[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/Documentation/Etch/HowTo/NetworkClients" by SerhiiHorichenko
Debian Wiki
wiki at debian.org
Wed Oct 5 13:23:05 BST 2022
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.
The "DebianEdu/Documentation/Etch/HowTo/NetworkClients" page has been changed by SerhiiHorichenko:
https://wiki.debian.org/DebianEdu/Documentation/Etch/HowTo/NetworkClients?action=diff&rev1=19&rev2=20
Comment:
Adding pGina as a 3rd party service to authorize Windows machine with Debian Edu credentials
logon path = ""
logon home = ""
}}}
+ == Authorize Windows machine with Debian Edu credentials using pGina LDAP plugin ==
+ === Adding pGina user in Debian Edu ===
+ To have an ability to use pGina (or any else 3rd party auth-service-application) you should have a special user account used in search inside of LDAP.
+
+ Add a special user '''pguser''':''pwd.777'' on https://www/gosa website.
+
+ === Install pGina fork ===
+
+ Download and install pGina 3.9.9.12 as usual software.
+ Take an attention that LDAP plugin persists in pGina plugin folder:
+ {{{
+ c:\Program Files\pGina.fork\Plugins\pGina.Plugin.Ldap.dll
+ }}}
+
+ === Configure pGina ===
+
+ Considering to Debian Edu settings we must connect to LDAP with SSL by port 636.
+
+ So necessary settings in a pGina LDAP plugin are below ''(stored in HKEY_LOCAL_MACHINE\SOFTWARE\pGina3.fork\Plugins\0f52390b-c781-43ae-bd62-553c77fa4cf7)''.
+
+ ==== Main section ====
+ * LDAP Host(s): '''10.0.2.2''' [10.0.3.3] ''//or any else with "space" as a separator''
+ * LDAP Port: '''636''' // for SSL connections
+ * Timeout: 10
+ * Use SSL: '''YES''' ''(v mark)''
+ * Start TLS: '''NO''' ''(empty)''
+ * Validate Server Certificate: '''NO''' ''(empty)''
+ * Search DN: '''uid=pguser,ou=people,ou=Students,dc=skole,dc=skolelinux,dc=no''' ''//"pguser" is a user to authenticate in LDAP to search Users in a login session''
+ * Search Passwords: pwd.777 // here is a password of "pguser"
+
+ ==== Authentication block ====
+ Bind Tab:
+ * Allow Empty Passwords: '''NO'''
+ * Search for DN: '''YES''' (v mark)
+ * Search Filter: '''(&(uid=%u)(objectClass=person))'''
+
+ ==== Authorization block ====
+ * Default: '''Allow'''
+ * Deny when LDAP authentication fails: '''YES''' ''(v mark)''
+ * Allow when server is unreachable: '''NO''' ''(empty) //optionally''
+
+ ==== Plugin Selection ====
+ * LDAP: Authentication [v], Authorization [v], Gateway[v], Change Password [_]
+ * Local Machine: Authentication [v], Gateway [v] ''// two marks only''
+
+ ==== Plugin Order ====
+ * Authentication: LDAP, Local Machine
+ * Gateway: LDAP, Local Machine
+
+
+ Sources:
+
+ * https://wiki.debian.org/DebianEdu/Documentation/Stretch/GettingStarted#User_Management_with_GOsa.2BALI-
+ * http://mutonufoai.github.io/pgina/download.html
+ * http://mutonufoai.github.io/pgina/documentation/plugins/ldap.html
+ * https://serverfault.com/questions/516072/how-to-configure-pgina-ldap-plugin
+
+
== Remote Desktops with RDP, VNC, NX or Citrix ==
Some municipalities provide a remote desktop solution so that students and teachers can access Skolelinux from their home computer running Windows, Mac or Linux.
More information about the debian-edu-commits
mailing list