Configuring Windows to Use LDAPfor Login Authentication

All this talk of using LDAP for Linux authentication is well and good, but this book is about integrating Linux and Windows on a network. How, then, does LDAP help you with Windows clients? The answer is that Windows—or at least, Windows NT/200x/XP—uses an authentication system known as Graphical Identification and Authentication (GINA). Supplements to the Microsoft-supplied GINA are available, and you can use one of these to have Windows authenticate against your LDAP server.

One of the most flexible GINA supplements is known as pGina (, which is a modular open source GINA tool. You can find pGina modules that support LDAP, MySQL, NIS, SecurID, and many more authentication systems. The following pages are devoted to pGina’s LDAP functionality. Unfortunately, pGina is limited to working with Windows 200x/XP; it doesn’t work with Windows 9x/Me. (In theory, pGina should work with Windows NT, but its LDAP module requires features that were added with Windows 2000.) Using pGina requires installing it and configuring it to use your LDAP server.

Obtaining and Installing pGina

You can obtain pGina from its web site. You’ll need to download both the main pGina package (available from and the LDAP plugin module (available from Both packages come in the form of installer applications. This chapter uses pGina 1.7.6 and the LDAPAuth ...

Get Linux in a Windows World now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.