRDP-devel mailing list
FreeRDP-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freerdp-devel

Armin Novak

2016-03-08 20:12:30 UTC

Permalink

order of command line is irrelevant (except assistance files)

regards
armin

Post by ÐÐ¼Ð¸ÑÑÐ¸Ð¹ ÐÐ°ÑÑÑÐ¾Ð½
Hi Michael!
AFAIK the "/v:server" command line key should be the last one.
xfreerdp /smartcard /v:serverName
____
Best regards
Dmitry Bastron
-----Исходное сообщение-----
Отправлено: ‎08.‎03.‎2016 21:30
Тема: Re: [FreeRDP-devel] Smartcard redirection
Hi Michael,
the nightly binaries install to /opt/freerdp-nightly/bin/xfreerdp
As for smartcard, /smartcard should redirect all devices
but if there are issues with that it is possible to redirect only
specific ones with /smartcard:<device name>.
The name you can get from the output of opensc-tool --list-readers
Regards
Armin

Post by Prof. Dr. Michael Schefczyk
Hi Bernhard,
Thank you very much for your prompt response! I did install the

nightly binary version (2.0.0). Two (probably somewhat silly) questions

Post by Prof. Dr. Michael Schefczyk
1) The nightly binary does not seem to replace /usr/bin/xfreerdp. Is

there a simple way to execute the binary from the command line after
installing it from the repository via apt-get?

Post by Prof. Dr. Michael Schefczyk
2) Among the multiple alternatives I tried to get the smart card

redirection going, is there one which you would suspect to be the
correct approach?

Post by Prof. Dr. Michael Schefczyk
Regards,
Michael
-----Ursprüngliche Nachricht-----
Gesendet: Montag, 7. März 2016 18:11
Betreff: Re: [FreeRDP-devel] Smartcard redirection
Hi Michael,
On Mon, Mar 07, 2016 at 04:17:26PM +0000, Prof. Dr. Michael Schefczyk

Post by Prof. Dr. Michael Schefczyk
Unfortunately, I feel that resktop cannot handle the dual monitor

setting while I am unable to get smartcard redirection to work with
FreeRDP, at least with the version in the Debian Jessie packages ("This
is FreeRDP version 1.1.0-beta1 (git n/a)").

Post by Prof. Dr. Michael Schefczyk
could you give the nightly binaries a try and see if the problem

still exists there?

Post by Prof. Dr. Michael Schefczyk
https://ci.freerdp.com/job/freerdp-nightly-binaries/
Thank you,
best regards,
Bernhard

------------------------------------------------------------------------------

Post by Prof. Dr. Michael Schefczyk
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
FreeRDP-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
FreeRDP-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Prof. Dr. Michael Schefczyk

2016-03-08 22:51:05 UTC

Permalink

Hi Armin & Bernhard,

Thank you very much! While the version included with Debian Jessie does end up in a segfault, the nightly does do the job very well. I will try next if a backport version from Debian Testing exists, which may do the job also. If so, I will stick with Debian (backport) packages. If not, I will use the nightly versions for the time being.

This is of great help, as I (SOHO user, not grand scale) have two remaining thin clients good with smartcards and dual monitor support from a two-letter manufacturer saying (implicitly): buy new hardware or be stuck with Windows 7. I will buy new hardware, but rather something where I do not depend on the manufacturer's mercy in terms of what they want to include in their images. From a component manufacturer focusing on energy efficient power supplies, one can get - for the same price - hardware good for a quite flexible Debian system which performs as an RDP client plus a good mini desktop PC without being stuck in any way. Of course, dealing with linux is not effort-free as one can see here, but dealing with the image system of the two-letter manufacturer is not easy either and not worth the effort, if one uses only two thin clients. This helps to remove proprietary software wherever possible.

Regards,

Michael

P.S.: Always good to see that Austria has such a strong Open Source community!

-----Ursprüngliche Nachricht-----
Von: Armin Novak [mailto:***@thincast.com]
Gesendet: Dienstag, 8. März 2016 08:08
An: freerdp-***@lists.sourceforge.net
Betreff: Re: [FreeRDP-devel] Smartcard redirection

Hi Michael,

the nightly binaries install to /opt/freerdp-nightly/bin/xfreerdp As for smartcard, /smartcard should redirect all devices but if there are issues with that it is possible to redirect only specific ones with /smartcard:<device name>.
The name you can get from the output of opensc-tool --list-readers

Regards
Armin

could you give the nightly binaries a try and see if the problem still exists there?
https://ci.freerdp.com/job/freerdp-nightly-binaries/
Thank you,
best regards,
Bernhard
----------------------------------------------------------------------
--------
Transform Data into Opportunity.
Accelerate data analysis in your applications with Intel Data
Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
FreeRDP-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
FreeRDP-devel mailing list
FreeRDP-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freerdp-devel

Bernhard Miklautz

2016-03-08 17:31:21 UTC

Permalink

Hi,

Post by Prof. Dr. Michael Schefczyk
1) The nightly binary does not seem to replace /usr/bin/xfreerdp. Is there a simple way to execute the binary from the command line after installing it from the repository via apt-get?

the binaries are installed with the prefix /opt/freerdp-nightly/ on
purpose to not collide with any file of the distributions package(s).

There are multiple ways to invoke them:

* invoke directly /opt/freerdp-nightly/bin/xfreerdp
* adapt your PATH environment: export * PATH=/opt/freerdp-nightly/bin/:$PATH
* set an bash alias: alias xfreerdp=/opt/freerdp-nightly/bin/xfreerdp

I'm fairly sure there are much more ;)

Post by Prof. Dr. Michael Schefczyk
2) Among the multiple alternatives I tried to get the smart card redirection going, is there one which you would suspect to be the correct approach?

Give the commands Armin described in his last E-Mail a try.

Best regards,
Bernhard