Smart Card login - Portuguese eID
Hi, First let me start by saying that this post is probably going to be extensive.. So the thing is that i'm trying to setup some client machines (Win7) to authenticate on a domain server (2008 R2) using Smart Cards, more precisely, the Portuguese Citizen Card (eID). I have the certification tree/path already in the domain trusted root domains, and the user certificate, when read, is valid (so are all the other ones), so In theory I should be able to login using that smart card. I also have configured the AD to have the user certificate associated with that user, to require smart card logon, and a smart card logon GPO setup and associated with this said user. At last, I have configured IIS to use the smart card option. My main problem is that when I try to use the eID card to logon I get the 'No valid certificates found" error and I can't seem to get pass this every single time. The username/password combination works just fine, but when I get to use the smart card I get this error. Also, I can't seem to find the step-by-step documentation for 2008 R2, which apparently has changed a lot since Server 2003. So, could I be pointed in the right direction regarding this matter? I know that the middleware supports this login method, I just can't seem to be able to get it to work. Best Regards, Celso Santos
June 21st, 2011 4:16am

On Tue, 21 Jun 2011 01:16:32 +0000, Zed_Blade wrote: My main problem is that when I try to use the eID card to logon I get the 'No valid certificates found" error and I can't seem to get pass this every single time. The username/password combination works just fine, but when I get to use the smart card I get this error. Try these links: http://support.microsoft.com/kb/959887 http://support.microsoft.com/kb/281245 Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Portable: Survives system reboot.
Free Windows Admin Tool Kit Click here and download it now
June 21st, 2011 10:30am

Hi, Did you import all the certificates in the chain (the root ca and its subroot certificate) in the NTAuth ? You should check the Spat's WebLog page about using the Belgian EID. You have all the tweaks and checking about smart card logon with EIDs. For your info, you can also check EIDAuthenticate, an open source program to allow smart card logon on stand alone computer which is compatible with the Portuguese EID. Regards, Vincent
July 7th, 2011 5:50pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics