DocumentationRelease Notes
Documentation

Log on with Domain Credentials

Suggest Edits

AD Bridge includes the following logon options:

  • Full domain credentials
    • Example: example.com\\hoenstiv
  • Single domain user name
    • Example: example\\hoenstiv
  • Alias. Example:  stiv
  • Cached credentials

⚠️

Important

When you log on from the command line, you must use a slash to escape the slash character, making the logon form DOMAIN\username.

When you log on to a Linux or Unix computer using your domain credentials, AD Bridge uses the Kerberos protocol to connect to Active Directory's key distribution center, or KDC, to establish a key and to request a Kerberos ticket granting ticket (TGT). The TGT lets you log on to other computers joined to Active Directory or applications provisioned with a service principal name and be automatically authenticated with Kerberos and authorized for access through Active Directory.

After logon, AD Bridge stores the password in memory and securely backs it up on disk. You can, however, configure AD Bridge to store logon information in an SQLite database, but it is not the default method. The password is used to refresh the user's Kerberos TGT and to provide NTLM-based single signon through the AD Bridge GSSAPI library. In addition, the NTLM verifier hash, a hash of the NTLM hash, is stored to disk to handle offline logons by comparing the password with the cached credentials.

AD Bridge stores an NTLM hash and LM hash only for accounts in AD Bridge's local provider. The hashes are used to authenticate users over CIFS. Since AD Bridge does not support offline logons for domain users over CIFS, it does not store the LM hash for domain users.

UPN names

To use UPN names, your Active Directory forest functional level must be set to Windows Server 2012.

ℹ️

Note

For more information, see Storage modes in Active Directory.

Log on with Active Directory credentials

After the AD Bridge agent is installed and the Linux or Unix computer is joined to a domain, you can log on with your Active Directory credentials.

  • Log on from the command line. Use a slash character to escape the slash (DOMAIN\\username).

Example

ssh example.com\\hoenstiv@localhost

Log in to the system console or the text logon prompt using an Active Directory user account in the form of DOMAIN\username, where DOMAIN is the Active Directory short name.

ℹ️

Note

After you join a domain for the first time, you must restart the computer before you can log on interactively through the console.

Log on with GUI desktop

AD Bridge supports logging on via the desktop. There might be additional steps required depending on the display manager and the desktop environment.

A common issue is allowing manual user login. For example, on Ubuntu with LightDM the greeter needs to be updated.

Log on with SSH

You can log on with SSH by executing the ssh command at the shell prompt in the following format:

ssh DOMAIN\\username@localhost

Example

ssh example.com\\hoenstiv@localhost

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.