Multiple solutions exist to integrate Linux with Active Directory (AD) and Horizon 7 for Linux Desktop has no dependency on which solution is used.
The following solutions are known to work in a Horizon 7 for Linux Desktop environment:
- OpenLDAP Server Pass-through Authentication
- System Security Services Daemon (SSSD) LDAP Authentication against the Microsoft Active Directory
- Winbind Domain Join
At a high level, the OpenLDAP Pass-through authentication solution involves the following steps:
- Install Certificate Services on the Active Directory to enable LDAPS (Lightweight Directory Access Protocol over SSL).
- Setup an OpenLDAP server.
- Synchronize user information (except password) from the Active Directory to the OpenLDAP server.
- Configure the OpenLDAP server to delegate password verification to a separate process such as saslauthd, which can perform password verification against the Active Directory.
- Configure the Linux desktops to use a LDAP client to authenticate users with the OpenLDAP server.
- Install the Certificate Services on the Active Directory to enable LDAPS.
- Configure the SSSD in the Linux desktop to directly use LDAP authentication against the Microsoft Active Directory.
- Install the Winbind, Samba, and Kerberos packages on the Linux desktop.
- Join the Linux desktop to the Microsoft Active Directory.
If you use the LDAP-based solutions, you need to do the configuration in a template virtual machine and no additional steps are required in the cloned virtual machines.
sudo /usr/bin/net ads join -U <domain user>%<domain password>
Use the following options to run the domain re-join command on a cloned virtual machine for the Winbind solution:
- Remote connect such as SSH or vSphere PowerCLI to each virtual machine and run the command. For more information on scripts, see Bulk Deployment of Horizon 7 for Manual Desktop Pools.
- Include the command to a shell script and specify the script path to Horizon agent option RunOnceScript in the /etc/vmware/viewagent-custom.conf file. For more information, see Setting Options in Configuration Files on a Linux Desktop.