{"id":2668,"date":"2014-10-23T15:54:58","date_gmt":"2014-10-23T21:54:58","guid":{"rendered":"http:\/\/www.jumpcloud.com\/blog\/?p=2668"},"modified":"2024-11-08T17:20:04","modified_gmt":"2024-11-08T22:20:04","slug":"authenticating-linux-aws-directory-service","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service","title":{"rendered":"Authenticating Linux with Amazon’s AWS Directory is Easy"},"content":{"rendered":"\n

Yesterday, Amazon announced its Directory Service offering<\/a> – a new service which assists AWS users who are growing their hybrid (on-prem\/cloud) infrastructure by helping provision users on Virtual Private Clouds (VPCs). We decided to have a look at their new offering and walk through a standard use case which users of 探花大神\u2019s Directory-as-a-Service<\/a> are very familiar with: provisioning users on Linux hosts<\/a>.<\/p>\n\n\n\n

It should be noted that AWS Directory Services is not yet aimed at Linux devices. In their announcement Amazon talked about supporting Windows devices, but since many AWS customers are leveraging Linux instances, we wanted to walk through the process and also understand how our 探花大神\u2019s DaaS offering could complement AWS\u2019 offering when it comes to managing Linux users.<\/p>\n\n\n\n

It wasn\u2019t as easy as we\u2019d hoped — AWS DS does not make it easy to integrate LDAP server authentication against your EC2 instances — but the positive takeaway from this exercise is that both solutions can work together nicely.<\/p>\n\n\n\n

Getting Started with AWS Directory Services<\/b><\/h2>\n\n\n\n

Discovering the feature was easy, as it is now offered as a menu selection within the AWS console. We chose to leverage the creation of a new directory, versus connecting to an existing Microsoft Active Directory. Doing so will instantiate the creation of a SAMBA-based<\/a> directory core.<\/p>\n\n\n\n

Creating the AWS Directory<\/b><\/h3>\n\n\n\n

The process within AWS was fairly straight forward, assuming the sysadmin\u2019s knowledge of the networking infrastructure.<\/p>\n\n\n

\n
\"Blog<\/a><\/figure><\/div>\n\n\n

TECH NOTE: <\/b>AWS Users outside of Amazon\u2019s East Zone will not have access to Amazon\u2019s Directory Service as it is limited to that Availability Zone.<\/p>\n\n\n

\n
\"Blog<\/a><\/figure><\/div>\n\n
\n
\"Blog<\/a><\/figure><\/div>\n\n\n

With our new SAMBA-directory \u2018created\u2019, we were then in a holding pattern for the database\/directory to be finalized and provisioned to our VPC, a process which took 11 minutes to complete.<\/p>\n\n\n

\n
\"Blog<\/a><\/figure><\/div>\n\n\n

The SAMBA directory is now live and we were ready to begin our use case testing, getting a user provisioned to a Linux host\u2026<\/p>\n\n\n

\n
\"Blog<\/a><\/figure><\/div>\n\n\n

Detailed View:<\/p>\n\n\n

\n
\"Blog<\/a><\/figure><\/div>\n\n\n

What we initially discovered was this: our sysadmin returned to the AWS console to look for User Administration interfaces but none were available. What we didn\u2019t realize was: in establishing the SAMBA directory on AWS, we would still need to utilize other management tools in order to \u2018operate\u2019 it. As a result, we spun up another instance, with a Windows 2012 Server and used Microsoft\u2019s Active Directory management tools to interface with our AWS\/SAMBA Directory Service.<\/p>\n\n\n\n

Configuring the AWS VPC DHCP<\/b><\/h2>\n\n\n\n

To get this process started, our sysadmin navigated through the AWS Dashboard, walking through the DHCP Option Sets to create a new DHCP Option Set.<\/p>\n\n\n

\n
\"authenticating<\/a><\/figure><\/div>\n\n\n

Managing and Operating the AWS Directory Service<\/b><\/h2>\n\n\n\n

With DHCP set, we now needed to move to standing up tools to manage the AWS Directory Service. Our sysadmin went through the process to build out a Windows instance. This process demanded another block of time, 17 minutes, to perform to bring the Windows Server up live. We were curious as to why we weren\u2019t prompted in this process to have the server auto join the domain, reducing misunderstanding in the connection process.<\/p>\n\n\n\n

After concluding the Windows Server build and enabling the Active Directory tools, it was time to join the Windows client to the AWS Directory. In other words, have this new client join the domain in Windows AD parlance. This process required another 11 minutes, forcing a reboot to conclude the connection.<\/p>\n\n\n\n

Finally, the Windows AD Tools needed to be employed to start building out Groups and adding in AD Users. Rather than show screen shots here, you can review this documentation<\/a> on exactly how to do this if unfamiliar with Active Directory. Depending upon size and scope of users and groups in your org, plan on 15-30 minutes.<\/p>\n\n\n\n

