[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/Documentation/Bookworm/HowTo/NetworkClients" by WolfgangSchweer

Debian Wiki wiki at debian.org
Wed Oct 19 18:06:28 BST 2022 

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.

The "DebianEdu/Documentation/Bookworm/HowTo/NetworkClients" page has been changed by WolfgangSchweer:
https://wiki.debian.org/DebianEdu/Documentation/Bookworm/HowTo/NetworkClients?action=diff&rev1=6&rev2=7

Comment:
add section about pGina auth, added some time ago to the bullseye manual

   * https://www.intern/freeradius-ca.der (macOS, iOS, iPadOS, Windows)
  Please note that configuring end user devices will be a real challenge due to the variety of devices. For Windows devices an installer script could be created, for Apple devices a mobileconfig file. In both cases the freeRADIUS CA certificate can be integrated, but OS specific tools are needed to create the scripts.   
  
+ ==  Authorize Windows machine with Debian Edu credentials using pGina LDAP plugin ==
+ 
+ === Adding pGina user in Debian Edu ===
+ To have an ability to use pGina (or any else 3rd party auth-service-application) you should have a special user account used in search inside of LDAP.
+ 
+ Add a special user '''pguser''':''pwd.777'' on https://www/gosa website.
+ 
+ === Install pGina fork ===
+ 
+ Download and install pGina 3.9.9.12 as usual software.
+ Take an attention that LDAP plugin persists in pGina plugin folder:
+ {{{
+ c:\Program Files\pGina.fork\Plugins\pGina.Plugin.Ldap.dll
+ }}}
+ 
+ === Configure pGina ===
+ 
+ Considering to Debian Edu settings we must connect to LDAP with SSL by port 636.
+ 
+ So necessary settings in a pGina LDAP plugin are below ''(stored in HKEY_LOCAL_MACHINE\SOFTWARE\pGina3.fork\Plugins\0f52390b-c781-43ae-bd62-553c77fa4cf7)''.
+ 
+ ==== Main section ====
+   * LDAP Host(s): '''10.0.2.2''' [10.0.3.3] ''//or any else with "space" as a separator''
+   * LDAP Port: '''636''' // for SSL connections
+   * Timeout: 10
+   * Use SSL: '''YES''' ''(v mark)''
+   * Start TLS: '''NO''' ''(empty)''
+   * Validate Server Certificate: '''NO''' ''(empty)''
+   * Search DN: '''uid=pguser,ou=people,ou=Students,dc=skole,dc=skolelinux,dc=no''' ''//"pguser" is a user to authenticate in LDAP to search Users in a login session''
+   * Search Passwords: pwd.777 // here is a password of "pguser"
+ 
+ ==== Authentication block ====
+ Bind Tab:
+   * Allow Empty Passwords: '''NO'''
+   * Search for DN: '''YES''' (v mark)
+   * Search Filter: '''(&(uid=%u)(objectClass=person))'''
+         
+ ==== Authorization block ====
+   * Default: '''Allow'''
+   * Deny when LDAP authentication fails: '''YES''' ''(v mark)''
+   * Allow when server is unreachable: '''NO''' ''(empty) //optionally''
+  
+ ==== Plugin Selection ====
+   * LDAP: Authentication [v], Authorization [v], Gateway[v], Change Password [_]
+   * Local Machine: Authentication [v], Gateway [v] ''// two marks only''
+  
+ ==== Plugin Order ====
+   * Authentication: LDAP, Local Machine
+   * Gateway: LDAP, Local Machine
+ 
+ Sources:
+ 
+  * [[DebianEdu/Documentation/Bullseye/GettingStarted#User_Management_with_GOsa.2BALI-| User Management with GOsa²]]
+  * http://mutonufoai.github.io/pgina/download.html
+  * http://mutonufoai.github.io/pgina/documentation/plugins/ldap.html
+  * https://serverfault.com/questions/516072/how-to-configure-pgina-ldap-plugin
+ 
  CategoryPermalink

More information about the debian-edu-commits mailing list