Prijava v domenske računalnike Windows z MS Active Directory#

(Nitrokey HSM 2 - Windows)

  1. Prenesite in namestite najnovejši OpenSC.

  2. Z urejevalnikom besedila dodajte naslednje nastavitve v C:\Program Files:\OpenSC Project\OpenSC\opensc.conf.

# Nitrokey Pro 2, OpenPGP Card, Nitrokey Storage 2
card_atr 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:f5:73:c0:01:60:00:90:00:1c  {
    type = 9002;
    driver = "openpgp";
    # name = "Nitrokey Pro 2";
    md_read_only = false;
    md_supports_X509_enrollment = true;
}
# Nitrokey Pro, OpenPGP Card
card_atr 3B:DA:18:FF:81:B1:FE:75:1F:03:00:31:C5:73:C0:01:40:00:90:00:0C {
    type = 9002;
    driver = "openpgp";
    # name = "Nitrokey Pro";
    md_read_only = false;
    md_supports_X509_enrollment = true;
}
# Nitrokey HSM 2, SmartCard-HSM
card_atr 3b:de:18:ff:81:91:fe:1f:c3:80:31:81:54:48:53:4d:31:73:80:21:40:81:07:1c {
    type = 26000;
    driver = "sc-hsm";
    # name = "Nitrokey HSM 2";
    md_read_only = false;
    md_supports_X509_enrollment = true;
}
# Nitrokey HSM, SmartCard-HSM
card_atr 3B:FE:18:00:00:81:31:FE:45:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:FA {
    type = 26000;
    driver = "sc-hsm";
    # name = "Nitrokey HSM";
    md_read_only = false;
    md_supports_X509_enrollment = true;
}
  1. Odprite ukazni terminal in vnesite „regedit“. S programom regedit uvozite to datoteko.

  2. Zdaj lahko za svoje uporabnike, ki jih upravljate v Microsoftovem imeniku Active Directory, vpišete Nitrokeys. Uporabite lahko Microsoftov PKI, gpgsm ali Smart Policy. V naslednjih korakih je opisana uporaba pametne politike.

  3. Prenesite in namestite program Smart Policy.

  4. Izberite „Preberite pametno kartico“.

Img1
  1. Izberite potrdilo, preslikavo in uporabnika.

Img2
  1. Preverite stanje naprave prek seznama CRL.

Img3
  1. Izberite objekt skupinske politike (GPO).

Img4
  1. Potrdite uporabo preslikave.

Img5

Od zdaj naprej morate ob prijavi v računalnik Windows povezati ključ Nitrokey in vnesti kodo PIN.

Img6