Configure the Linux Host for Authentication with AWS Directory Service<\/b><\/h2>\n\n\n\n

Now, we\u2019re ready for the final part of our use case – establishing a user on Linux from the AWS Directory Service. First we needed to prep the instance and the following was done from a command standpoint by our sysadmin:<\/p>\n\n\n\n

Linux Configuration<\/i><\/b><\/p>\n\n\n\n

For this we used the stock Ubuntu 14.04 LTS build from Amazon.<\/p>\n\n\n\n

We will be using realm to do most of the heavy lifting in connecting to the Amazon Directory and authentication configuration but there are some things that we need to prepare first.<\/p>\n\n\n\n

Configure name resolution.<\/i><\/b><\/p>\n\n\n\n

For a successful handshake, it is critical that the hostname of the server be resolvable.  According to our sysadmin, the easiest way to do this is to add it to \/etc\/hosts with its ip (not 127.0.0.1)<\/p>\n\n\n\n

As an example\u2026<\/p>\n\n\n\n

echo $( ifconfig eth0|grep inet\\ addr|awk ‘{print $2}’|sed -e \n‘s\/addr:\/\/g’ ) $( hostname ).test.jumpcloud.com $( hostname ) >> \n\/etc\/hosts<\/pre>\n\n\n\n
Install required packages<\/i><\/b><\/p>\n\n\n\n
sudo apt-get update\nsudo apt-get -y install sssd samba-common-bin samba-libs sssd-tools \nkrb5-user adcli realmd<\/pre>\n\n\n\n
TECH NOTE:<\/b> Users will be prompted for your Kerberos<\/a> 5 realm. This is your domain name in all uppercase.  (e.g. TEST.JUMPCLOUD.COM)<\/p>\n\n\n\n
With the above completed, it is now time to configure the AWS SAMBA instance we established initially above, but still requires further updating.<\/p>\n\n\n\n
We need to prepare the \u2018triple-S-D\u2019 configuration file for realm.<\/p>\n\n\n\n
SSSD Preconfigure<\/i><\/b><\/p>\n\n\n\n
sudo vi \/etc\/sssd\/sssd.conf<\/p>\n\n\n\n
Copy the following in.<\/p>\n\n\n\n
[nss]\nfilter_groups = root\nfilter_users = root\nreconnection_retries = 3\n \n<\/pre>\n\n\n
[pam]<\/p>\n\n\n\n
\nreconnection_retries = 3\n<\/p>\n\n\n\n
And then fix the permissions on it.<\/p>\n\n\n\n
sudo chown root:root \/etc\/sssd\/sssd.conf\nsudo chmod 600 \/etc\/sssd\/sssd.conf<\/pre>\n\n\n\n
Next up, configuring Kerberos, an essential part of the authentication mechanism utilized in both Active Directory and AWS\u2019s Directory Service. Our sysadmin included some explicit instructions for this to be done per below.<\/p>\n\n\n\n
Configure kerberos for your AWS realm<\/i><\/b><\/p>\n\n\n\n
In your \u2026.\/etc\/krb5.conf \u2026. ensure that default_realm is set to your domain and is all uppercase:<\/p>\n\n\n\n
default_realm = TEST.JUMPCLOUD.COM<\/pre>\n\n\n\n
Then find the section called [domain_realm] and add these lines, changing them to match your domain:<\/p>\n\n\n\n
.TEST.jumpcloud.com = TEST.JUMPCLOUD.COM\nTEST.jumpcloud.com = TEST.JUMPCLOUD.COM<\/pre>\n\n\n\n
This configuration should now be tested as follows, this test is required for the next step with realm\u2026<\/p>\n\n\n\n
sudo kinit Administrator@TEST.JUMPCLOUD.COM\nPassword for Administrator@TEST.JUMPCLOUD.COM:<\/pre>\n\n\n\n
sudo klist\nTicket cache: FILE:\/tmp\/krb5cc_0\nDefault principal: Administrator@TEST.JUMPCLOUD.COM\nValid starting       Expires              Service principal\n10\/22\/2014 23:19:19  10\/23\/2014 23:19:07  \nkrbtgt\/TEST.JUMPCLOUD.COM@TEST.JUMPCLOUD.COM\n\n<\/pre>\n\n\n\n
With testing complete it is time to join with the Directory using realm, there is lots of output from realm that we have truncated, the important bit is the last line.<\/p>\n\n\n\n
Join the Directory<\/i><\/b><\/p>\n\n\n\n
sudo realm –verbose join test.jumpcloud.com \n–user-principal=Administrator@TEST.JUMPCLOUD.COM –unattended\n{ \u2026 Lots Of Output \u2026 }\n* Successfully enrolled machine in realm<\/pre>\n\n\n\n
Now we need to go back and do some post configuration cleanup from what realm did as well as make sure our users have home directories and ssh access.<\/p>\n\n\n\n
SSSD Postconfigure<\/i><\/b><\/p>\n\n\n\n
We need to remove the line use_fully_qualified_names = True so that users don\u2019t have to type user@domain.name, and then restart sssd.<\/p>\n\n\n\n
sudo vi \/etc\/sssd\/sssd.conf\nsudo service sssd restart<\/pre>\n\n\n\n
At this point you can test that things are working by running this command:<\/p>\n\n\n\n
id Administrator<\/pre>\n\n\n\n
It should return something similar to this.<\/p>\n\n\n\n
uid=1533200500(administrator) gid=1533200513(domain users) \ngroups=1533200513(domain users),1533200518(schema \nadmins),1533200520(group policy creator owners),1533200572(denied \nrodc password replication group),1533200512(domain \nadmins),1533200519(enterprise admins)<\/pre>\n\n\n\n
In the sssd.conf file you may have noticed that it is configured to put user\u2019s home directories at \/home\/<domain>\/<user>.  This is great but the system needs to know to create this.<\/p>\n\n\n\n
Configure Home Directory Creation<\/i><\/b><\/p>\n\n\n\n
You must create a file in … \/usr\/share\/pam-configs\/my_mkhomedir \u2026 and will essentially look like this:<\/p>\n\n\n\n
