Recently I’ve been required to use a smart card to log into some servers I manage. Configuring my Linux Mint 17.2 machine to pass my smartcard through to those machines via VMWare View has not been straightforward. This guide will walk you through how to get Smartcard redirection to work with VMWare View in Ubuntu 14.04 Trusty Tahr, which Linux Mint 17.2 is based off of. Enjoy.
- Install the latest version of the VMWare View client (distro versions are often quite out of date) from here
chmod +x VMware-Horizon-Client-3.5.0-2999900.x64.bundle sudo ./VMware-Horizon-Client-3.5.0-2999900.x64.bundle
- Install necessary packages for CommonAccessCard (thanks to this helpful ubuntu writeup)
sudo apt-get install libpcsclite1 pcscd pcsc-tools
- (re)Start the pcscd daemon
sudo /etc/init.d/pcscd restart
- Ensure your smartcard reader is properly identified by running this command:
If that command is stuck on “Waiting for the first reader…” then you need to install your smartcard drivers. If it sees your smartcard, skip this next step and proceed to step 6.
- Install your smartcard driver. This process is different for each card. For the card reader I have (the Identive SCR3500 A Contact Reader), I was able to obtain the drivers after much difficulty from here. The link to the drivers itself are here (alternate link). In my case I was able to untar and run the install script, which worked beautifully.
- Install 32 bit compatibility libraries (only applicable for 64 bit installations) thanks to this site for the answer and this one for clarification
sudo dpkg --add-architecture i386 sudo apt-get update sudo apt-get install -y libxml2:i386 libssl1.0.0:i386 libXtst6:i386 libudev1:i386 libpcsclite1:i386 libtheora0:i386 libv4l-0:i386 libpulse0:i386 sudo ln -sf /lib/i386-linux-gnu/libudev.so.1 /lib/i386-linux-gnu/libudev.so.0 sudo ln -sf /lib/i386-linux-gnu/libssl.so.1.0.0 /lib/i386-linux-gnu/libssl.so.1.0.1 sudo ln -sf /lib/i386-linux-gnu/libcrypto.so.1.0.0 /lib/i386-linux-gnu/libcrypto.so.1
sudo ln -sf /lib/$(arch)-linux-gnu/libudev.so.1 /lib/$(arch)-linux-gnu/libudev.so.0
- (re)Start the vmware-USBArbitrator and vmware-view-USBD services
sudo /etc/init.d/vmware-USBArbitrator start sudo /etc/init.d/vmware-view-USBD start
For some reason after I did all of this the vmware-view binary was nowhere to be found. It was quite strange. I fixed this issue by removing and re-installing the view client:
sudo ./VMware-Horizon-Client-3.5.0-2999900.x64.bundle -u vmware-horizon-client sudo ./VMware-Horizon-Client-3.5.0-2999900.x64.bundle
After doing this the binary was there as expected.
- Create a config file to instruct the view client to redirect your smartcard reader.
echo 'viewusb.IncludeFamily = "smart-card"' >> /etc/vmware/config echo 'viewusb.AllowSmartcard = "true"' >> /etc/vmware/config
There is no graphical option to pass devices through like there is in the Windows client. I spent more time than I’d like to admit on this step. It turns out the name of the file is important – it has to simply be called “config.” Place this config file in ~/.vmware (it can also be placed in /etc/vmware/config and/or /usr/lib/vmware/config)
- Start vmware-view and enjoy your new smartcard capabilities
If it’s not working, make sure that these services are started
One of these services have been known to crash if you attempt to connect while your smartcard is plugged in. The dance to get around this is to unplug your card reader, re-launch the above services, launch vmware-view, connect to your view server, and then only after you’ve logged in, plug in your card reader.
Update 2/25/2016: Here is the script I use to make my chromebook work beautifully for remoting into work:
sudo /etc/init.d/pcscd restart sudo /etc/init.d/vmware-USBArbitrator restart sudo /etc/init.d/vmware-view-USBD restart setres 1600 1024 vmware-view setres 2560 1700