To support SSO on an instant-cloned VM in a Horizon 7 Linux desktop environment, configure Samba on the master Linux VM on an Ubuntu system.

Use the following steps to use Samba to offline domain join an instant-cloned Linux desktop to Active Directory on an Ubuntu system.


  1. On your master Linux VM, install the winbind and samba packages, including any other dependent libraries such as smbfs and smbclient.
  2. Install the Samba tdb-tools package using the following command.
    sudo apt-get install tdb-tools
  3. Install Horizon 7 Agent for Linux.
  4. Edit the /etc/samba/smb.conf configuration file so that it has content similar to the following example.
    security = ads
    realm = LAB.EXAMPLE.COM
    workgroup = LAB
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind enum users = yes
    winbind enum group = yes
    template homedir = /home/%D/%U
    template shell = /bin/bash
    client use spnego = yes
    client ntlmv2 auth = yes
    encrypt passwords = yes
    winbind use default domain = yes
    restrict anonymous = 2
  5. Edit the /etc/krb5.conf configuration file so that it has content similar to the following example..
    default_realm = EXAMPLE.COM
    krb4_config = /etc/krb.conf
    krb4_realms = /etc/krb.realms
    kdc_timesync = 1
    ccache_type = 4
    forwardable = true
    proxiable = true
    kdc =
    your-domain = EXAMPLE.COM
    .your-domain = EXAMPLE.COM
  6. Edit the /etc/nsswitch.conf configuration file, as shown in the following example.
    passwd: files winbind
    group: files winbind
    shadow: files winbind
    gshadow: files
  7. Verify that the host name is correct and that the system date and time are synchronized with your DNS system.
  8. Set the following option in the /etc/vmware/viewagent-custom.conf file to inform the Horizon Agent for Linux that the Linux VM is domain joined using the Samba method.
  9. Reboot your system and log back in.