Active Directory integration on Linux clients
The DriveLock Agent for Linux currently supports integration with Active Directory (AD) only via Samba Winbind. Other methods such as realmd + sssd are not supported.
Requirements
In order for the Agent to process AD user data, the tool wbinfo (part of Samba Winbind) must be installed on the Linux client. The Agent uses this tool to retrieve user and group information, for example:
wbinfo -U: Lists known user SIDswbinfo -G: Lists known group SIDswbinfo -D: Displays domain information
Supported functionality
The AD integration on Linux provides partial functionality compared to the Windows Agent:
- AD users and groups can be explicitly allowed in Drive and Device Control rules using the Block with exceptions setting.
- Rules can be filtered to apply only to specific AD users.
- AD users are correctly reported in the event logs.
Unsupported features
The following features are currently not supported:
- AD computer objects or AD-based groups
- AD-based inventory
- AD use on IGEL OS (even if the system is joined to the domain)