[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/Documentation/Etch/HowTo/NetworkClients" by SerhiiHorichenko

Debian Wiki wiki at debian.org
Wed Oct 5 13:23:05 BST 2022 

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.

The "DebianEdu/Documentation/Etch/HowTo/NetworkClients" page has been changed by SerhiiHorichenko:
https://wiki.debian.org/DebianEdu/Documentation/Etch/HowTo/NetworkClients?action=diff&rev1=19&rev2=20

Comment:
Adding pGina as a 3rd party service to authorize Windows machine with Debian Edu credentials

  logon path = ""
  logon home = ""
  }}}
+ ==  Authorize Windows machine with Debian Edu credentials using pGina LDAP plugin ==
+ === Adding pGina user in Debian Edu ===
+ To have an ability to use pGina (or any else 3rd party auth-service-application) you should have a special user account used in search inside of LDAP.
+ 
+ Add a special user '''pguser''':''pwd.777'' on https://www/gosa website.
+ 
+ === Install pGina fork ===
+ 
+ Download and install pGina 3.9.9.12 as usual software.
+ Take an attention that LDAP plugin persists in pGina plugin folder:
+ {{{
+ c:\Program Files\pGina.fork\Plugins\pGina.Plugin.Ldap.dll
+ }}}
+ 
+ === Configure pGina ===
+ 
+ Considering to Debian Edu settings we must connect to LDAP with SSL by port 636.
+ 
+ So necessary settings in a pGina LDAP plugin are below ''(stored in HKEY_LOCAL_MACHINE\SOFTWARE\pGina3.fork\Plugins\0f52390b-c781-43ae-bd62-553c77fa4cf7)''.
+ 
+ ==== Main section ====
+   * LDAP Host(s): '''10.0.2.2''' [10.0.3.3] ''//or any else with "space" as a separator''
+   * LDAP Port: '''636''' // for SSL connections
+   * Timeout: 10
+   * Use SSL: '''YES''' ''(v mark)''
+   * Start TLS: '''NO''' ''(empty)''
+   * Validate Server Certificate: '''NO''' ''(empty)''
+   * Search DN: '''uid=pguser,ou=people,ou=Students,dc=skole,dc=skolelinux,dc=no''' ''//"pguser" is a user to authenticate in LDAP to search Users in a login session''
+   * Search Passwords: pwd.777 // here is a password of "pguser"
+ 
+ ==== Authentication block ====
+ Bind Tab:
+   * Allow Empty Passwords: '''NO'''
+   * Search for DN: '''YES''' (v mark)
+   * Search Filter: '''(&(uid=%u)(objectClass=person))'''
+         
+ ==== Authorization block ====
+   * Default: '''Allow'''
+   * Deny when LDAP authentication fails: '''YES''' ''(v mark)''
+   * Allow when server is unreachable: '''NO''' ''(empty) //optionally''
+  
+ ==== Plugin Selection ====
+   * LDAP: Authentication [v], Authorization [v], Gateway[v], Change Password [_]
+   * Local Machine: Authentication [v], Gateway [v] ''// two marks only''
+  
+ ==== Plugin Order ====
+   * Authentication: LDAP, Local Machine
+   * Gateway: LDAP, Local Machine
+ 
+ 
+ Sources:
+ 
+  * https://wiki.debian.org/DebianEdu/Documentation/Stretch/GettingStarted#User_Management_with_GOsa.2BALI-
+  * http://mutonufoai.github.io/pgina/download.html
+  * http://mutonufoai.github.io/pgina/documentation/plugins/ldap.html
+  * https://serverfault.com/questions/516072/how-to-configure-pgina-ldap-plugin
+ 
+ 
  == Remote Desktops with RDP, VNC, NX or Citrix ==
  Some municipalities provide a remote desktop solution so that students and teachers can access Skolelinux from their home computer running Windows, Mac or Linux.

More information about the debian-edu-commits mailing list