Accedere ai computer di dominio di Windows con MS Active Directory

  1. Scaricare e installare l’ultima ` OpenSC <https://github.com/OpenSC/OpenSC/wiki>`_.

  2. Use a text editor to add the following settings to C:\Program Files:\OpenSC Project\OpenSC\opensc.conf.

    # Nitrokey Pro 2, OpenPGP Card, Nitrokey Storage 2
    card_atr 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:f5:73:c0:01:60:00:90:00:1c  {
            type = 9002;
            driver = "openpgp";
            # name = "Nitrokey Pro 2";
            md_read_only = false;
            md_supports_X509_enrollment = true;
    }
    # Nitrokey Pro, OpenPGP Card
    card_atr 3B:DA:18:FF:81:B1:FE:75:1F:03:00:31:C5:73:C0:01:40:00:90:00:0C {
            type = 9002;
            driver = "openpgp";
            # name = "Nitrokey Pro";
            md_read_only = false;
            md_supports_X509_enrollment = true;
    }
    # Nitrokey HSM 2, SmartCard-HSM
    card_atr 3b:de:18:ff:81:91:fe:1f:c3:80:31:81:54:48:53:4d:31:73:80:21:40:81:07:1c {
            type = 26000;
            driver = "sc-hsm";
            # name = "Nitrokey HSM 2";
            md_read_only = false;
            md_supports_X509_enrollment = true;
    }
    # Nitrokey HSM, SmartCard-HSM
    card_atr 3B:FE:18:00:00:81:31:FE:45:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:FA {
            type = 26000;
            driver = "sc-hsm";
            # name = "Nitrokey HSM";
            md_read_only = false;
            md_supports_X509_enrollment = true;
    }
    
  3. Aprite un terminale di comando e digitate «regedit». Usate regedit per importare ` questo file <https://www.nitrokey.com/sites/default/files/nk-hsm.reg>`_.

  4. Ora potete iscrivere Nitrokeys per i vostri utenti gestiti in Microsoft Active Directory. Potete usare Microsoft PKI, gpgsm, o Smart Policy. I seguenti passi descrivono l’uso di Smart Policy.

  5. Scaricate e installate Smart Policy.

  6. Selezionare «Leggere una smart card».

    img1
  7. Seleziona il certificato, la mappatura e l’utente.

    img2
  8. Verificare lo stato del dispositivo tramite CRL.

    img3
  9. Scegliete un oggetto dei criteri di gruppo (GPO).

    img4
  10. Confermare l’applicazione della mappatura.

img5

D’ora in poi, quando ti connetti al tuo computer Windows devi collegare la Nitrokey e inserire il tuo PIN.

img6