To ensure the operation of features such as single sign-on for a RHEL/CentOS 8.x desktop, use the realmd solution to join the desktop to your Active Directory (AD) domain.
Procedure
- Configure a fully qualified host name for the RHEL/CentOS 8.x system.
For example, if rhel8 is the unqualified host name of the system and LXD.VDI is the AD domain, run the following command.
# hostnamectl set-hostname rhel8.lxd.vdi
- Verify the network connection with the AD domain, as shown in the following example.
# realm discover -vvv LXD.VDI
- Install the required dependency packages, as shown in the following example.
# dnf install -y sssd adcli samba-common-tools oddjob oddjob-mkhomedir
- Join the AD domain, as shown in the following example.
# realm join -U Administrator LXD.VDI
- Edit the /etc/sssd/sssd.conf so that it resembles the following example. Add ad_gpo_map_interactive = +gdm-vmwcred under the [domain/domain name] section.
[sssd] domains = LXD.VDI config_file_version = 2 services = nss, pam [domain/LXD.VDI] ad_domain = LXD.VDI krb5_realm = LXD.VDI realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = False fallback_homedir = /home/%u access_provider = ad ad_gpo_map_interactive = +gdm-vmwcred
- To ensure that the domain-join takes effect, reboot your system and log back in.
- Verify that the domain users are configured correctly. The following example shows how to use the id command to return the configuration output from domain user zyc1.
# id zyc1 uid=1084401403(zyc1) gid=1084400513(domain users) groups=1084400513(domain users)
- Using the credentials of a domain user, verify that you can successfully log in to the desktop.
Note: Horizon Agent only supports the X11 display server protocol for RHEL/CentOS 8.x desktops.