| fsu torches | | florida state university |
  FSUID Home > Project Documentation > Project History > 02/14/2006 | Home | Search | Help | Contact || Home || Search || Help || Contact |


References

LDAP/eDir Documents
LDAP
Windows AD LDAP Schema

 
   
  
FSUID authentication on your Windows Desktop using pGina
February 14, 2006
 

FSUID authentication on your Windows Desktop using pGina.

Download the latest pGina:
      http://pgina.xpasystems.com/?page_id=21
      pGina 1.8.4 Installation Utility (EXE)

Download the LDAP Auth Plugin Installer
      http://pgina.xpasystems.com/?page_id=6
      Plugin Installer

Download the SSL certificate for the FSUID server of your choice (mdsoti.fsu.edu) in this example - http://fsuid.fsu.edu/admin/certs/

Install the certificate you just downloaded to your desktop following these steps.
      As a workstation administrator, double click on the certificate file.
      Select Next, but stay focused.
      DO NOT select Automatically select the certificate store; select “Place all certificates in the following store”
      Click on Browse.
      Check the “Show physical stores” checkbox.
      Expand “Trusted Root Certification Authorities” and then highlight “Local Computer”.
      Then click Next.

Install pGina and the LDAP Auth Plugin and allow the default options.

Run the pGina Configuration tool.

Select the Plugin Tab and click browse to select the LDAP plugin.  The Plugin Path box should read something like: C:\pGina\plugins\ldapauth\ldapauth_plus.dll

Click configure on the same tab and a new window should appear titled LDAPAuth
Select the LDAP Configuration Tab

Under Server Options
      Select Search Mode for LDAP Method
      LDAP Server: mdsoti.fsu.edu
      Use SSL [Checked]
      Port: 636
      Admin User: cn=pgina-proxy,ou=proxy-users,dc=fsu,dc=edu
      Admin Pass : eMail or call me at 645-2236; dshrum@admin.fsu.edu
      PrePend: Blank (should be grayed out)
      Append Blank (should be grayed out)
      Filter: eMail or call me at 645-2236; dshrum@admin.fsu.edu
                Here is an example that will allow only current employees to log in.
               (&(cn=%s)(employeeStatus=Active))
       Group Attr: Blank
       Timeout (sec): 5
Under Contexts
       Type ou=people,dc=fsu,dc=edu and select Add Context

An important last step!

Run the Plugin Tester in the pGina Program group.  
Click Browse and select the LDAPAuth plugin (C:\pGina\plugins\ldapauth\ldapauth_plus.dll)
Enter your FSUID and Password in Test Data and Select Login in Test Selection.
If it fails and you reboot you will not be able to get back into windows!

--Donny
     
FSU | UCS | IS | OMNI | FSUCard | Comments | ©Copyright
| florida state university |