Windows LDAP auth with pGina
Foxpass now provides a native Windows Login solution. Click here.
Windows has the capability to use Foxpass LDAP for machine logins. However, in order to utilize the feature, you need to install and run pGina.
1. Install pGina
Download and run the pGina installer. pGina requires that the Visual C++ redistributable package be installed in order to function correctly. The installer will give you the option of installing this package, be sure to select that option if you haven't already installed it.
After installation, pGina will be configured with the "LocalMachine" plugin enabled for the authentication and gateway stages (see below). This means that you will be able to use pGina to log into the machine using existing local accounts without any prior setup. If necessary, the LocalMachine plugin will create accounts for authenticated users after logging in.
2. Configure Plugins
After installation, start the pGina configuration application. Verify that the pGina service is running and that the Credential Provider/GINA is installed and enabled. These components much be enabled for pGina to function properly.
Next, select these 6 checkboxes to set up LDAP authentication.
Then, order the LDAP plugin before the Local Machine plugin so LDAP groups can be added to Local Machine groups during login.
3. Configure LDAP
First, configure LDAP Authentication. Enter your Foxpass binder DN and password. If you don't have a Foxpass binder, create one here.
Next, change the LDAP authorization settings to manage access. The default rule is "Allow," but you can add rules that use group membership to determine access.
Finally, you can use the "Gateway" tab to automatically add members of LDAP groups to local groups.
4. Verify the Configuration
Configure your LocalMachine plugin like so:
Go to the "Simulation" tab and test the configuration using your Foxpass credentials. If the connection is successful, you should get the 3 green checks as pictured below. The "Local Groups" section at the bottom lists the groups that the user is recognized as being a member of when they log in.
Now you're good to start using Foxpass LDAP to log into Windows machines!
Updated about 1 year ago