Note: This command requires that you are joined to a domain.
To test whether it is possible to log in using the inserted card
# vastool smartcard test login Testing user firstname.lastname@example.org Testing certificate validity ... ok Testing if PIN is required ... ok Enter PIN for email@example.com: Performing login to card ... ok Creating ID for client with UPN 'firstname.lastname@example.org' ... ok Establish initial credentials using PKCS#11 ... ok
This command uses the inserted card to perform a log in to Active Directory. It displays a warning if the user is not Unix enabled, and displays an error if the log in fails. This command is useful when troubleshooting Authentication Services for Smart Cards log in problems.
To help you troubleshoot your Authentication Services for Smart Cards installation, One Identity recommends the following resolutions to some of the common problems you might encounter.
Authentication Services for Smart Cards provides a number of tools and options to diagnose problems.
To troubleshoot problems with the card reader, first ensure that the reader is connected to the Unix workstation correctly, and that it is detected by the system.
To ensure that the reader is connected correctly
This displays output showing that the card reader is attached to one of the USB ports. For example:
Bus 003 Device 001: ID 0000:0000 Bus 002 Device 002: ID 04e6:511c SCM Microsystems, Inc. Bus 002 Device 001: ID 0000:0000 Bus 001 Device 001: ID 0000:0000
This shows a Reflex v3 USB reader connected to the workstation.
Note: Some readers require that you insert a card before the USB driver detects it.
Consult your vendors troubleshooting guide for more details on determining whether the reader is connected.