Name: activate mkhomedir\nDefault: yes\nPriority: 900\nSession-Type: Additional\nSession:\n        required                        pam_mkhomedir.so umask=0022 \nskel=\/etc\/skel<\/pre>\n\n\n\n
Once you have that file run pam-auth-update<\/i> to activate and your directory users will get home directories just like your local users.<\/p>\n\n\n\n
One final step remains if your user is going to ssh in, you will need to allow password authentication in ssh as Amazon DS does not have ssh keys in it.   With a restart of the ssh service your linux users can now authenticate against the Amazon DS.<\/p>\n\n\n\n
So after some work and exploration with AWS Directory Service, we were eventually able to provision and authenticate a user on a Linux host in our VPC. It\u2019s not trivial or easy — we discovered that the configuration required fairly in-depth expertise which we have on staff via our sysadmin to establish all of the low-level configurations between the Windows AD, the AWS Directory and of course the Linux instance where we wanted the user provisioned. <\/p>\n\n\n\n
Total time for the process was roughly 5 hours, 20 minutes, including the configuration, machine builds and reboots, and ancillary research time required during the set-up. Now that we\u2019ve worked out these issues subsequent machines would probably be quicker to get connected of course, but again\u2026 not trivial.<\/p>\n\n\n\n
As we said at the outset, AWS does not claim that they support Linux systems yet. While they may in the future it appears that this solution is squarely aimed at Windows machines and the process we went through confirmed that. However, for users that are set on using their Linux instances with AWS Directory Services, it is possible but just requires time and expertise. <\/p>\n\n\n\n
An alternative to this approach is to leverage 探花大神\u2019s Directory-as-a-Service solution in conjunction with AWS Directory Services. Linux user management can be done through the quick install of an agent via 探花大神 and users can be managed closely. The nice part is that it only takes a couple of minutes. If you would like to chat with us about how we can help you manage your users on AWS Linux instances, drop us a note and we\u2019d be happy to discuss it with you.<\/p>\n\n\n\n
We would like to thank these sites for their help in configuring our Linux host to authenticate against the Amazon Directory:<\/p>\n\n\n\n
http:\/\/docs.aws.amazon.com\/directoryservice\/latest\/adminguide\/getting_started.html<\/a><\/p>\n\n\n\n
https:\/\/help.ubuntu.com\/community\/LDAPClientAuthentication<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Authenticating Linux via AWS can be done quickly with the install of an agent via 探花大神. The nice part is that it only takes a couple of minutes.<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[23,2337],"tags":[],"collection":[2778,2777],"platform":[],"funnel_stage":[3015],"coauthors":[2511],"acf":[],"yoast_head":"\nAuthenticating Linux with Amazon's AWS Directory is Easy<\/title>\n<meta name=\"description\" content=\"Authenticating Linux via AWS can be done quickly with the install of an agent via 探花大神. The nice part is that it only takes a couple of minutes.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Authenticating Linux with Amazon's AWS Directory is Easy\" \/>\n<meta property=\"og:description\" content=\"Authenticating Linux via AWS can be done quickly with the install of an agent via 探花大神. The nice part is that it only takes a couple of minutes.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service\" \/>\n<meta property=\"og:site_name\" content=\"探花大神\" \/>\n<meta property=\"article:published_time\" content=\"2014-10-23T21:54:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-08T22:20:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/10\/Blog-Image-1-1030x445.png\" \/>\n<meta name=\"author\" content=\"Rajat Bhargava\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rajat Bhargava\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service\"},\"author\":{\"name\":\"Rajat Bhargava\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/bda984539a66b23f47085df4f41635ba\"},\"headline\":\"Authenticating Linux with Amazon’s AWS Directory is Easy\",\"datePublished\":\"2014-10-23T21:54:58+00:00\",\"dateModified\":\"2024-11-08T22:20:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service\"},\"wordCount\":1502,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/10\/Blog-Image-1-1030x445.png\",\"articleSection\":[\"Best Practices\",\"Remote Work\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service\",\"url\":\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service\",\"name\":\"Authenticating Linux with Amazon's AWS Directory is Easy\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/10\/Blog-Image-1-1030x445.png\",\"datePublished\":\"2014-10-23T21:54:58+00:00\",\"dateModified\":\"2024-11-08T22:20:04+00:00\",\"description\":\"Authenticating Linux via AWS can be done quickly with the install of an agent via 探花大神. The nice part is that it only takes a couple of minutes.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/10\/Blog-Image-1-1030x445.