Setting Up for Linux Desktops
Table Of Contents
- Setting Up Horizon 7 for Linux Desktops
- Contents
- Setting Up Horizon 7 for Linux Desktops
- Features and System Requirements
- Preparing a Linux Virtual Machine for Desktop Deployment
- Setting Up Active Directory Integration for Linux Desktops
- Configuration Options for Linux Desktops
- Setting Up Graphics for Linux Desktops
- Installing Horizon Agent and Managing Linux Desktops
- Install Horizon Agent on a Linux Virtual Machine
- Enable Reversible Password Encryption
- Configure the Certificate for Linux Agent
- Create a Desktop Pool That Contains Linux Virtual Machines
- Upgrade Horizon Agent on a Linux Virtual Machine
- Uninstalling and Reinstalling Horizon 7 for Linux Machines
- How to Perform Power Operations on Linux Desktops from vSphere
- Gather Information About Horizon 7 for Linux Software
- Bulk Deployment of Horizon 7 for Linux Desktops
- Overview of Bulk Deployment of Linux Desktops
- Create a Virtual Machine Template for Cloning Linux Desktop Machines
- Input File for the Sample PowerCLI Scripts to Deploy Linux Desktops
- Sample Script to Clone Linux Virtual Machines
- Sample Script to Join Cloned Virtual Machines to AD Domain
- Sample Script to Join Cloned Virtual Machines to AD Domain Using SSH
- Sample Script to Install Horizon Agent on Linux Virtual Machines
- Sample Script to Install Horizon Agent on Linux Virtual Machines Using SSH
- Sample Script to Upload Configuration Files to Linux Virtual Machines
- Sample Script to Upload Configuration Files to Linux Virtual Machines Using SSH
- Sample Script to Upgrade Horizon Agent on Linux Desktop Machines
- Sample Script to Upgrade Horizon Agent on Linux Virtual Machines Using SSH
- Sample Script to Perform Operations on Linux Virtual Machines
- Sample Script to Delete Machines from the Connection Server LDAP Database
- Troubleshooting Linux Desktops
- Collect Diagnostic Information for Horizon 7 for Linux Machine
- Troubleshooting Horizon Agent Registration Failure for a Linux Machine
- Troubleshooting an Unreachable Horizon Agent on a Linux Machine
- Troubleshooting Horizon Agent on a Linux Machine That Is Not Responding
- Troubleshooting Copy and Paste between Remote Desktop and Client Host
- Configuring the Linux Firewall to Allow Incoming TCP Connections
- Index
Setting Up Single Sign-on and Smart Card Redirection
To set up single sign-on (SSO) and smart card redirection, you must perform some configuration steps.
Single Sign-on
The Horizon View single sign-on module talks to PAM (pluggable authentication modules) in Linux and
does not depend on the method that you use to integrate Linux with Active Directory (AD). Horizon View
SSO is known to work with the OpenLDAP and Winbind solutions that integrate Linux with AD.
By default, SSO assumes that AD's sAMAccountName attribute is the login ID. To ensure that the correct
login ID is used for SSO, you need to perform the following configuration steps if you use the OpenLDAP or
Winbind solution:
n
For OpenLDAP, set sAMAccountName to uid.
n
For Winbind, add the following statement to the configuration file /etc/samba/smb.conf.
winbind use default domain = true
If users must specify the domain name to log in, you must set the SSOUserFormat option on the Linux
desktop. For more information, see “Setting Options in Configuration Files on a Linux Desktop,”
on page 23. Be aware that SSO always uses the short domain name in upper case. For example, if the
domain is mydomain.com, SSO will use MYDOMAIN as the domain name. Therefore, you must specify
MYDOMAIN when setting the SSOUserFormat option. Regarding short and long domain names, the
following rules apply:
n
For OpenLDAP, you must use short domain names in upper case.
n
Winbind supports both long and short domain names.
AD supports special characters in login names but Linux does not. Therefore, do not use special characters
in login names when setting up SSO.
In AD, if a user's UserPrincipalName (UPN) attribute and sAMAccount attribute do not match and the user
logs in with the UPN, SSO will fail. The workaround is for the user to log in using the name that is stored in
sAMAccount.
View does not require the user name to be case-sensitive. You must ensure that the Linux operating system
can handle case-insensitive user names.
n
For Winbind, the user name is case-insensitive by default.
n
For OpenLDAP, Ubuntu uses NSCD to authenticate users and is case-insensitive by default. RHEL and
CentOS use SSSD to authenticate users and the default is case-sensitive. To change the setting, edit the
file /etc/sssd/sssd.conf and add the following line in the [domain/default] section:
case_sensitive = false
Smart Card Redirection
To set up smart card redirection, first follow the instructions from the Linux distributor and from the smart
card vendor. Then update the pcsc-lite package to 1.7.4. For example, run the following commands:
#yum groupinstall "Development tools"
#yum install libudev-devel
#service pcscd stop
#wget https://alioth.debian.org/frs/download.php/file/3598/pcsc-lite-1.7.4.tar.bz2
#tar -xjvf pcsc-lite-1.7.4.tar.bz2
#cd ./pcsc-lite-1.7.4
Setting Up Horizon 7 for Linux Desktops
20 VMware, Inc.