Zorin in a School

gajotnt · January 7, 2026, 2:38pm

Hello there, starting the transition to linux in a School.

Right now we have arround 100 classroom computers, all connected to a Windows Server AD domain, because students often change classrooms and or PCs, and they need their personal accounts so that they can have some safety that otherwise is complicated using only one local account (forgetting to logout of websites, etc).

Zorin so far has been the most user friendly to my test subjects. But im hitting a wall when it comes to the AD accounts.

Is there another way (prefably opensource) to manage user accounts?

I will gladly stop using windows server AD.

Just need some light on an alternative, that works well, so far this is the bigest hurdle to this transition out of windows.

Thanks

Asohan · January 8, 2026, 5:26pm

Hello @gajotnt ,

First post on the forum for me! Hello Zorinos !

To give you a short answer with a "simple" solution (not that much, but not terrible so far ) : use a user database (DB) with an identity provider (IDP). For example, OpenLDAP + Keycloak (see this link for more explanations).

That replaces pretty well the Active Directory solution, even for professional purposes. BUT (I insist on this 'but') for production-grade purposes, you have to be very careful in configuring both OpenLDAP and Keycloak (especially core dependencies like PostgreSQL).

The best way to provide services to your school such as this solution (and even more!) would be to build a complete Kubernetes cluster, but that's another level of difficulty. The simplest, completely free solution, would be to set up a single server using an old PC with network config + OpenLDAP + Keycloak. And don't forget to back up the databases safely and regularly.

Hope this helps

gajotnt · January 8, 2026, 5:39pm

Thanks for the reply, will look into it.

But sounds complicated.

Maybe its going to be easier if i keep Windows Server, just have to redeploy so that the domain name is the same as the kids email domain to create less confusion when they try to login

swarfendor437 · January 8, 2026, 7:11pm

Hi and welcome (to both).

@gajotnt

As Zorin 18 is a fork of Ubuntu 24.04, I used this in search criteria using Perplexity A.I. search engine in zen browser which came back with this A.I. generated answer:

" To connect Ubuntu 24.04 to a Windows Active Directory (AD) domain, you typically use the realmd/SSSD stack and then configure logins and home directories for domain users.

Prerequisites

A working AD domain (for example: corp.example.com) and an account with rights to join computers to the domain.
Ubuntu 24.04 machine using the AD DNS server (often the domain controller’s IP) in its network settings so the domain can be discovered.
Correct time sync between Ubuntu and the domain controller (use NTP if possible). Small time drift can break Kerberos authentication.

Install required packages

On Ubuntu 24.04, install the components for AD integration:

bash

sudo apt update
sudo apt install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

These packages provide domain discovery (realm), authentication (sssd/Kerberos), and NSS/PAM integration so AD users appear as normal Unix accounts.

Discover and join the domain

Ensure DNS points to the domain controller (example: 10.0.0.10):

Netplan example (adjust file/interface as needed):
text

# /etc/netplan/01-netcfg.yaml
network:
  version: 2
  ethernets:
    eno1:
      dhcp4: yes
      nameservers:
        addresses: [10.0.0.10]

Apply:

- bash

sudo netplan apply

Discover the domain:

bash

realm discover corp.example.com

You should see output indicating server-software: active-directory and listing required packages.

Join the domain:

bash

sudo realm join corp.example.com -U Administrator

Enter the AD Administrator (or delegated) password when prompted.

Test that AD users resolve:

bash

id someuser@corp.example.com

If successful, you see a UID/GID and group list for that user.

Enable logins and home directories

Allow domain users to log in (optional but common):

bash

sudo realm permit --all

This lets any domain user authenticate on the Ubuntu machine.

Automatically create home directories on first login:Edit /etc/pam.d/common-session and add at the end:

text

session optional pam_mkhomedir.so skel=/etc/skel umask=077

This creates /home/<user> on first login.

Optional: remove domain suffix in usernamesIf you prefer username instead of username@corp.example.com, set in /etc/sssd/sssd.conf:

text

[sssd]
# ...

[domain/corp.example.com]
# ...
use_fully_qualified_names = False

Then restart SSSD:

bash

sudo systemctl restart sssd

Notes for Ubuntu 24.04 installer option

Ubuntu 24.04 Desktop includes an “Use Active Directory” option during installation, but early releases had hangs/bugs after entering domain information, so many admins skip that and join the domain post‑install using realmd as above. For a new deployment, joining after installation is generally more reliable on 24.04.

If you share more details (desktop vs server, domain name, any errors), more targeted commands and config examples can be given."

poropa6576 · January 8, 2026, 8:49pm

As Zorin OS is based on Ubuntu, it'll probably be easier to follow Ubuntu's official guide on how to set up your own OpenLDAP server (an open source alternative to AD) on a computer running Zorin OS, or Ubuntu, whichever floats your boat:

Also note the section about setting up users and group management:

Once you've set up your LDAP server, you should be able to follow Zorin's guide to connect your classroom computers to the LDAP server:

gajotnt · January 9, 2026, 11:44am

Thanks, will try LDAP

rmorris · January 9, 2026, 12:11pm

I have not tried this Turnkey AD Replacement but it sounds like it might do the trick. And if you had something like webmin (as that still a thing?) then it may prove reasonably simple to manage?

Or maybe take a look at the Linux Schools Project?

gajotnt · January 9, 2026, 12:25pm

Tried installing that TurnKey one on our proxmox cluster but was giving me a error during config.

I think OpenLDAP will work, just have to look at it and try it out.

Thanks for all the input

gajotnt · January 9, 2026, 1:02pm

Anyone tried LLDAP?

I just need a server to autenticate users, nothing more.

Installing it now, in the afternoon will dig into it

rmorris · January 9, 2026, 11:23pm

My experience in this area is now a bit dated. I did do some further research and ClearOS and their Free Community Edition may be of interest. It certainly looks more modern. I am assuming you don't want to pay money? If you had a small budget you might also investigate Zentyal. There is a detailed writeup about Zentyal here.