Authentication against ADS on Ubuntu Precise

Jurjen Bokma

March 2012

Table of Contents

What we're trying


This section I wrote in the mistaken belief that one of first three solutions below was necessary to authenticate against AD at all. It isn't. Using the fourth is entirely possible and, IMO, better.

I know of four ways to allow Linux users to log in based on a MS Active Directory server:

This section describes the first three, but only the Linux side of things. The AD server was configured by one of my colleagues.

Centrify and Likewise are both commercial with limited free use, and are contenders for the same customers. WinBind is free and Open Source, and this comparison to Centrify should be distrusted as skewed by money.

In either case, the Kerberos, LDAP, PAM and nsswitch subsystems of a Linux machine are configured to refer to an AD server for lookup of usernames and verification of passwords.