To ensure the operation of features such as single sign-on for a RHEL 8.x desktop, use the realmd solution to join the RHEL 8.x virtual machine to your Active Directory (AD) domain.
Procedure
- Configure a fully qualified host name for the RHEL 8.x virtual machine (VM).
For example, if rhel8 is the unqualified host name of the VM and LXD.VDI is the AD domain, run the following command.
# hostnamectl set-hostname rhel8.lxd.vdi
- Verify the network connection with the AD domain, as shown in the following example.
# realm discover -vvv LXD.VDI
- Install the required dependency packages, as shown in the following example.
# dnf install -y sssd adcli samba-common-tools oddjob oddjob-mkhomedir
- Join the AD domain, as shown in the following example.
# realm join -U Administrator LXD.VDI
- Edit the /etc/sssd/sssd.conf so that it resembles the following example. Add ad_gpo_map_interactive = +gdm-vmwcred under the [domain/domain name] section.
[sssd] domains = LXD.VDI config_file_version = 2 services = nss, pam [domain/LXD.VDI] ad_domain = LXD.VDI krb5_realm = LXD.VDI realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = False fallback_homedir = /home/%u access_provider = ad ad_gpo_map_interactive = +gdm-vmwcred
- To ensure that the domain-join takes effect, restart the VM and log back in.
- Verify that the domain users are configured correctly. The following example shows how to use the id command to return the configuration output from domain user zyc1.
# id zyc1 uid=1084401403(zyc1) gid=1084400513(domain users) groups=1084400513(domain users)
- Using the credentials of a domain user, verify that you can successfully log in to the VM.
Note: Horizon Agent only supports the X11 display server protocol for RHEL 8.x desktops.
