Mac Client: Download the Mac client msi file to a Windows system; Run the msi and it will create a dmg file under the default location “C: Program Files Microsoft System Center Configuration Manager for Mac client ” on the Windows system; Copy the dmg file to a network share or a folder on a Mac computer. Select the branch of the military you are affiliated with to find specific download locations and installation instructions. If you are not part of a particular branch of the military, look at these other options for you. Windows 10 users click here for information on how to use your CAC on your computer. Download and install the OS X Smartcard Services package The OS X Smartcard Services Package allows a Mac to read and communicate with a smart card. In order for your machine to recognize your CAC certificates and DoD websites as trusted, the installer will load the DoD CA certificates on OS X.
When it comes to installing your new CAC reader onto your home computer, there’s a doubt that installing on Mac is much more complicated. Often, you’ll need to install a CAC Enabler just for your Mac to recognize the hardware. But don’t worry in this handy guide, we’ll walk you through how to install a CAC enabler for Mac and which one to choose.
Here’s the thing…. Mac has many different OS’s which means that there are many different CAC enablers. And some will work for particularly OS’s only.
MUST READ IMPORTANT INFO BEFORE YOU BEGIN
Before you get started downloading and installing your CAC Enabler, there is some information that you need to be aware of:
- Only download and install ONE CAC Enabler. Multiple CAC Enablers can cause your CAC Card reader not to work. If you currently have an incorrect CAC enabler installed, you need to uninstall and remove it before getting the correct one. This includes built-in Smart Card Readers for the newer OS’s.
- Some of these CAC Enablers will ask for a Keychain Password. You should already have this information. It’s your CAC PIN. But before you enter this information, make sure you’ve already selected your CAC Certificate. And you need to use your full CAC pin. Failure to do so can actually lead to you getting locked out of your CAC Card. If this happens, you’ll have to go to your nearest ID Card Office or PSD to get it unblocked.
- After successfully installing your CAC Enabler, you need to restart your computer before trying to access any CAC protected site. This ensures that your computer has properly recognized and installed the CAC Enabler.
- Just because you’ve properly installed and set up your enabler, that doesn’t mean that it will work with all browsers–particularly Firefox. As popular of a browser it is, Firefox is notorious for not allowing CAC-protected sites to be accessed. This is why I recommend using Google Chrome. It has the least obstructions for you when it comes to using your CAC Reader.
What CAC Enabler Do You Need For Your OS?
In order to make sure that you download the right OS, be sure to use our handy Table of Contents to jump to the proper section.
And with that, let’s get your Mac system CAC Card ready!
If you’ve purchased a Mac with the Catalina OS installed, STOP RIGHT HERE.
Catalina comes pre-equipped with a built-in CAC Enabler. This means you do not need to install a third-party program. If you do, it may interfere with your built-in enabler and cause your CAC to not be recognized. Just be sure that you have the proper DOD certificates installed.
But what if you purchased your Mac and then upgraded to the new system?
If you haven’t installed any third-party enablers, the built-in function should automatically start working. But if you have previously installed any third-party CAC enablers, you’re going to have to uninstall and completely remove those first.
Similar to the Catalina OS, Mojave also has a built-in Smart Card Reader. This means that a third-party CAC enabler program may not be necessary. So before downloading any other enabler, test out the built-in first–just make sure you have the proper DOD certificates needed.
If your Mojave’s built-in reader is not working, then you can proceed to pick up another CAC enabler. There are 4 verified readers that work for Mojave that we know of.
Each of these should work for any type of CAC Card.
High Sierra (10.13.x)
High Sierra is another Mac OS with a built-in Smart Card reader. However, unlike Mojave or Catalina, you cannot access CAC-protected sites through Safari. They are not supported through Safari in this OS.
You need to use Google Chrome for optimal results. If you are adamantly opposed to using Chrome, I’d recommend to go ahead and update your Mac OS to Mojave or Catalina (if supported). Afterwards, you should find you don’t need a CAC enabler as long as you have the proper certificates.
However, if things aren’t working out the way they should, you do have some options for third party CAC enablers.
These have been verified to work with High Sierra and with every CAC Card type we’ve come across.
Sierra is the last of the Mac OS’s that has a built-in Smart Card Reader. However, you need to be aware that this reader will not function with the Safari browser even with the proper certificates.
You’ll need to utilize Google Chrome along with the proper DOD (or other) certificates.
There have been reports of the Sierra built-in CAC reader failing to operate properly. And in that case, you’re going to need to download one of these verified CAC enablers:
These CAC Enablers work with every type of CAC Card.
