Connecting Sberbank Internet Client to Ubuntu via rdesktop
I gradually move all the computers in the organization to Linux. Distribution - Ubuntu, as the most end-user friendly.
In this regard, of course, there are all sorts of problems that have to be solved or circumvented.
One of these problems is bookkeeping. I did not experiment and run 1C under wine, because besides 1C there are still a number of programs that are actively used by accountants, and with this 1C they exchange data.
From time immemorial, we have a license for a win2003 server, with 5 client licenses for a terminal server. I, frankly, not sure that I am formulating correctly, but I think that experts will correct.
This server itself was buried long ago, and everything works on a bunch of FreeBSD + SAMBA + bind + dhcpd, but the license has remained.
Actually, it was decided to raise Vmware on a separate machine, win in it, and put all the necessary accounting programs in it.
Sberbank at the conclusion of the contract gives USB-device - a smart card reader, and directly a card (very similar to the SIM card), where user keys and certificates are stored. This device is supposed to be connected to the computer on which the Internet client runs.
Connecting it to the server is, as it turned out, the wrong decision, because the client connected to this server via RDP cannot use this key. In the devices it is, Windows even offers to safely remove it. But when you turn on the Internet client - "An empty list of smart card readers."
I have never come across Sberbank’s Internet client or the intricacies of the RDP protocol, so for me this was a surprise.
I found out that the smart card can be used by connecting to the server via VNC, since wmvare allows it. But the situation when an accountant had to open another Windows session in order to access the Internet bank somehow didn’t like me.
Rdesktop, it turns out, is able to transmit smart cards from a client to a server. But under Ubuntu, this feature is not implemented, that is, the package in the repository is built without the support of smart cards.
Rebuild
Actually, as it turned out, to enable support for smart cards it is not enough just to specify
The accountant works with the Internet client without problems in the same RDP session that is open for 1C and others. What, actually, was required.
In this regard, of course, there are all sorts of problems that have to be solved or circumvented.
One of these problems is bookkeeping. I did not experiment and run 1C under wine, because besides 1C there are still a number of programs that are actively used by accountants, and with this 1C they exchange data.
From time immemorial, we have a license for a win2003 server, with 5 client licenses for a terminal server. I, frankly, not sure that I am formulating correctly, but I think that experts will correct.
This server itself was buried long ago, and everything works on a bunch of FreeBSD + SAMBA + bind + dhcpd, but the license has remained.
Actually, it was decided to raise Vmware on a separate machine, win in it, and put all the necessary accounting programs in it.
Actually, the problem
Sberbank at the conclusion of the contract gives USB-device - a smart card reader, and directly a card (very similar to the SIM card), where user keys and certificates are stored. This device is supposed to be connected to the computer on which the Internet client runs.
Connecting it to the server is, as it turned out, the wrong decision, because the client connected to this server via RDP cannot use this key. In the devices it is, Windows even offers to safely remove it. But when you turn on the Internet client - "An empty list of smart card readers."
I have never come across Sberbank’s Internet client or the intricacies of the RDP protocol, so for me this was a surprise.
I found out that the smart card can be used by connecting to the server via VNC, since wmvare allows it. But the situation when an accountant had to open another Windows session in order to access the Internet bank somehow didn’t like me.
The solution was pretty simple.
Rdesktop, it turns out, is able to transmit smart cards from a client to a server. But under Ubuntu, this feature is not implemented, that is, the package in the repository is built without the support of smart cards.
Rebuild
wget downloads.sourceforge.net/project/rdesktop/rdesktop/1.6.0/rdesktop-1.6.0.tar.gz?use_mirror=sunet&ts=1279511105
tar -xvf rdesktop-1.6.0.tar.gz
cd rdesktop-1.6.0
aptitude install libpcsclite-dev pcscd # - . (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546713)
./configure --with-libpcsclite-dev --enable-smartcard
make
make install
rdesktop -r scard:"Gemplus GemPC Key SmartCard Reader"="Gemplus GemPC Key SmartCard Reader"Actually, as it turned out, to enable support for smart cards it is not enough just to specify
./configure --enable-smartcard - all the same, when launching, rdesktop says it is compiled without their support. You need to install libpcsclite-dev in order for it to work as it should.Eventually
The accountant works with the Internet client without problems in the same RDP session that is open for 1C and others. What, actually, was required.
')
Source: https://habr.com/ru/post/99439/
All Articles