Re: HOWTO: Fingerprint reading in Ubuntu with fprint
Well I have Lenovo 3000 N100 notebook with AuthenTec AES2501 fingerpint reader (08ff:2580). I'm using Debian Squeeze amd64, but hope that it's similar to Ubuntu.
The problem is that fprint_demo and pam_fprint_enroll doesn't read my fingerprint. They just stop on finger scanning dialog. Sensor is working - aes2501 demo program shows me my fingerprint. Any ideas what is the problem?
Re: Toshiba Portégé & Authentec AES2501
Quote:
Originally Posted by
BryanFRitt
Try `lsusb` and look at the device code section for your fingerprint reader, ...
Thanks Bryan, I'll do that later (I'm not quite ready to try even a LiveCD on this laptop yet, since I don't want anything to get messed up).
I'm a bit concerned by the problems you are having, since I rely a lot on my fingerprint reader with Windows for security AND convenience, including booting up, logging on and managing sensitive website accounts. If it's going to be as quirky as what is happening to you, then I won't be keeping it for long, and there would be no point in me installing Ubuntu at all on this particular machine.
Re: Toshiba Portégé & Authentec AES2501
Quote:
Originally Posted by
Kixtosh
Thanks Bryan, I'll do that later (I'm not quite ready to try even a LiveCD on this laptop yet, since I don't want anything to get messed up).
I'm a bit concerned by the problems you are having, since I rely a lot on my fingerprint reader with Windows for security AND convenience, including booting up, logging on and managing sensitive website accounts. If it's going to be as quirky as what is happening to you, then I won't be keeping it for long, and there would be no point in me installing Ubuntu at all on this particular machine.
It's that weird, I suspect a lot of the problem I had, had to do with the /etc/pam.d/common-auth, and maybe other files in /etc/pam.d/*.
At least it didn't cause any problems with my 'pre-boot' fingerprint reader. I don't think this software has any effect on that. In fact, I think that part still has to be set up from Windows.(but I could be wrong)
After seeing your post I decided to try out the fingerprint reader in my Windows Vista partition. I hardly ever use it. I think it wasn't working before I started messing with this Linux fingerprint reader software.(aka this Linux software had no effect) The fingerprint reader in Windows didn't work, and I couldn't get it working. I remember a long time ago trying to get it working in Windows, and I actually gave up on it, and one day, I randomly decided I try again, and with not much effort it started working, and I set up the fingerprints for the BIOS etc... This time I tried doing Windows 'program' repair feature, and it didn't work. This seams to be the same problem I had when I first tried to install the Windows version finger print reader. I'm not going to try to get it fixed anymore. I don't use Windows that much anymore, and if I do I use 'Wine' or 'VirtualBox' (maybe even DosBox, or DosEMU). In summary the 'pre-boot' fingerprint reader can still work, if it's set up, even if Linux/Windows use of the finger print reader is messed up.
p.s. Running 'Live CD' won't mess anything up, unless you decide to install, or mess with the partitions on the harddrive(s), etc...
p.s.2. I decided to uninstall my Linux's fingerprint reader software. Since I still have use of my BIOS's 'pre-boot' fingerprint reader, I set up my computer to ask for a fingerprint everytime the computer gets shutdown, rebooted, suspended, hibernated, etc... This way someone has to cheat my fingerprint reader, and know my OS password, to use my computer setup in those cases, and the OS won't be so awkward with passwords, and fingerprints.
Re: Toshiba Portégé & Authentec AES2501
Quote:
Originally Posted by
BryanFRitt
... At least it didn't cause any problems with my 'pre-boot' fingerprint reader. I don't think this software has any effect on that. In fact, I think that part still has to be set up from Windows.(but I could be wrong) ...
Bryan, I just use the BIOS enabled password for that (when I travel) ... which protects only the laptop itself, I suppose, in case of theft, since you could still remove the hard drive and access any unprotected data. I've always assumed the BIOS pre-boot password is difficult to reset when activated ... hopefully impossible without proof of purchase! In any case, it doesn't need any O.S. at all to be activated.
Quote:
After seeing your post I decided to try out the fingerprint reader in my Windows Vista partition. ...
Bryan, I'm really only stuck with Windows because of TomTom and Garmin at the moment (and the fingerprint reader, if it turns out it doesn't work properly), but if I can get this to work, I'll use them on a different dual boot machine.
Just for your information: my newer Portégé uses WinXP, but Windows doesn't manage my fingerprint reader at all (I'm not sure that XP ever could do this). I currently use software within XP from Softex Inc. called OmniPass.
http://www.softexinc.com/category.as...y=secsolutions
Quote:
... p.s. Running 'Live CD' won't mess anything up, unless you decide to install, or mess with the partitions on the harddrive(s), etc...
I know that this is the theory, but on my older Portégé, I first tried Knoppix in 2004. When I first set it up, it would show the CPU correctly as 700MHz, but after a second or third try from LiveCD, it suddenly started to show it as 500MHz, and it's been stuck there ever since, regardless of O.S.
I don't know if there could have been a problem with Knoppix not controlling the fan correctly and causing the CPU to malfunction as a consequence or something, but I don't want to risk it again until I have bought a new replacement.
