To support SSO on an instant-cloned Linux virtual machine (VM) in a VMware Horizon 8 desktop environment, configure Samba on the golden-image Linux VM.

Samba supports offline domain join with Active Directory for instant-cloned desktops running any Linux distribution supported by Horizon Agent. However, VMware recommends using SSSD Authentication for desktops running newer distributions and Samba only for desktops running older distributions, as described in the following note.

Note:
  • VMware recommends using the SSSD Authentication method (instead of Samba) for desktops running the following Linux distributions.
    • Ubuntu 20.04/22.04
    • Debian 11.x
    • RHEL 8.x/9.x
    • SLED/SLES 15.x
  • VMware recommends using the Samba method for desktops running the following Linux distributions.
    • Ubuntu 18.04
    • Debian 10.x
    • RHEL/CentOS 7.9

Use the following procedure as an example for using Samba to offline domain join an instant-cloned Linux VM to Active Directory (AD). This procedure provides the steps for an Ubuntu system.

Procedure

  1. On your golden-image Linux VM, install the winbind and samba packages.
    sudo apt install samba krb5-config krb5-user winbind libpam-winbind libnss-winbind
    If needed, install any dependent libraries such as smbfs and smbclient.
  2. Install the Samba tdb-tools package using the following command.
    sudo apt install tdb-tools
  3. Install Horizon Agent for Linux. See Install Horizon Agent on a Linux Virtual Machine.
  4. Edit the /etc/samba/smb.conf configuration file so that it has content similar to the following example.
    [global]
    security = ads
    realm = LAB.EXAMPLE.COM
    workgroup = LAB
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind enum users = yes
    winbind enum groups = yes
    template homedir = /home/%D/%U
    template shell = /bin/bash
    client use spnego = yes
    client ntlmv2 auth = yes
    encrypt passwords = yes
    winbind use default domain = yes
    restrict anonymous = 2
  5. Edit the /etc/krb5.conf configuration file so that it has content similar to the following example.
    [libdefaults]
    default_realm = EXAMPLE.COM
    
    krb4_config = /etc/krb.conf
    krb4_realms = /etc/krb.realms
    
    kdc_timesync = 1
    ccache_type = 4
    forwardable = true
    proxiable = true
    
    [realms]
    EXAMPLE.COM = {
    kdc = 10.111.222.33
    }
    
    [domain_realm]
    example.com = EXAMPLE.COM
    .example.com = EXAMPLE.COM
  6. Edit the /etc/nsswitch.conf configuration file, as shown in the following example.
    passwd: files winbind
    group: files winbind
    shadow: files winbind
    gshadow: files
  7. Verify that the host name is correct and that the system date and time are synchronized with your DNS system.
  8. To inform Horizon Agent that the Linux VM is domain-joined using the Samba method, configure the following options in the /etc/vmware/viewagent-custom.conf file. Replace YOURDOMAIN with the NetBIOS name of your domain.
    OfflineJoinDomain=samba
    
    NetbiosDomain=YOURDOMAIN
  9. Restart the golden-image Linux VM and log back in.