How to Make Your Active Directory Work with Linux Devices

By Greg Keller Posted January 21, 2020

Sync AD with Linux

Microsoft® Active Directory® (AD) is the most common Windows®-based user directory solution. AD leverages LDAP under the hood, but it largely uses Kerberos as the authentication protocol for Windows machines. Because of this, Linux® and Mac® devices struggle to integrate with AD. Why is that important? AD is made up of three major components: authentication, authorization, and management. If a business uses 100% Windows systems, AD accomplishes all three tasks.

However, if a business uses any Linux or Mac devices, cloud infrastructure or applications, or non-Windows infrastructure, AD starts to fail.

If AD Fails, How are Businesses Managing Directories?

There are several ways that organizations can connect their Linux devices to Active Directory. The easiest is by using LDAP via the PAM module.

Organizations can also use Kerberos under this model. However, instead of completely rectifying the issues where AD fails, each of these approaches creates extra work and could add security issues.

Another method is to leverage Samba and Winbind. This requires setting up Samba, which is no easy feat.

The Better Approach to Making Active Directory Work with Linux Devices

An alternative approach to connecting Linux or Mac devices to Active Directory is to leverage JumpCloud Directory-as-a-Service®, or DaaS. DaaS acts as an “extension” to AD, solidly fixing the areas where AD falls apart. It authenticates, authorizes, and manages Windows, Mac, and Linux devices. Not just one of them — all of them. How? Active Directory Integration is the key to making all it work.

How AD Integration Works

Linux and Mac devices connect to JumpCloud’s cloud-based directory service via their native authentication mechanisms (and through an agent). Users are added to JumpCloud’s virtual identity provider either via our Active Directory Integration, or they can be manually added. If Active Directory is connected through the JumpCloud AD Integration feature, then any updates in AD are automatically replicated to JumpCloud and, by consequence, to all Linux devices in the directory, too.

For example, a new user can be added in AD and as a result given access to all of their Linux cloud servers hosted at AWS®. The reverse is also true where a user terminated in AD is automatically deleted from the AWS servers. This is accomplished by an active sync process between AD and JumpCloud.

Through JumpCloud’s hosted directory service, Linux and Mac machines can be easily connected to Microsoft AD, eliminating the headaches associated with manual management or work-around solutions with Chef or Puppet. Directory-as-a-Service is also a great directory choice for organizations that don’t use AD but would like to manage their Linux devices in a similar way.

Learn More About How to Make Active Directory Work With Linux

Feel free to give our AD to Linux/Mac connection a try with our cloud directory service. We offer a free account with 10 users free forever. If any questions come up or if you would like to learn more, drop us a note. We’d be happy to discuss whether DaaS is right for you.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts