To support SSO on an instant-cloned Linux virtual machine (VM) in a VMware Horizon desktop environment, configure Samba on the golden-image Linux VM.
Use the following procedure as an example for using Samba to offline domain join an instant-cloned Linux VM to Active Directory (AD). This procedure provides the steps for an Ubuntu system.
Procedure
- On your golden-image Linux VM, install the winbind and samba packages.
sudo apt install samba krb5-config krb5-user winbind libpam-winbind libnss-winbind
If needed, install any dependent libraries such as
smbfs and
smbclient.
- Install the Samba tdb-tools package using the following command.
sudo apt install tdb-tools
- Install Horizon Agent for Linux. See Install Horizon Agent on a Linux Virtual Machine.
- Edit the /etc/samba/smb.conf configuration file so that it has content similar to the following example.
[global]
security = ads
realm = LAB.EXAMPLE.COM
workgroup = LAB
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
winbind use default domain = yes
restrict anonymous = 2
- Edit the /etc/krb5.conf configuration file so that it has content similar to the following example.
[libdefaults]
default_realm = EXAMPLE.COM
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
EXAMPLE.COM = {
kdc = 10.111.222.33
}
[domain_realm]
example.com = EXAMPLE.COM
.example.com = EXAMPLE.COM
- Edit the /etc/nsswitch.conf configuration file, as shown in the following example.
passwd: files winbind
group: files winbind
shadow: files winbind
gshadow: files
- Verify that the host name is correct and that the system date and time are synchronized with your DNS system.
- To inform Horizon Agent that the Linux VM is domain-joined using the Samba method, configure the following options in the /etc/vmware/viewagent-custom.conf file. Replace YOURDOMAIN with the NetBIOS name of your domain.
OfflineJoinDomain=samba
NetbiosDomain=YOURDOMAIN
- Restart the golden-image Linux VM and log back in.