× Welcome to the Centrify Community! Looking for Express & Smart Card Help? Click Here

[Read Me 1st] – Common OS X Smart Card troubleshooting steps

Showing results for 
Search instead for 
Do you mean 
Reply
Community Manager
Posts: 266
Registered: ‎01-05-2015
#1 of 1 2,879

[Read Me 1st] – Common OS X Smart Card troubleshooting steps

[ Edited ]

Welcome to the Express for Smart Card forum! Often Smart Card issues are caused by OS X not using the correct “driver” to detect the reader. This can be corrected by performing cleanup and reinstall steps below.

 

Cleanup

 

  1. Unplug any smart cards and readers from your Mac
  2. Open the Centrify Smart Card Assistant Utility
  3. Press the Uninstall button to remove any Centrify bits off the system through the standard method
  4. Navigate to this folder and move or delete any remaining tokend files here:

    /System/Library/Security/tokend/    (for OS X 10.10 and below)
  5. /Library/Security/tokend/           (for OS X 10.11 and above)

     

  6. Use the following link to make sure you don't have any other smart card software installed that may be interfering with things: 
    http://militarycac.com/macuninstall.htm

  7. Run the following command to remove any potentially cached smart card objects from the system as well:

    sudo rm -rf /var/db/TokenCache/tokens/* 


     

Reinstall

 

Note: I would recommend double-checking through all of these steps - even if you think have done them before.

 

  1. Once your system is cleaned out. Check that your CAC reader is also updated to the latest firmware available:
    https://militarycac.com/macnotes.htm#see_the_reader

  2. Download and install Express for Smart Card:
    http://www.centrify.com/express/identity-service/smart-card-download/

  3. Make sure you have the DOD certificates imported into the Keychain: http://www.centrify.com/downloads/products/documentation/mac-smart-smartcard/1.0.0/wwhelp/wwhimpl/js...

    To use the ones that come packaged with OS X, use the steps under: 
    - "Loading DOD intermediate certificates into the keychain"

    To download them directly from the DOD PKI Management site, use the steps under:
    - "Downloading certificates from the DoD PKI Management site"

  4. Insert your smart card into the Mac and check in Keychain Access, the card should now appear correctly in there again.

  5. Try opening your target website in Safari, if it still doesn't work, check with an alternative browser and let us know how it goes.

 

 

Please create a new thread in this board if you continue to experience technical issues after performing these steps.

 

[Reference Thread]

AntonC
Community Manager


Community FAQ | Documentation | Support Portal | Centrify Trust | @CentrifySupport on Twitter
Follow Centrify:
Giving Kudos is a great way to thank our community contributors!
Problem Solved? Click "Accepted as Solution" so this information can help other users.

These opinions are my own and do not necessarily reflect the views and opinions of my employer.