The PowerBroker Identity Services Open (PBISO) authentication method is one of the supported solutions for performing an offline domain join.

Use the following steps to join a Linux virtual machine to Active Directory (AD) using PBISO.

Procedure

  1. Download PBISO 8.5.6 or later from its official download site.
    Note: For Ubuntu 20.04, download PBISO 9.1.0 or later.
  2. Install PBISO on your Linux virtual machine.
    sudo ./pbis-open-8.5.6.2029.linux.x86_64.deb.sh
  3. Install Horizon Agent for Linux.
  4. Use PBISO to join the Linux virtual machine to the AD domain.
    In the following example, lxdc.vdi is the domain name and administrator is the domain user name.
    sudo domainjoin-cli join lxdc.vdi administrator
  5. Set up the default configuration for domain users.
    sudo /opt/pbis/bin/config UserDomainPrefix lxdc 
    sudo /opt/pbis/bin/config AssumeDefaultDomain true 
    sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash 
    sudo /opt/pbis/bin/config HomeDirTemplate %H/%U
  6. Edit the /etc/pam.d/common-session file.
    1. Locate the line that says session sufficient pam_lsass.so.
    2. Replace that line with session [success=ok default=ignore] pam_lsass.so.
    Note: You must redo this step you reinstall or update the Horizon Agent for Linux.
  7. Restart the Linux virtual machine and log in.

What to do next

Note:
  • If the /opt/pbis/bin/config AssumeDefaultDomain option is set to false, you must update the SSOUserFormat=<username>@<domain> setting in the /etc/vmware/viewagent-custom.conf file.
  • When using the Horizon 8 instant-clone floating desktop pool feature, to avoid losing the DNS Server setting when you add the new network adapter to the cloned virtual machine, modify the resolv.conf file for your Linux system. Use the following example, for an Ubuntu system, as a guide for adding the necessary lines in the /etc/resolv.conf file.
    nameserver 10.10.10.10
    search mydomain.org