Skip to main content

How to Setup CAC/PIV Cards on Ubuntu Linux 20.04LTS

NOTE: Verified to work with PIV/CAC Cards

NOTE: Do not use a Regular USB if you are traveling. Only use a Military Grade FIPS 140-2, Level 3 Certified Device. Do Not use that Fingerprint reader garbage. What if your finger got chopped off? Use a Pin you can easily remember because if you forget it, your VM and data on the USB will be toast and not recoverable. 

NOTE: This tutorial is for a bare-metal Ubuntu Linux 20.04 LTS laptop, not a virtual machine. Make sure you encrypt your laptop during OS installation. Do NOT be an idiot and use the same encryption password as the OS login.

1. Purchase an ACS Smart Card reader (Manufacturer Code: ACR39U-N1) (PS/SC Drivers are located under the "Downloads" tab)

2. Official Ubuntu Wiki Docs:

3. Install the PCSC Drivers and tools to make sure the card is working:

sudo apt-get install updates -y && sudo apt-get upgrade -y

sudo apt install pcsc-tools libness3-tools

sudo systemctl enable pcscd


modutil -dbdir sql:.pki/nssdb/ -list

Note: Make sure the PIV/CAC is inserted and the USB is inserted. Now when you run the pcsc_scan in Terminal you should see results. If you don't see results, it's not working. Run the modutil command to see the listing of the PKCS #11 Module

4. P2V your Laptop using VMware Converter: (Note: If you don't know how to use VMware Converter, you likely have no business doing this so don't) If VMware converter fails with a minor error and your at 98% don't worry about it. The VM is good to go.

5. After you have P2V'd your laptop, save the files to a large USB 3.0 (don't use 2.0 USB's, they're too damn slow). 128GB and up. 

6. Install VMware Player or VMware Workstation for Linux (VMware Player is Free for non-commercial but VMware Workstation is Paid and you can use it the 1st 30 days for free):

7. Make sure you enable an Ubuntu Firewall and install fail2ban (don't take stupid risks with your cybersecurity and cyber hygiene):

sudo apt-get fail2ban

sudo systemctl enable fail2ban

8. Control your LAN connection with a VPC (Do NOT use Public Wifi unprotected!!). Stay **FAR** away from free VPN's. You have been warned. Unless you have a VPN to your own personal AWS/Azure/GCP VPN server that you protect and maintain, but save the hassle and just pay for one or control your own and lock it DOWN! If you don't know what your doing or your not comfortable with the command line. Pay for the damn VPN.

NOTE: Make sure your solution works natively for Ubuntu Linux 18.04 LTS and Later

9. Import your laptop VM into VMware Player or VMware Workstation (If you have vmmon module errors, fix that first or you will spend hours trying to get the VM to boot). PRO TIP: Create a dummy VM first and make sure the OS boots before you give yourself a brain aneurism trying to figure out why the VM is not booting. Once you make sure the VM is booting, you can import the laptop.

10. Boot your laptop and make sure you join/insert the Shared SmartCard to the VM. Make sure that as it's booting you connect the SC to the VM (It's in the lower right-hand corner with a Red X). Make sure you click connect.

11. Login to the VM and type your Smart Card PIN. Boot and log in.

12. Join your organization's VPN from the Smart Card (this is how Windows will activate your OS). 

13. Load MS Outlook/Teams and any other Org software and make sure it's launching and working.

14. MS Outlook will take a long time to load your mailbox on less than 4GB of RAM and 2CPU's and if your using less than an Intel i7 processor so be patient.

Popular posts from this blog

How to Login to AWS using CLI with AzureSSO through Azure Active Directory

Testing on Windows 10 Release 1909  Prerequisite (Install Visual Studio Code and the AWS CLI if you don't have it already installed and your Azure Active Directory is already configured and processing authentication) 1. Install Node.Js (Use the LTS Edition/Version) 2. Check the node version in PowerShell or Windows Terminal: node --version && npm --version 3. npm install -g aws-azure-login *install will take about 15-20 minutes. Be patient and let it finish.  4. Configure your profile aws-azure-login --configure --profile=<<Name of your profile>> Example:  aws-azure-login --configure --profile=migrationking Pro Tip: It installs the profile on your machine under ~/.aws/config . You can edit the file with Visual Studio Code or Notepad++ #This will prompt to Enter the Azure AD details *** Azure Tenant ID: << Enter the Azure AD Tenant ID from the Azure AD application configuration for the AWS Account to be accessed>> Azure Tenant I

How to Fix /storage/core filesystem Out of Disk Space Error on VCSA 6.0U1

How to fix the error of " The /storage/core filesystem is out of disk space or inodes" Step 1: Login to the new VCSA 6.0U1 HTML5 web client. https://ip address:5480 Step 2: Enable SSH and Bash Shell Step 3: Login as root and type "shell" at Command> shell Step 4: df -h (Check if it's out of space) /dev/mapper/core_vg-core               50G   50G     0 100% /storage/core Step 5: Stop the services of VCSA:  hostname: # service vmware-vpxd stop hostname: # service vmware-vpxd status (make sure it is stopped) Step 6:  cd /storage/core Step 7: rm -rf *.tgz ( be CAREFUL this in the wrong directory and you will be retrieving from a backup .) If you need help. Go to Cybercity ( )  Step 8: service vmware-vpxd restart Step 9: history -c Step 10:  Refresh the browser (https://ip address:5480). Now it's all green VMware KB