Connecting the Sberbank Internet client to Ubuntu via rdesktop
I am gradually moving all the computers in the organization to Linux. Distribution - Ubuntu, as the most end-user friendly.
In this regard, naturally, various kinds of problems arise that have to be solved or circumvented.
One of these problems is accounting. I did not experiment and run 1C under wine, because in addition to 1C, there are a number of programs that are actively used by accountants, and they exchange data with this 1C.
Since time immemorial, we have a license for the win2003 server, with 5 client licenses for the terminal server. I honestly am not sure that I am formulating correctly, but I think that experts will correct.
This server itself was buried a long time ago, and everything works on a bunch of FreeBSD + SAMBA + bind + dhcpd, but the license remains.
Actually, it was decided to raise Vmware on a separate machine, win in it, and already put all the necessary accounting programs into it.
Sberbank at the conclusion of the contract gives a USB device - a smart card reader, and directly a card (very similar to SIM card), where user keys and certificates are stored. This device is supposed to be connected to the computer on which the Internet client is running.
Connecting it to the server is, as it turned out, the wrong decision, because a client connected to this server via RDP cannot use this key. It is in devices, Windows even offers to safely remove it. But when you turn on the Internet client - "An empty list of smart card readers."
I have never encountered either Sber’s Internet client or the intricacies of the RDP protocol, so this was a surprise to me.
I found out that a smart card can be used by connecting to the server via VNC, since wmvare allows this. But the situation when an accountant, in order to enter the Internet banking, is forced to open another Windows session, I somehow did not like.
Rdesktop, it turns out, is able to transmit smart cards from client to server. But under Ubuntu this feature is not implemented, that is, the package in the repository is built without support for smart cards.
Reassemble Actually, as it turned out, to enable smart card support it’s not enough just to specify - anyway, when you start rdesktop it says that it was built without their support. You need to install libpcsclite-dev in order for everything to work as it should.
The accountant works with the Internet client without problems in the same RDP session that is open for 1C and other things. Which, in fact, was required.
In this regard, naturally, various kinds of problems arise that have to be solved or circumvented.
One of these problems is accounting. I did not experiment and run 1C under wine, because in addition to 1C, there are a number of programs that are actively used by accountants, and they exchange data with this 1C.
Since time immemorial, we have a license for the win2003 server, with 5 client licenses for the terminal server. I honestly am not sure that I am formulating correctly, but I think that experts will correct.
This server itself was buried a long time ago, and everything works on a bunch of FreeBSD + SAMBA + bind + dhcpd, but the license remains.
Actually, it was decided to raise Vmware on a separate machine, win in it, and already put all the necessary accounting programs into it.
Actually, the problem
Sberbank at the conclusion of the contract gives a USB device - a smart card reader, and directly a card (very similar to SIM card), where user keys and certificates are stored. This device is supposed to be connected to the computer on which the Internet client is running.
Connecting it to the server is, as it turned out, the wrong decision, because a client connected to this server via RDP cannot use this key. It is in devices, Windows even offers to safely remove it. But when you turn on the Internet client - "An empty list of smart card readers."
I have never encountered either Sber’s Internet client or the intricacies of the RDP protocol, so this was a surprise to me.
I found out that a smart card can be used by connecting to the server via VNC, since wmvare allows this. But the situation when an accountant, in order to enter the Internet banking, is forced to open another Windows session, I somehow did not like.
The solution turned out to be quite simple
Rdesktop, it turns out, is able to transmit smart cards from client to server. But under Ubuntu this feature is not implemented, that is, the package in the repository is built without support for smart cards.
Reassemble Actually, as it turned out, to enable smart card support it’s not enough just to specify - anyway, when you start rdesktop it says that it was built without their support. You need to install libpcsclite-dev in order for everything to work as it should.
wget downloads.sourceforge.net/project/rdesktop/rdesktop/1.6.0/rdesktop-1.6.0.tar.gz?use_mirror=sunet&ts=1279511105
tar -xvf rdesktop-1.6.0.tar.gz
cd rdesktop-1.6.0
aptitude install libpcsclite-dev pcscd # - вот об этом нигде не написано. Одно упоминание на багтрекере (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546713)
./configure --with-libpcsclite-dev --enable-smartcard
make
make install
rdesktop -r scard:"Gemplus GemPC Key SmartCard Reader"="Gemplus GemPC Key SmartCard Reader"
./configure --enable-smartcard
Eventually
The accountant works with the Internet client without problems in the same RDP session that is open for 1C and other things. Which, in fact, was required.