![]() You might encounter issues with old versions of PAM and NSS, though, but we have not tested that yet. Therefore it is likely that the code will work just fine on distributions such as Red Hat Linux. The software they build on top of, namely PAM and NSS, is available in every Linux distribution. While the developers focus on Ubuntu, there is nothing particularly Ubuntu-specific about the code. The source code for these components is available on GitHub. This means that using this approach for headless server logins may be challenging or impossible. The use-case is essentially the same as when domain-joining Windows 10+ systems to Azure AD: your local Ubuntu desktop logins are authenticated from Azure AD instead of the local files. The caveat with this approach is that it seems desktop centric. The modules also support offline logins, which is a really nice feature. In order to use this authentication method you also need an application and service principal in Azure. A command line tool to manage the local cache for offline authentication and the system’s configuration.An NSS module to query the password, group and shadow databases.Azure Active Directory Authentication for UbuntuĬanonical, the author of the popular Ubuntu distribution has developed native Azure AD authentication support for Ubuntu Desktop. This said, if all your Linux instances are in Azure this approach might be fairly reasonable and non-intrusive. The overall login workflow does not seem very intuitive nor easy.It requires people logging in to have Azure CLI and an Azure CLI extension installed on their workstations.It only supports logging in to Azure VMs because of the need for a special Azure VM extension.This approach has a number of downside and inconveniences: Azure AD authentication via OpenSSHĪzure AD has built-in support for logging in to Linux VMs using Azure AD authentication via OpenSSH. Microsoft official supports this configuration: see the instructions for Red Hat and other Linux distributions here. Those then allow you to join Linux VMs indirectly to the Azure AD domain. With AAD DS you get the LDAP and Kerberos endpoints. AAD DS is a managed service that has nothing to do with classic Active Directory. LDAP authentication via Azure AD Domain ServicesĪzure AD can support LDAP and Kerberos with help from Azure AD Domain Services ("AAD DS"). This will get you the best of all worlds at the cost of fairly high level of complexity. That said, if you do have Active Directory integrated with Azure AD, you can throw Red Hat IdM/FreeIPA in the mix. If not, the maintenance overhead is probably too much. That said, this approach only makes sense if you don't already have an Active Directory instance. So, you essentially circumvent native Azure AD authentication. This allows you to join your Linux VMs to Active Directory using LDAP and Kerberos. ![]() ![]() LDAP authentication via Active Directory connected to Azure ADĪs I mentioned above, Azure AD can be connect to classic Active Directory with Azure AD Connect. The Linux hosts can be located in Azure or elsewhere, depending on the authentication method. This article tries to outline the options you have for logging in to your Linux hosts with Azure AD credentials. ![]() While we know and love Keycloak, it is impossible to avoid Azure AD due to its huge marketshare. Keycloak is an open source identity and access management application. ![]() In the open source world the closest analogy to Azure AD is probably Keycloak on which Red Hat's commercially supported Red Hat Single Sign-On is based. For more on this confusing terminology have a look at our earlier Windows domain in Azure blog post. That said, Azure AD and Active Directory can be integrated together with Azure AD Connect. While their names are similar, they are completely different beasts. It is also important to distinguish between Azure AD and classic Active Directory ("AD DS"). These protocols are used to allow Linux logins using centralized identities. The challenge with Linux Azure AD authentication is that Azure AD does not support "legacy protocols", LDAP and Kerberos. In fact, your Azure users, groups, roles and role assignments are stored in Azure AD. Azure, Microsoft's public Cloud, builds on top of Azure AD. In other words you can log in to your Linux hosts Azure Active Directory ("Azure AD") credentials in various ways. There are several ways to do Linux Azure AD authentication. There are a myriad of ways to login to Linux systems using Azure AD credentials. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |