Log On with Domain Credentials

AD Bridge includes the following logon options:

  • Full domain credentials
    • Example: example.com\\hoenstiv
  • Single domain user name
    • Example: example\\hoenstiv
  • Alias. Example:  stiv
  • Cached credentials

 

When you log on from the command line, you must use a slash to escape the slash character, making the logon form DOMAIN\\username.

When you log on to a Linux or Unix computer using your domain credentials, AD Bridge uses the Kerberos protocol to connect to Active Directory's key distribution center, or KDC, to establish a key and to request a Kerberos ticket granting ticket (TGT). The TGT lets you log on to other computers joined to Active Directory or applications provisioned with a service principal name and be automatically authenticated with Kerberos and authorized for access through Active Directory.

After logon, AD Bridge stores the password in memory and securely backs it up on disk. You can, however, configure AD Bridge to store logon information in an SQLite database, but it is not the default method. The password is used to refresh the user's Kerberos TGT and to provide NTLM-based single signon through the AD Bridge GSSAPI library. In addition, the NTLM verifier hash, a hash of the NTLM hash, is stored to disk to handle offline logons by comparing the password with the cached credentials.

AD Bridge stores an NTLM hash and LM hash only for accounts in AD Bridge's local provider. The hashes are used to authenticate users over CIFS. Since AD Bridge does not support offline logons for domain users over CIFS, it does not store the LM hash for domain users.

UPN Names

To use UPN names, your Active Directory forest functional level must be set to Windows Server 2012.

For more information, see Storage Modes in Active Directory.

Log on with AD Credentials

After the AD Bridge agent is installed and the Linux or Unix computer is joined to a domain, you can log on with your Active Directory credentials.

  • Log on from the command line. Use a slash character to escape the slash (DOMAIN\\username).
Example with SSH
ssh example.com\\hoenstiv@localhost

Log in to the system console or the text logon prompt using an Active Directory user account in the form of DOMAIN\username, where DOMAIN is the Active Directory short name.

After you join a domain for the first time, you must restart the computer before you can log on interactively through the console.

Logging into Ubuntu using AD credentials

The image depicts an example of logging in to Ubuntu using AD credentials.

 

Log on with SSH

You can log on with SSH by executing the ssh command at the shell prompt in the following format:

ssh DOMAIN\\username@localhost
ssh example.com\\hoenstiv@localhost