Bug 1547809

Summary: Omnikey 3121 Smart Card Reader will not work on VM or Bare Metal RHEL 7.4 server
Product: Red Hat Enterprise Linux 7 Reporter: Josip Vilicic <jvilicic>
Component: pcsc-lite-ccidAssignee: Bob Relyea <rrelyea>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.4CC: amitkuma, nmavrogi, rpattath, wturky
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
See https://bugzilla.redhat.com/show_bug.cgi?id=1558258
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 11:35:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josip Vilicic 2018-02-22 02:04:36 UTC 
Description of problem:
Omnikey 3121 Smart Card Reader will not work on VM or Bare Metal RHEL 7.4 server


----------------------------------------------------------
Version-Release number of selected component (if applicable):
opensc-0.16.0-5.20170227git777e2a3.el7.x86_64


----------------------------------------------------------
How reproducible: 
Every time


----------------------------------------------------------
Steps to Reproduce:
1. Start with a RHEL 7.4 VM with Passthrough correctly configured (according to https://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp?topic=/com.vmware.vsphere.vmadmin.doc_41/vsp_vm_guide/configuring_virtual_machines/t_add_a_passthrough_usb_device_to_vm.html)   
2. Or start with a RHEL 7.4 BareMetal server
3. Configure according to https://access.redhat.com/solutions/3054511


----------------------------------------------------------
Actual results:
# opensc-tool --list-readers
No smart card readers found.

# pkcs11-tool --list-slots
Available slots:
No slots.

# pkcs15-tool -D
No smart card readers found.


----------------------------------------------------------
Expected results:
The smartcard reader to be recognized and used.


----------------------------------------------------------
Additional info:
# lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 006: ID 076b:3031 OmniKey AG
Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub


# dmesg | tail
[7882511.488675] usb 2-2.1: New USB device found, idVendor=076b, idProduct=3031
[7882511.488679] usb 2-2.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[7882511.488681] usb 2-2.1: Product: OMNIKEY 3x21 Smart Card Reader
[7882511.488682] usb 2-2.1: Manufacturer: HID Global
[7882564.830134] usb 2-2.1: USB disconnect, device number 7
[7882569.127100] usb 2-2.1: new full-speed USB device number 8 using uhci_hcd
[7882569.508308] usb 2-2.1: New USB device found, idVendor=076b, idProduct=3031
[7882569.508312] usb 2-2.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[7882569.508314] usb 2-2.1: Product: OMNIKEY 3x21 Smart Card Reader
[7882569.508315] usb 2-2.1: Manufacturer: HID Global


# pcscd -d -f
00000000 pcscdaemon.c:233:main() pcscd set to foreground with debug send to stdout
00000059 configfile.l:245:DBGetReaderListDir() Parsing conf directory: /etc/reader.conf.d
00000006 configfile.l:257:DBGetReaderListDir() Skipping non regular file: .
00000003 configfile.l:257:DBGetReaderListDir() Skipping non regular file: ..
00000005 pcscdaemon.c:525:main() pcsc-lite 1.8.8 daemon ready.
00001958 hotplug_libudev.c:260:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/002/001
00000072 hotplug_libudev.c:260:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/002/001
00000086 hotplug_libudev.c:260:get_driver() Looking for a driver for VID: 0x0E0F, PID: 0x0003, path: /dev/bus/usb/002/002
00000065 hotplug_libudev.c:260:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/002/001
00000075 hotplug_libudev.c:260:get_driver() Looking for a driver for VID: 0x0E0F, PID: 0x0002, path: /dev/bus/usb/002/003
00000069 hotplug_libudev.c:260:get_driver() Looking for a driver for VID: 0x076B, PID: 0x3031, path: /dev/bus/usb/002/008
00000065 hotplug_libudev.c:260:get_driver() Looking for a driver for VID: 0x0E0F, PID: 0x0002, path: /dev/bus/usb/002/003
00000103 hotplug_libudev.c:260:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
04912563 hotplug_libudev.c:260:get_driver() Looking for a driver for VID: 0x076B, PID: 0x3031, path: /dev/bus/usb/002/009

(that last line item is the smart card reader)



# systemctl status pcscd.service
● pcscd.service - PC/SC Smart Card Daemon
   Loaded: loaded (/usr/lib/systemd/system/pcscd.service; indirect; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2018-02-15 15:29:20 EST; 5min ago
  Process: 2251 ExecStart=/usr/sbin/pcscd --foreground --auto-exit (code=exited, status=1/FAILURE)
 Main PID: 2251 (code=exited, status=1/FAILURE)

Feb 15 15:28:36 tcolletto-rh systemd[1]: Started PC/SC Smart Card Daemon.
Feb 15 15:28:36 tcolletto-rh systemd[1]: Starting PC/SC Smart Card Daemon...
Feb 15 15:28:36 tcolletto-rh pcscd[2251]: 00000000 utils.c:53:GetDaemonPid() Can't open /var/run/pcscd/pcscd.pid: No such file or directory
Feb 15 15:29:20 tcolletto-rh systemd[1]: Stopping PC/SC Smart Card Daemon...
Feb 15 15:29:20 tcolletto-rh systemd[1]: pcscd.service: main process exited, code=exited, status=1/FAILURE
Feb 15 15:29:20 tcolletto-rh systemd[1]: Stopped PC/SC Smart Card Daemon.
Feb 15 15:29:20 tcolletto-rh systemd[1]: Unit pcscd.service entered failed state.
Feb 15 15:29:20 tcolletto-rh systemd[1]: pcscd.service failed.
Comment 2 Jakub Jelen 2018-02-22 08:47:08 UTC 
This is a reader, that needs to be added to pcsc-lite-ccid package. It was release upstream in 1.4.23 (2016), but the package was not rebased in RHEL7 yet [1].

 1.4.23 - 20 April 2016, Ludovic Rousseau
       . HID Global OMNIKEY 3x21 Smart Card Reader

Moving to the according package to Bob. If it is not urgent, it should be fixed with RHEL7.6.

https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=pcsclite/CCID.git;a=blob;f=README;hb=HEAD#l121
Comment 4 Ken Long 2018-04-04 19:33:11 UTC 
I'm having this same problem and the need is much more urgent.  Is there a valid work around that I could use until 7.6 comes out?   (we're only on 7.4 now, so I'm assuming 7.6 is quite a ways off)

Thank you.
Comment 5 amitkuma 2018-04-26 14:03:21 UTC 
Hello,

/////Customer sudo Question/////////
I can't seem to figure out how I would be able to use my smart card when I'm ssh'd to a remote server if I want to do a privilege elevation.   (i.e.  sudo)    

So, if I set up the machine like you and I talked about and I have the ssh key in AD and I use putty or securecrt or something like that to ssh into a RHEL system, then how do I get sudo to see the local smart card for me to elevate with it?

Thanks
Amit
Comment 7 Bob Relyea 2018-05-23 18:15:57 UTC 
fixed in pcsc-lite-ccid-1.4.10-13.1.el7
Comment 11 errata-xmlrpc 2018-10-30 11:35:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3256