To support SSO on an instant-cloned VM in a Horizon 7 Linux desktop environment, configure Samba on the master Linux VM on an Ubuntu system.
Use the following steps to use Samba to offline domain join an instant-cloned Linux desktop to Active Directory on an Ubuntu system.
Procedure
- On your master Linux VM, install the winbind and samba packages, including any other dependent libraries such as smbfs and smbclient.
- Install the Samba tdb-tools package using the following command.
sudo apt-get install tdb-tools
- Install Horizon 7 Agent for Linux.
- Edit the /etc/samba/smb.conf configuration file so that it has content similar to the following example.
[global]
security = ads
realm = LAB.EXAMPLE.COM
workgroup = LAB
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum group = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
winbind use default domain = yes
restrict anonymous = 2
- Edit the /etc/krb5.conf configuration file so that it has content similar to the following example..
[libdefaults]
default_realm = EXAMPLE.COM
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
YOUR-DOMAIN = {
kdc = 10.111.222.33
}
[domain_realm]
your-domain = EXAMPLE.COM
.your-domain = EXAMPLE.COM
- Edit the /etc/nsswitch.conf configuration file, as shown in the following example.
passwd: files winbind
group: files winbind
shadow: files winbind
gshadow: files
- Verify that the host name is correct and that the system date and time are synchronized with your DNS system.
- Set the following option in the /etc/vmware/viewagent-custom.conf file to inform the Horizon Agent for Linux that the Linux VM is domain joined using the Samba method.
- Reboot your system and log back in.
