Log on with Domain Credentials
AD Bridge Enterprise includes the following logon options:
- Full domain credentials
- Example: example.com\\hoenstiv
- Single domain user name
- Example: example\\hoenstiv
- Alias. Example: stiv
- Cached credentials
When you log on from the command line, you must use a slash to escape the slash character, making the logon form DOMAIN\\username.
When you log on a Linux or Unix computer using your domain credentials, AD Bridge Enterprise uses the Kerberos protocol to connect to Active Directory's key distribution center, or KDC, to establish a key and to request a Kerberos ticket granting ticket (TGT). The TGT lets you log on to other computers joined to Active Directory or applications provisioned with a service principal name and be automatically authenticated with Kerberos and authorized for access through Active Directory.
After logon, AD Bridge Enterprise stores the password in memory and securely backs it up on disk. You can, however, configure AD Bridge Enterprise to store logon information in a SQLite database, but it is not the default method. The password is used to refresh the user's Kerberos TGT and to provide NTLM-based single sign-on through the AD Bridge Enterprise GSSAPI library. In addition, the NTLM verifier hash, a hash of the NTLM hash, is stored to disk to handle offline logons by comparing the password with the cached credentials.
AD Bridge Enterprise stores an NTLM hash and LM hash only for accounts in AD Bridge Enterprise's local provider. The hashes are used to authenticate users over CIFS. Since AD Bridge Enterprise does not support offline logons for domain users over CIFS, it does not store the LM hash for domain users.
To use UPN names, you must raise your Active Directory forest functional level to Windows Server 2003, but raising the forest functional level to Windows Server 2003 will exclude Windows 2000 domain controllers from the domain.
For more information, please see Storage Modes in Active Directory
Log on with AD Credentials
After the AD Bridge Enterprise agent is installed and the Linux or Unix computer is joined to a domain, you can log on with your Active Directory credentials.
- Log on from the command line. Use a slash character to escape the slash (DOMAIN\\username).
Example with SSH:
Log into the system console or the text login prompt using an Active Directory user account in the form of DOMAIN\username, where DOMAIN is the Active Directory short name.
After you join a domain for the first time, you must restart the computer before you can log on interactively through the console.
The image depicts an example of logging into Ubuntu using AD credentials.
Log on with SSH
You can log on with SSH by executing the ssh command at the shell prompt in the following format: