Configuring Windows to Use LDAPfor Login Authentication
All this talk of using LDAP for Linux authentication is well and good, but this book is about integrating Linux and Windows on a network. How, then, does LDAP help you with Windows clients? The answer is that Windows—or at least, Windows NT/200x/XP—uses an authentication system known as Graphical Identification and Authentication (GINA). Supplements to the Microsoft-supplied GINA are available, and you can use one of these to have Windows authenticate against your LDAP server.
One of the most flexible GINA supplements is known as pGina (http://pgina.xpasystems.com), which is a modular open source GINA tool. You can find pGina modules that support LDAP, MySQL, NIS, SecurID, and many more authentication systems. The following pages are devoted to pGina’s LDAP functionality. Unfortunately, pGina is limited to working with Windows 200x/XP; it doesn’t work with Windows 9x/Me. (In theory, pGina should work with Windows NT, but its LDAP module requires features that were added with Windows 2000.) Using pGina requires installing it and configuring it to use your LDAP server.
Obtaining and Installing pGina
You can obtain pGina from its web site. You’ll need to download both the main pGina package (available from http://pgina.xpasystems.com/files/) and the LDAP plugin module (available from http://pgina.xpasystems.com/plugins/). Both packages come in the form of installer applications. This chapter uses pGina 1.7.6 and the LDAPAuth ...