One thing to note is that if you decide to utilize PKard with Sierra, you need to make sure that you’re using PKard version 1.7 or higher.
El Capitan (10.11.x)
Unlike its newer OS counterparts, El Capitan does not come with a built-in smart card reader. You will be required to download and install a third-party program. Thankfully, there are 5 different CAC Enablers you can use.
One thing to note is that Smart Card Services will not work with all types of CAC Cards. If your CAC Card is designated as Oberthur ID One 128 v5.5a D, Smart Card Services cannot read it. You can find this information on the back of your CAC card itself near the magnetic strip.
This can be solved one of two ways. Either opt for a different enabler or get a new CAC Card.
Yosemite requires a third-party enabler to be installed in order for your CAC Card to be recognized. There are 5 different verified options for Yosemite users:
Although a verified option, we recommend against using Smart Card Services. The reason for this is that Smart Card Services doesn’t accept all types of CAC Cards–particularly those labeled Oberthur ID One 128 v5.5a D.
Mavericks is another Mac OS without a built-in Smart Card Reader. This means that you’re going to need to download a CAC Card Enabler. We’ve found five different platforms that work with this OS.
However, we suggest steering clear of Smart Card Services if you’re carrying the Oberthur ID One 128 v5.5a D CAC Card. This enabler does not recognize this particular type of CAC Card.
Mountain Lion (10.8.x)
Since Mountain Lion OS has no built-in Smart Card Reader, you’ll have to avail of a third-party CAC Card Enabler. There are 5 different options to choose from for this platform.
However, if you’re using the CAC Card type, Oberthur ID One 128 v5.5a D, steer clear of Smart Card Services. They don’t recognize this type of card.
Lion is one of Mac’s older operating systems. But that doesn’t mean you’re completely out of luck if need to use a CAC card on it. There are 4 different options you have.
It’s worth mentioning that if you are planning on using Smart Cards Services, ensure you don’t have an Oberthur ID One 128 v5.5a D CAC Card. The program doesn’t work with the typing.
Snow Leopard (10.6.x)
The first recommendation I have for Snow Leopard users is to upgrade their system as soon as possible. But if due to constraints you are unable to, there are still a few paths you can take when it comes to ensuring your CAC Card can be read.
Just don’t opt for Smart Card Services if you’re using an Oberthur ID One 128 v5.5a D CAC Card.
If you’re still using Leopard, our first recommendation is to upgrade your OS immediately. However if you’re unable to, there’s still hope for using a CAC Card on your computer.
Your available options for CAC Card Enabler are:
However, TENS will only work if your computer has an Intel processor. It won’t work if you’re using a PPC.
Again, the first recommendation for Leopard is not downloading a new CAC enabler but updating your system.
Our Top CAC Enabler Picks for All Operating Systems
When it comes to which enablers we like best, it boils down to two.
PKard and ActivClient for Mac.
Download Cac Reader For Mac
Either one of these is compatible with just about every OS on this list–with the exception of Catalina (Be sure to use their built-in enabler.)
Plus they have vendor support. And that can be quite handy if you’re having issues with your CAC enabler. However, they don’t come free. ActivClient for Mac rings in at around $50 while PKard is available for around $40.
This section covers the installation of the PaperCutUser ClientThe User Client tool is an add-on that resides on a user's desktop. It allows users to view their current account balance via a popup window, provides users with the opportunity to confirm what they are about to print, allows users to select shared accounts via a popup, if administrators have granted access to this feature, and displays system messages, such as the 'low credit' warning message or print policy popups. on Apple Mac systems. Before installing the client software, review Mac printing in detail and first ensure printing is working as expected.
The PaperCut Mac User Client software is a supplied as a native Mac .app package. The User Client is delivered in two flavors:
The current client, which supports Mac OS X 10.7 (Mountain Lion) and above.
The legacy client, which supports Mac OS X versions from 10.4 to 10.6. It is a universal application that runs on both PowerPC and Intel hardware. The legacy client will not receive future feature enhancements.
Apple has switched to a yearly release cycle for Mac OS X, which means it is difficult to keep this documentation up to date. For the most recent and up-to-date information on current best practices, see the Knowledge Base.
For Mac OS X 10.7 and later
For Macs running 10.7, 10.8, 10.9, 10.10, 10.11, and later, the best way to establish set launch behavior patterns for the PCClient.app is to use LaunchAgents managed by LaunchD. For more information, see http://www.papercut.com/kb/Main/MacClientStartupWithLaunchd.