Re: HOWTO: Fingerprint reading in Ubuntu with fprint
The tutorial is great. but i'm having the problem where it still asks for a password even if it successfully authenticates with the fingerprint. I'm sure it has something to do with the pam but i can't figure it out. Any help?
Code:
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
auth sufficient pam_fprint.so
# here are the per-package modules (the "Primary" block)
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_lsass.so try_first_pass
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
Working (sort of) with Toshiba Portégé R200 series
I finally got Ubuntu 10.04, Lucid Lynx installed on my R205-S209 as mentioned earlier. The instructions in the first post in this thread worked perfectly (thank you!). I have not implemented usage for logging in, however, since it seems to take too many tries to verify the print after enrolling as described in step 2. I used the GUI method, where a specific tab allows you to verify your prints and see if they match up to the initial scan. In Windows, using Softex OmniPass software, a scan is usually recognized on the first attempt for logging in.
OmniPass also allows you to use the reader to remember user ID's and passwords for browsing, such as the ones used for this forum. I have not seen where Ubuntu and fprint-demo would allow one to do this. Perhaps it's not really needed, since Ubuntu is more secure by reputation in the first place, and a browser such as Firefox will encrypt remembered profiles information (unlike Chromium, which does not encrypt the information, apparently). In this way, the fingerprint reader could function simply to enable ease of access when starting up, or returning from standby, and everything else to do with internet logon information could be saved by Firefox instead.
I'm going to practice some more swiping later, and post back.
The model used in this laptop is the AuthenTec AES2501, by the way.
A new application entry, "fprint-demo", is now present in the "Accessories" section of the main "Applications" menu in Ubuntu (accessible with ALT+F1, for new users such as myself).
Re: HOWTO: Fingerprint reading in Ubuntu with fprint
Quote:
Originally Posted by
dinomight
The tutorial is great. but i'm having the problem where it still asks for a password even if it successfully authenticates with the fingerprint. I'm sure it has something to do with the pam but i can't figure it out. Any help? ...
There have been a few posts about similar problems in this thread (and yes, I've read the whole thing at least twice!). Did you notice this earlier post? http://ubuntuforums.org/showpost.php...8&postcount=50. Here's an excerpt:
Quote:
When there is auth required, my computer asks me always to enroll my finger AND to insert a password. When I change it to auth requisite, it only asks me my password if the fingerprint authentication failes.
You seem to have both the "requisite" and "required" lines. Could this be your issue? Maybe you can see if the author's solution can work for you too. He also posted
Code:
auth requisite pam_unix.so nullok_secure
where you have
Code:
auth requisite pam_deny.so
If I ever get that far, I'll post my working configuration later.
Re: Toshiba Portégé & Authentec AES2501
Quote:
Originally Posted by
BryanFRitt
Try `
lsusb` and look at the device code section for your fingerprint reader, and compare those numbers to the 'USB Vendor ID' and 'USB Product ID' columns on
http://reactivated.net/fprint/wiki/Supported_devices to see if your device is 'supported'. My
guess is that as long as those values match, you're 'supported'.
I think Bryan was bang on target here: now that I have Ubuntu installed on my newer Portégé, and was able to type "lsusb" in Terminal, the AuthenTec AES2501 is listed as 08ff:2580, which is an identical value for this reader for every device in the list of supported hardware/laptops. The laptop brand doesn't actually matter, as explained in the document that Bryan pointed to earlier with this link.
https://launchpad.net/~fingerprint/+archive/fprint
Re: HOWTO: Fingerprint reading in Ubuntu with fprint
for the people having trouble getting this guide to work with only only fingerprint or only password (not BOTH) please read this page the packages on it got it working for me :) :
https://launchpad.net/~fingerprint/+...ilter=maverick
it also explains why pam has to ask for fingerprint first, and then a password if that fails
5 Attachment(s)
Scanning Remarks - Suggested "How To"
Well, I'm still in the test phase of using this, so I have not enabled it at all so far (I don't use it to log in, or for anything else at present).
Scanning can be very tricky, much more quirky than when using OmniPass with Windows XP, but here is how I seem to have found a working method:
- Your fingerprint is read by a swipe over the reading device (you do NOT just place your finger on it and wait for a reading to happen).
- The angle and method of approach seems crucial to accurate reads, far more so that I am used to with Windows XP and OmniPass.
- Start with your knuckle hovering over the device, but not on it, nor with your finger too close to the reader (I mean the big knuckle joint nearest to your hand, not the little one nearest the finger nail).
- Swipe your finger toward you, but not too quickly, and let whole length of the tip slide across the surface of the reader and right off the reader completely. The whole read, for knuckle to tip, should take about two seconds.
- The best angle seems to be about 10° or so. If the angle is too steep, such as 45°, you will get a good reading, but you will probably not be able to verify it afterwards, not even with ten or more tries, so it's basically useless to you! If the angle is too shallow, such as 5° or less, your finger may be too close and may sometimes prompt an error message before you even finish your swipe movement.
- With a little practice, first enrolling your finger, then verifying the scan, you should get a verified read that matches at least 90% of the time.
Note: From what I have read (somewhere from a trusted source, but I can't hunt down the reference just now), there is no point in using more than one finger, since for the moment, only the first finger enrolled will be used for authentication.
Edit: adding some images of the process!