To support True SSO on SLED/SLES desktops, first integrate the base virtual machine (VM) with an Active Directory (AD) domain using the Samba and Winbind solutions.
Use the following procedure to integrate a SLED/SLES VM with an AD domain.
Prerequisites
Verify the following:
- The True SSO feature has been configured for Workspace ONE Access and Horizon Connection Server.
- The SLED/SLES base VM meets the system requirements described in Setting Up True SSO for Linux Desktops.
- The Active Directory server is resolvable by DNS on the VM.
- The Network Time Protocol (NTP) is configured on the VM.
Procedure
- On the SLED/SLES VM, install the samba and winbind packages.
sudo zypper install samba-winbind krb5-client samba-winbind-32bit
- Open the YaST setup tool and navigate to .
- On the Windows Domain Membership screen, configure settings as follows.
- For Domain or Workgroup, enter the DNS name of the workgroup or NT domain that includes your Samba server, using all capital letters. For example, if your workgroup name is mydomain, enter MYDOMAIN.
- Select Also Use SMB Information for Linux Authentication.
- Select Create Home Directory on Login.
- Select Offline Authentication.
- Select Single Sign-on for SSH.
- At the prompt asking if you want to join the domain, select Yes.
- Enter the administrator name and password for the specified workgroup, and select OK.
A message appears confirming that the system joined the domain successfully. Select
OK.
- Edit the /etc/samba/smb.conf configuration file so that it includes the following parameter.
[global]
...
winbind use default domain = yes
- Restart the VM and log back in.
- Test and verify the AD integration.
Run the following test commands and check that they return the correct output. Replace
mydomain with the name of your Samba server workgroup or NT domain.
- sudo net ads testjoin
- sudo net ads info
- sudo wbinfo --krb5auth=mydomain\\open%open
- sudo ssh localhost -l mydomain\\open
