Advice for RHEL 8 smart card login with AD

Posted by noobiesysadm@reddit | linuxadmin | View on Reddit | 2 comments

Hello,

I was tasked with getting rhel 8 workstation VMs to authenticate with our active directory using smart card. I've gotten to the point where my RHEL 8 VM is on the AD Domain, I can log in with username@domain.com and password on my RHEL, but I can't authenticate with smart card (PIV in this case). When I put the card in, it asks for a pin (doesn't show my common name), but then instantly fails after inputting. I don't have an IDM server, just my RHEL 8 VM on the domain realm.

I am able to use

pkcs11-tool --login -O
pkcs11-tool --test --login

and it shows my token and certs after putting in my pin.

I've copied the Root CA and intermediate CAs to /etc/sssd/pki/sssd_auth_ca_db.pem

Here's a link to my sssd.conf, krb5.conf, and authselect.

I've read through the RHEL 8 articles about SSSD and smart card, but I'm kinda new to RHEL. If anyone can point me to any articles that accomplishes this, or has any advice that would be greatly appreciated.

[-]

Lellow_Yedbetter@reddit

200 days old and here I go commenting.

I am currently working on this same thing. Did you happen to figure anything out? My configs looks similar to yours.

LessTax99@reddit

I figured it out, I've been following this rabbit since 2023 also. Did you ever figured it out? or went the IdM route?