Please Help

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 5
Registered: ‎09-29-2014
#1 of 19 38,010
Accepted Solution

Please Help

[ Edited ]

I am running Mavericks OSX 10.9.5 (haven't upgraded to Yosemite yet) and have installed the Centrify Smart Card Assistant. I have a CAC reader that works and my machine recognizes it. I was having trouble getting Safari to allow me to login into my Navy email site. I was coached to download Smart Card Services Releases v2.0.1 for Mavericks. I feel like as soon as I downloaded and installed that file, it took me several steps back because before I did this, when i was in Keychain and clicked on the CAC, then My Certificates, it showed my certificates. I would try to login using Safari and it would bring up the box for me to enter my CAC pin, but I was not able to login. But it seemed like I was very close to getting in.

However, after installing Smart Card Services Releases v2.0.1 for Mavericks, My certificates do not show up when I click on the CAC in Keychain, and if I try to go to the navy.mil email site, it never even brings up the box where I can try to enter my CAC pin, just always gives Error code 500 - Internal Server Error.

I am at a loss and really would like to be able to check email from home. I am also wondering if my CAC in Keychain should be listed as cac-0000-0000-0000-0001-0000. I could be wrong, but I feel like before installing the Smart Card Services, my CAC would show up as something that didn't involve so many zeros.

Thanks for any help,
Scott

Highlighted
Posts: 532
Kudos: 171
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#2 of 19 38,003

Re: Please Help

[ Edited ]

Hi Scott,

 

It sounds like the system is not using the correct "drivers" to detect your smartcard anymore, so let's getting everything back to a recognisable base level first:

 

Cleanup

  1. Unplug any smart cards and readers from your Mac
  2. Open the Centrify Smart Card Assistant Utility
  3. Press the Uninstall button to remove any Centrify bits off the system through the standard method
  4. Navigate to this folder and move or delete any remaining tokend files here:

    /System/Library/Security/tokend/    (for OS X 10.10 and below)
  5. /Library/Security/tokend/           (for OS X 10.11 and above)

     

  6. Use the following link to make sure you don't have any other smart card software installed that may be interfering with things: 
    http://militarycac.com/macuninstall.htm

  7. Run the following command to remove any potentially cached smart card objects from the system as well:

    sudo rm -rf /var/db/TokenCache/tokens/* 


     

Reinstall

Note: I would recommend double-checking through all of these steps - even if you think have done them before.

 

  1. Once your system is cleaned out. Check that your CAC reader is also updated to the latest firmware available:
    https://militarycac.com/macnotes.htm#see_the_reader

  2. Download and install Express for Smart Card:
    http://www.centrify.com/express/identity-service/smart-card-download/

  3. Make sure you have the DOD certificates imported into the Keychain: http://www.centrify.com/downloads/products/documentation/mac-smart-smartcard/1.0.0/wwhelp/wwhimpl/js...

    To use the ones that come packaged with OS X, use the steps under: 
    - "Loading DOD intermediate certificates into the keychain"

    To download them directly from the DOD PKI Management site, use the steps under:
    - "Downloading certificates from the DoD PKI Management site"

  4. Insert your smart card into the Mac and check in Keychain Access, the card should now appear correctly in there again.

  5. Try opening your target website in Safari, if it still doesn't work, check with an alternative browser and let us know how it goes.

 

 

Hope that helps and kind regards,

Brian

Participant II
Posts: 5
Registered: ‎09-29-2014
#3 of 19 37,887

Re: Please Help

Thanks Brian, I followed your steps and it worked! I am so happy.

Participant II
Posts: 2
Registered: ‎12-09-2014
#4 of 19 37,070

Re: Please Help

Dear Centrify - 

 

I just got a Mac.  Initially I could log into Army AKO and Enterprise email with my CAC.  Then I was messing around in Keychain Access and I think I deleted something I shouldn't have.  I tried all of the steps in your message and now my CAC card doesn't appear in the Keychain access.  Please help!!

 

Thank you.

Jill

Posts: 532
Kudos: 171
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#5 of 19 37,064

Re: Please Help

Hi Jill,

 

If the CAC card doesn't appear in your Keychain at all, then it means the tokends (smart card drivers) were not installed correctly.

 

Please make absolutely sure you've gone through every step in both Cleanup and Reinstall procedures in the accepted post above and you should at least get the card appearing in the Keychain again.

 

This means hitting every step in the militarycac.com webpage as well to make sure there are no remnant drivers, then make sure the Keychain is added and updated and the Centrify software is fully re-downloaded and re-installed.

 

Kind regards,

Brian

 

 

 

Participant II
Posts: 2
Registered: ‎12-09-2014
#6 of 19 37,061

Re: Please Help

Brian - 

 

Before I received your reply, I restarted my computer and checked Keychain access again.  This time it shows up but similar to Scott, I don't think it shows as the same thing anymore.  It's listed under "Keychains" as CACNG-5f14a888485............(and so on).  

 

When I tried to log onto AKO (https://login.us.army.mil) I can select my CAC, input my Keychain password (which I assume is my CAC PIN), and I then receive a gray screen that says: "Safari can't open the page ... because Safari can't establish a secure connection to the server 'certificate.us.army.mil."  

 

Is the solution to still to do the cleanup and reinstall again?

 

Thanks.

Jill

Posts: 532
Kudos: 171
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#7 of 19 37,057

Re: Please Help

Hi Jill,

If you're using an older version of Express for Smart Card, then it's possible you may have run into the Dual-ID card problem described here:
- http://community.centrify.com/t5/The-Centrify-Apple-Guys/About-Centrify-and-PIV-Certificate-Problem/...


If you're using the latest version of Express though, then almost definitely the Mac is using the wrong tokend for your card. In which case the solution is to do the cleanup and reinstall.

Hope that helps!
Brian
Participant I
Posts: 1
Registered: ‎12-31-2014
#8 of 19 36,168

Re: Please Help

[ Edited ]

Hi Brian,

 

I have spent hours trying to get my CAC reader to work on my MacBook. I have an Oberthur v5.5 Dual. I am using the SCR-3500. I did all of your steps including cleanup and reinstall. I used MilitaryCac's resources to make sure I had no conflicting programs causing issues. It was previously showing my CAC Card in the keychain access, but now, it's not even showing up. It lights up for about 3 seconds, then it turns off. Do you have any solutions? I've read almost every forum and I can't figure it out. Thank you for your assistance!

 

Melissa

 

****NEVERMIND! I was able to get it to work after restarting my  computer (duh!) Thanks!

Posts: 532
Kudos: 171
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#9 of 19 36,131

Re: Please Help

Hi Melissa,

Thanks for the update and great to hear you got it working again!

Happy New Year!
Brian

Participant I
Posts: 1
Registered: ‎02-08-2015
#10 of 19 34,460

Re: Please Help

I need assistance I'm trying to uninstall the Centrify on my IMac. After upgrading to 10.10 I'm unable to use my Smart card.. I follow your instruction how to uninstall. Okay the command where do i type this in the Terminal command line



sudo rm -rf /var/db/TokenCache/tokens/*