Cac Reader Middleware For Mac
For legacy Mac OS X (10.6 and earlier) solutions:
For Macintosh computers running versions of Mac OS older than 10.7, the following three common installation methods cover most situations. The instructions for the 'single user install' follow the standard Mac application installation process and can be conducted by any Mac end user. The other installation methods are more technically focused and aimed at Mac network administrators.
Special Notes for Mac OS X 10.6 and earlierNOTE'>NOTE
The current version of the PaperCut client does not work on Mac OS X 10.6 and earlier. For these systems the legacy client must be used. If the client fails to start, ensure you are using the correct client for your system.
The legacy client is found in [app-path]/client/legacy. Use this path to locate the client when referenced in the following sections.
The legacy client software works best if Java 5 (or higher) is installed. Java 5 is available for OS X 10.4 or above. If Java is not already installed, the installer is available from the Apple website. This simplest way to install Java is to run /Applications/Utilities/Java Preferences from OS X Finder, and you are prompted to complete the installation.
Single user install
This method is suitable for a Mac computer used by a single user. For example, a personal Mac desktop or laptop. The installation process involves clicking the client-local-install program. This copies the PCClient application into the over to the system's Applications folder and starts the client in the 'confirm network identity' mode. The simplest way to run the install process is to connect to a Windows server's pcclient share over the network, however, alternate methods such as copying the folder contents via a USB key or drive are also possible.
To install the Mac User Client from a server's share:
Start and Log in to the Mac computer. Ensure it's connected to the network.
Open the Finder.
In the Go menu, select Connect to Server.
Enter the pcclient share's connection details, such as: smb://server_name/pcclient.
Enter password information if requested.
Double-click the client-local-install file. This executes a small AppleScript program that starts the install/copy process. (If installing on a legacy system (OS X 10.6 or earlier), you must install the legacy client located in the legacy folder.)
Test the application by double-clicking the PCClient application icon in the system's local Applications folder.
If the user needs the User Client for printing (for example, to use the shared accountA shared account is an account that is shared by multiple users. For example, in business, shared accounts can be used to track printing costs by business unit, project, or client. Organizations like legal firms, engineering firms, or accounting offices often have long lists of accounts, projects, clients, or matters. In a school or university, shared accounts can be used to track printing by departments, classes, or subjects. popup), configure the application to automatically open upon start up:
Open System Preference from the Apple menu.
Select your login account.
Click the Login Items tab.
Click + then browse and select the PCClient application.
Test by restarting the computer. The client should start automatically after the reboot and log in procedure is complete.
On a multi-user Mac system, setting up a Login Item for each user would be a tedious task. To streamline this process, you can configure the PCClient application to start on login via the login hook. A login hook is an advanced Mac feature that works by running a script when a user logs in. The PCClient package includes a command script resource that installs the login hook.
To install the User Client on a multi-user system:
Start and log in to the Mac computer.
Ensure the Mac computer is connected to the network.
Open the Finder.
From the Go menu, select Connect to Server
Enter the pcclient share's connection details, for example, smb://server_name/pcclient
Enter password information if requested.
Drag the PCClient (or legacy/PCClient on OS X 10.6 or lower) package to the local hard disk's Applications folder. The copy process begins.
In the Applications directory, Control+click the newly copied PCClient application.
Select Open Package Contents.
Navigate to Contents/Resources/.
Double-click the install-login-hook.command script.
Restart the system and verify the client starts on login.
If you're already using a login hook for other script tasks, the setup process is different. Instead in step 10, double-click the set-permissions.command file. Then insert the following line at the end of your current login script (all on one line):
The set-permissions.command script ensures the software is set up with the correct permissions, making it accessible to all users.
You can remove the login hook, once installed, with the terminal command:
sudo defaults delete com.apple.loginwindow LoginHook
This deployment method is for advanced Mac network administrators and is suitable for medium to large Mac networks. Knowledge of the Mac's Unix underpinning and scripting is required.
A more flexible option over locally installing the PCClient package on each Mac system, is to directly launch the client from the pcclient share. The advantage of this deployment method is that any updates applied on the server (and updates to the client directory) are automatically propagated to all workstations.
The process of setting up zero-install deployment varies from network to network depending on the directory environment in use and administrator preferences. The process can, however, be summarized as:
Configure the Macs to mount the pcclient share as a volume on login or start-up.
Configure a login hook to start the client off the share. The install-login-hook.command resource script explained in the multi-user install above might help.
The typical way to mount the share is to use mount_smbfs in a boot script. See the Apple documentation on mount_smbfs at: http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/mount_smbfs.8.html
Further information on Mac printing is available at Mac printing in detail.