How to reset passwords in Linux OS with ADSelfService Plus
IT admins are equipped to deal with much more than simple password reset calls from frustrated employees. However, when there's a huge spike in calls to unlock user accounts or reset passwords, the admin productivity is hindered and they're forced to deal with redundant tickets. Wouldn't it be great if they could simply enable users to reset their passwords on their own and unlock their accounts from their login screens?
Self-service password reset (SSPR)
With ADSelfService Plus, users can reset their passwords from:
- The logon screens of their Windows, Linux, or macOS machines.
- Web browsers by accessing the ADSelfService Plus portal, which can be configured to be accessed through all major web browsers.
- Their mobile devices by accessing the ADSelfService Plus iOS or Android mobile app or mobile site.
- Their private networks, even remotely. Furthermore resetting their passwords, ADSelfService Plus also lets users update their cached credentials.
Password self-service from the Linux login screen
IT administrators can enable users to reset their Active Directory (AD) domain passwords from the login screen of Linux OS using ADSelfService Plus.
ADSelfService Plus: The right password reset software for Linux
- ADSelfService Plus places a Reset Password/Unlock Account link (also called the logon agent) on the login screen of Linux OS machines.
- Clicking this link will open the password reset portal. Users are required to prove their identity through any of the enforced authentication methods, like SMS-based one-time passwords (OTPs), email-based OTPs, Google Authenticator, DUO Security, and RSA SecurID.
Note:
- Users must be enrolled in ADSelfService Plus to use the self-service password reset and self-service account unlock capabilities.
- Enrollment is a one-time process where users enter their mobile number and email address, set answers to security questions, and provide other details in ADSelfService Plus in order to register for self-service password management. Learn how to enroll users.
- Once the user’s identity is successfully verified, they will be allowed to reset their forgotten AD domain passwords.
Tip: Improve password security. Do you think users are employing weak passwords to secure their Linux machines? Help them create strong user passwords with the Password Policy Enforcer.
Installing the ADSelfService Plus logon agent on users' machines
Before users can reset from their Linux login screen, admins have to deploy the logon agent on the users’ machines in the following ways:
Installation from the ADSelfService Plus admin console:
- Download and install ADSelfService Plus.
- Navigate to the Configuration tab → Administrative Tools → GINA/Mac/Linux.
- Click GINA/Mac/Linux Installation.
- In the New Installation section, choose the required Domain from the drop-down.
- Click Add OUs to select the OUs for which the logon agent must be installed. Click Get Computers.
- Now, select the computers to which the logon agent needs to be pushed.
- Click Install.
Manual installation
- Copy the installLinuxAgent.sh, ADSSPLinuxClient.tar.gz from this folder: <Install Directory>\bin (Default location: C:\Program Files\ManageEngine\ADSelfService Plus\bin).
- Paste the copied files in the Home folder of the Linux machine.
- Launch the Linux terminal and execute the following commands:
Where:
serverName = The name of the machine in which ADSelfService Plus is deployed.
portNumber = The port number using which ADSelfService Plus is running.
protocol = The protocol with which ADSelfService Plus is running (http or https).
New to ADSelfService Plus?
Related Articles
Configuring the ADSelfService Plus login agent for machine MFA and password self-service in Linux
Securing data and resources on the corporate network is of paramount importance to organizations. In a world where most corporate attacks originate at an endpoint, ADSelfService Plus offers 20 MFA factors to protect endpoints by allowing access only ...Self-service password reset and account unlock for Chromebook devices
The Chromebook is Google's low-cost alternative to traditional laptops. Unlike Windows, macOS, and Linux machines, a Chromebook runs on the Chrome OS. Users can login to their Chromebook using their AD domain credentials, if their device has been ...Forgot your Mac password? Reset it from the login screen with ADSelfService Plus
f users can't remember their macOS login password, they won't be able to log in to their Active Directory (AD) account either, which negatively affects their productivity. To reset Mac passwords, users can use any of the methods supported by ...How to reset forgotten Windows passwords from the login screen using ADSelfService Plus
Empowering users with a Windows password reset tool According to recent research, organizations are spending close to one million dollars annually on resolving password-related tickets. This isn’t that surprising, as the Microsoft-approved methods to ...ADSelfService Plus self-service password reset configuration: Reset & Unlock tab
Reset & Unlock tab The Reset & Unlock tab consists of settings related to the self-password reset and account unlock features. Learn how to configure these settings to suit your requirements. Here are the settings under the Reset & Unlock tab: Unlock ...