Setting Up for Linux Desktops
Table Of Contents
- Setting Up Horizon 7 for Linux Desktops
- Contents
- Setting Up Horizon 7 for Linux Desktops
- Features and System Requirements
- Preparing a Linux Virtual Machine for Desktop Deployment
- Setting Up Active Directory Integration for Linux Desktops
- Setting Up Graphics for Linux Desktops
- Installing Horizon Agent
- Configuration Options for Linux Desktops
- Create and Manage Linux Desktop Pools
- Bulk Deployment of Horizon 7 for Manual Desktop Pools
- Overview of Bulk Deployment of Linux Desktops
- Overview of Bulk Upgrade of Linux Desktops
- Create a Virtual Machine Template for Cloning Linux Desktop Machines
- Input File for the Sample PowerCLI Scripts to Deploy Linux Desktops
- Sample Script to Clone Linux Virtual Machines
- Sample Script to Join Cloned Virtual Machines to AD Domain
- Sample Script to Join Cloned Virtual Machines to AD Domain Using SSH
- Sample Script to Upload Configuration Files to Linux Virtual Machines
- Sample Script to Upload Configuration Files to Linux Virtual Machines Using SSH
- Sample Script to Upgrade Horizon Agent on Linux Desktop Machines
- Sample Script to Upgrade Horizon Agent on Linux Virtual Machines Using SSH
- Sample Script to Perform Operations on Linux Virtual Machines
- Troubleshooting Linux Desktops
- Collect Diagnostic Information for Horizon 7 for Linux Machine
- Troubleshooting Copy and Paste between Remote Desktop and Client Host
- Configuring the Linux Firewall to Allow Incoming TCP Connections
- View Agent Fails to Disconnect on an iPad Pro Horizon Client
- SLES 12 SP1 Desktop does not Auto Refresh after Drag and Drop
- SSO Fails to Connect to a PowerOff Agent
- Unreachable VM After Creating a Manual Desktop Pool for Linux
- Index
If you use the LDAP-based solutions, you need to do the conguration in a template virtual machine and no
additional steps are required in the cloned virtual machines.
If you use the Winbind Domain Join solution or other Keberos authentication-based solution, you need join
the template virtual machine to the Active Directory, and re-join the cloned virtual machine to the Active
Directory. For example, use the following command:
sudo /usr/bin/net ads join -U <domain
user>%<domain password>
Use the following options to run the domain re-join command on a cloned virtual machine for the Winbind
solution:
n
Remote connect such as SSH or vSphere PowerCLI to each virtual machine and run the command. For
more information on scripts, see Chapter 8, “Bulk Deployment of Horizon 7 for Manual Desktop
Pools,” on page 65.
n
Include the command to a shell script and specify the script path to Horizon agent option
RunOnceScript in the /etc/vmware/viewagent-custom.conf le. For more information, see “Seing
Options in Conguration Files on a Linux Desktop,” on page 47.
N For ease of deployment, use the SSSD LDAP authentication against the Microsoft Active Directory
solution.
Setting Up Single Sign-on and Smart Card Redirection
To set up single sign-on (SSO) and smart card redirection, you must perform some conguration steps.
Single Sign-on
The Horizon View single sign-on module talks to PAM (pluggable authentication modules) in Linux and
does not depend on the method that you use to integrate Linux with Active Directory (AD). Horizon View
SSO is known to work with the OpenLDAP and Winbind solutions that integrate Linux with AD.
By default, SSO assumes that AD's sAMAccountName aribute is the login ID. To ensure that the correct
login ID is used for SSO, you must perform the following conguration steps if you use the OpenLDAP or
Winbind solution:
n
For OpenLDAP, set sAMAccountName to uid.
n
For Winbind, add the following statement to the conguration le /etc/samba/smb.conf.
winbind use default domain = true
If users must specify the domain name to log in, you must set the SSOUserFormat option on the Linux
desktop. For more information, see “Seing Options in Conguration Files on a Linux Desktop,” on
page 47. Be aware that SSO always uses the short domain name in upper case. For example, if the domain
is mydomain.com, SSO will use MYDOMAIN as the domain name. Therefore, you must specify
MYDOMAIN when seing the SSOUserFormat option. Regarding short and long domain names, the
following rules apply:
n
For OpenLDAP, you must use short domain names in upper case.
n
Winbind supports both long and short domain names.
AD supports special characters in login names but Linux does not. Therefore, do not use special characters
in login names when seing up SSO.
In AD, if a user's UserPrincipalName (UPN) aribute and sAMAccount aribute do not match and the user
logs in with the UPN, SSO will fail. The workaround is for the user to log in using the name that is stored in
sAMAccount.
Setting Up Horizon 7 for Linux Desktops
26 VMware, Inc.