To ensure the operation of features such as single sign-on for a RHEL/CentOS 8.x desktop, use the realmd solution to join the desktop to your Active Directory (AD) domain.

Procedure

  1. Configure a fully qualified host name for the RHEL/CentOS 8.x system.
    For example, if rhel8 is the unqualified host name of the system and LXD.VDI is the AD domain, run the following command.
    # hostnamectl set-hostname rhel8.lxd.vdi
  2. Verify the network connection with the AD domain, as shown in the following example.
    # realm discover -vvv LXD.VDI
  3. Install the required dependency packages, as shown in the following example.
     # dnf install -y sssd adcli samba-common-tools oddjob oddjob-mkhomedir
  4. Join the AD domain, as shown in the following example.
    # realm join -U Administrator LXD.VDI
  5. Edit the /etc/sssd/sssd.conf so that it resembles the following example. Add ad_gpo_map_interactive = +gdm-vmwcred under the [domain/domain name] section.
    [sssd]
    domains = LXD.VDI
    config_file_version = 2
    services = nss, pam
    
    [domain/LXD.VDI]
    ad_domain = LXD.VDI
    krb5_realm = LXD.VDI
    realmd_tags = manages-system joined-with-adcli
    cache_credentials = True
    id_provider = ad
    krb5_store_password_if_offline = True
    default_shell = /bin/bash
    ldap_id_mapping = True
    use_fully_qualified_names = False
    fallback_homedir = /home/%u
    access_provider = ad
    ad_gpo_map_interactive = +gdm-vmwcred
  6. To ensure that the domain-join takes effect, reboot your system and log back in.
  7. Verify that the domain users are configured correctly. The following example shows how to use the id command to return the configuration output from domain user zyc1.
    # id zyc1
    
    uid=1084401403(zyc1) gid=1084400513(domain users) groups=1084400513(domain users)
  8. Using the credentials of a domain user, verify that you can successfully log in to the desktop.
    Note: Horizon Agent only supports the X11 display server protocol for RHEL/CentOS 8.x desktops.