I'm trying to figure out how to get smartcard-authentication working in RHEL 8.3 when
the computer is joined to an active directory domain. So far I've managed to configure
local authentication using a smart card by mapping a specific local account to a upn in
the SAN in the certificate. For obvious reasons not easy to use with a domain account.
Anyone with experience on the matter?
I've followed the official RHEL guide, but the certificate on the smart card is
currently not stored in the userCertificate attribute in active directory, so I really
need some way to map the active directory account to the upn specified in the Subject
alternate name in the certificate.
The customer is currently doing that in Windows. As long as the certificate is verified
against their CA and the user name matches what's in the SAN, the user is logged on.
How can I do this on a RHEL 8.3 workstation?
I tried following the official guide at Redhat, adding the user certificate to the
userCertificate attribute in Active directory, but it doesn't seem to work. As soon as
i use authselect to enable smartcard logon I end up with a pin prompt without entering a
user name and entering the correct pin for the card doesn't work.