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/10\/Blog-Image-1-1030x445.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Authenticating Linux with Amazon’s AWS Directory is Easy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"探花大神\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"探花大神\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"探花大神\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/bda984539a66b23f47085df4f41635ba\",\"name\":\"Rajat Bhargava\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/be4a33b774a839755d850c80fafe3427\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/bf74832070f694ca8ecf307f64295d14?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/bf74832070f694ca8ecf307f64295d14?s=96&d=mm&r=g\",\"caption\":\"Rajat Bhargava\"},\"description\":\"Rajat Bhargava is an entrepreneur, investor, author, and CEO and co-founder of 探花大神. An MIT graduate with over two decades of high-tech experience, Rajat is a ten-time entrepreneur with six exits including two IPOs and four trade sales.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Authenticating Linux with Amazon's AWS Directory is Easy","description":"Authenticating Linux via AWS can be done quickly with the install of an agent via 探花大神. The nice part is that it only takes a couple of minutes.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service","og_locale":"en_US","og_type":"article","og_title":"Authenticating Linux with Amazon's AWS Directory is Easy","og_description":"Authenticating Linux via AWS can be done quickly with the install of an agent via 探花大神. The nice part is that it only takes a couple of minutes.","og_url":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service","og_site_name":"探花大神","article_published_time":"2014-10-23T21:54:58+00:00","article_modified_time":"2024-11-08T22:20:04+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/10\/Blog-Image-1-1030x445.png"}],"author":"Rajat Bhargava","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rajat Bhargava","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service"},"author":{"name":"Rajat Bhargava","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/bda984539a66b23f47085df4f41635ba"},"headline":"Authenticating Linux with Amazon’s AWS Directory is Easy","datePublished":"2014-10-23T21:54:58+00:00","dateModified":"2024-11-08T22:20:04+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service"},"wordCount":1502,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/10\/Blog-Image-1-1030x445.png","articleSection":["Best Practices","Remote Work"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service","url":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service","name":"Authenticating Linux with Amazon's AWS Directory is Easy","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/10\/Blog-Image-1-1030x445.png","datePublished":"2014-10-23T21:54:58+00:00","dateModified":"2024-11-08T22:20:04+00:00","description":"Authenticating Linux via AWS can be done quickly with the install of an agent via 探花大神. The nice part is that it only takes a couple of minutes.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/10\/Blog-Image-1-1030x445.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/10\/Blog-Image-1-1030x445.png"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/authenticating-linux-aws-directory-service#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Authenticating Linux with Amazon’s AWS Directory is Easy"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"探花大神","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"探花大神","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"探花大神"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/bda984539a66b23f47085df4f41635ba","name":"Rajat Bhargava","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/be4a33b774a839755d850c80fafe3427","url":"https:\/\/secure.gravatar.com\/avatar\/bf74832070f694ca8ecf307f64295d14?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bf74832070f694ca8ecf307f64295d14?s=96&d=mm&r=g","caption":"Rajat Bhargava"},"description":"Rajat Bhargava is an entrepreneur, investor, author, and CEO and co-founder of 探花大神. An MIT graduate with over two decades of high-tech experience, Rajat is a ten-time entrepreneur with six exits including two IPOs and four trade sales.","sameAs":["https:\/\/jumpcloud.com\/blog"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/2668"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=2668"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/2668\/revisions"}],"predecessor-version":[{"id":117259,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/2668\/revisions\/117259"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=2668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=2668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=2668"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=2668"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=2668"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=2668"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=2668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}