To ensure the operation of features such as single sign-on for a RHEL/CentOS 8.x desktop, use the realmd solution to join the RHEL/CentOS 8.x virtual machine to your Active Directory (AD) domain.


  1. Configure a fully qualified host name for the RHEL/CentOS 8.x virtual machine (VM).
    For example, if rhel8 is the unqualified host name of the VM and LXD.VDI is the AD domain, run the following command.
    # hostnamectl set-hostname rhel8.lxd.vdi
  2. Verify the network connection with the AD domain, as shown in the following example.
    # realm discover -vvv LXD.VDI
  3. Install the required dependency packages, as shown in the following example.
     # dnf install -y sssd adcli samba-common-tools oddjob oddjob-mkhomedir
  4. Join the AD domain, as shown in the following example.
    # realm join -U Administrator LXD.VDI
  5. Edit the /etc/sssd/sssd.conf so that it resembles the following example. Add ad_gpo_map_interactive = +gdm-vmwcred under the [domain/domain name] section.
    domains = LXD.VDI
    config_file_version = 2
    services = nss, pam
    ad_domain = LXD.VDI
    krb5_realm = LXD.VDI
    realmd_tags = manages-system joined-with-adcli
    cache_credentials = True
    id_provider = ad
    krb5_store_password_if_offline = True
    default_shell = /bin/bash
    ldap_id_mapping = True
    use_fully_qualified_names = False
    fallback_homedir = /home/%u
    access_provider = ad
    ad_gpo_map_interactive = +gdm-vmwcred
  6. To ensure that the domain-join takes effect, restart the VM and log back in.
  7. Verify that the domain users are configured correctly. The following example shows how to use the id command to return the configuration output from domain user zyc1.
    # id zyc1
    uid=1084401403(zyc1) gid=1084400513(domain users) groups=1084400513(domain users)
  8. Using the credentials of a domain user, verify that you can successfully log in to the VM.
    Note: Horizon Agent only supports the X11 display server protocol for RHEL/CentOS 8.x desktops.