Pricing  Get Quote
 
 

Features

ADSelfService Plus in action

How to reset passwords in Linux OS with ADSelfService Plus

IT admins are equipped to deal with much more than simple password reset calls from frustrated employees. However, when there's a huge spike in calls to unlock user accounts or reset passwords, the admin productivity is hindered and they're forced to deal with redundant tickets. Wouldn't it be great if they could simply enable users to reset their passwords on their own and unlock their accounts from their login screens?

Password self-service from the Linux login screen

IT administrators can enable users to reset their Active Directory (AD) domain passwords from the login screen of Linux OS using ADSelfService Plus.

ADSelfService Plus: The right password reset software for Linux

  1. ADSelfService Plus places a Reset Password/Unlock Account link (also called the logon agent) on the login screen of Linux OS machines.

  2. Clicking this link will open the password reset portal. Users are required to prove their identity through any of the enforced authentication methods, like SMS-based one-time passwords (OTPs), email-based OTPs, Google Authenticator, DUO Security, and RSA SecurID.

    enforced-authentication-methods

    Note:

    1. Users must be enrolled in ADSelfService Plus to use the self-service password reset and self-service account unlock capabilities.
    2. Enrollment is a one-time process where users enter their mobile number and email address, set answers to security questions, and provide other details in ADSelfService Plus in order to register for self-service password management. Learn how to enroll users.
  3. Once the user’s identity is successfully verified, they will be allowed to reset their forgotten AD domain passwords.

    Tip: Improve password security. Do you think users are employing weak passwords to secure their Linux machines? Help them create strong user passwords with the Password Policy Enforcer.

Installing the ADSelfService Plus logon agent on users' machines

Before users can reset from their Linux login screen, admins have to deploy the logon agent on the users’ machines in the following ways:

  1. 1. Installation from the ADSelfService Plus admin console:
    1. Download and install ADSelfService Plus.
    2. Navigate to the Configuration tab → Administrative ToolsGINA/Mac/Linux.
    3. Click GINA/Mac/Linux Installation.
    4. In the New Installation section, choose the required Domain from the drop-down.
    5. Click Add OUs to select the OUs for which the logon agent must be installed. Click Get Computers.
    6. Now, select the computers to which the logon agent needs to be pushed.

    7. Click Install.
  2. 2. Manual installation
    1. Copy the installLinuxAgent.sh, ‌ADSSPLinuxClient.tar.gz from this folder: <Install Directory>\bin (Default location: C:\ManageEngine\ADSelfService Plus\bin).

      Note: You need to copy the TAR file based on the client OS architecture. There will be two TAR files:

      1. ADSSPLinuxClient.tar.gz for i686 clients (32-bit).
      2. ADSSPLinuxClient64.tar.gz for x86-64 clients (64-bit).
    2. Paste the copied files in the Home folder of the Linux machine.
    3. Launch the Linux terminal and execute the following commands:
      sed -i 's/\r$//' installLinuxAgent.sh
      sudo bash installLinuxAgent.sh -install -serverName <adssp-server/IP> -portNumber <adssp-server-port> -protocol <adssp-server-protocol>

      Where:

      1. serverName = The name of the machine in which ADSelfService Plus is deployed.
      2. portNumber = The port number using which ADSelfService Plus is running.
      3. protocol = The protocol with which ADSelfService Plus is running (http or https).
 

See this feature inaction now!

By clicking 'Talk to an expert', you agree to processing of personal data according to the Privacy Policy.

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link