Clarification on requirements for AD Logon with PIV functionality

[Kemalele]

Hello,

I am new to both PIV and Active Directory (AD) and am trying to use piv to enable AD logon. While setting things up, I’ve encountered some challenges and would appreciate guidance on a specific point.

Do I need to use the OpenSC Minidriver to make this integration work, or can the repository function independently in an AD logon scenario?

What I’ve Tried:

I have followed https://docs.nitrokey.com/nitrokeys/features/piv/guides/client_logon_with_active_directory to set up token with AD.
However, logon attempts result in an error.

Questions:

Are minidrivers mandatory for enabling AD logon with smartcards?
If it is not mandatory, could you provide guidance on how to configure the setup without it?

[mmerklinger]

Hi, thanks for your message!

Are minidrivers mandatory for enabling AD logon with smartcards?

Some smartcards require a minidriver, yes. The Nitrokey 3 works with the builtin generic minidriver from Windows.

If it is not mandatory, could you provide guidance on how to configure the setup without it?

The guide you linked is based on the generic minidriver.

The configuration of a PIV login can be challenging, depending on the environment. I would like to suggest to move this to a private conversation in a support ticket. Please write to [email protected] to open one. Please include the following information:

• Windows server version
• Windows client version
• Nitrokey 3 firmware version
• Did you use Nitropy to generate the key and certificate?
  • Nitropy version
• Please include an output of certutil -scinfo with connected Nitrokey 3.
• Used algorithm for the certificate.

Looking forward to your support ticket!