3rd party smartcard logon

  • 98 Views
  • Last Post 14 August 2019
daemonr00t posted this 11 August 2019

Hi folks,

Anyone out there with a really functional and detailed guide to enable 3rd party smartcard logon to Windows?

So far I've seen stuff that's inaccurate and/or out dated.

Thanks a bunch.


~dannyCS

Order By: Standard | Newest | Votes
daemonr00t posted this 12 August 2019

Anyone out there?






~s




Sent from Windows Mail

show

Ravi.Sabharanjak posted this 13 August 2019

Does this help?
https://support.microsoft.com/en-us/help/281245/guidelines-for-enabling-smart-card-logon-with-third-party-certificatio
In short:- install smart card capable cert on DCs. We use one that also has our ldap vip name in the SAN.- create templates for smart card enrollment.- install drivers- set account options to require smart card. (Optional)- group policy on devices to require smart card for logins.(optional)- install smart card drivers.
We use an internal pki for the cards, external should work as long as the chain is trusted.
If you lock down accounts and servers to smart cards, be aware that there is no access if there is an issue with the pki infra.
Recently, I heard about a product (Entrust?) That uses your phone to store the identify cert, instead of a physical card. Would be interested in learning more about this if anyone has tried this.
-Ravi


show

chriss3 posted this 13 August 2019

It all depends on the 3rd party implementation, you’re saying 3rd party Smart Cards – this can be everything from having their own CSP, Min-driver, Middleware.

Or do you mean a 3rd party CA for issuing Certificates for Smart Cards?

 

I have ben working this 3rd party for example:


https://www.secmaker.com/en/secmaker

 

show

daemonr00t posted this 14 August 2019

Thanks so much!

 

There’s a glitch in the formatting of the cert.

 

I guess we’ll have to that address or explorer another provider.

 

Thank you both Ravi and Christoffer again.

 

 

~danny


Sent from Mail for Windows 10

 






show

Close