Setting Up for Linux Desktops
Table Of Contents
- Setting Up Horizon 7 for Linux Desktops
- Contents
- Setting Up Horizon 7 for Linux Desktops
- Features and System Requirements
- Preparing a Linux Virtual Machine for Desktop Deployment
- Setting Up Active Directory Integration for Linux Desktops
- Setting Up Graphics for Linux Desktops
- Installing Horizon Agent
- Configuration Options for Linux Desktops
- Create and Manage Linux Desktop Pools
- Bulk Deployment of Horizon 7 for Manual Desktop Pools
- Overview of Bulk Deployment of Linux Desktops
- Overview of Bulk Upgrade of Linux Desktops
- Create a Virtual Machine Template for Cloning Linux Desktop Machines
- Input File for the Sample PowerCLI Scripts to Deploy Linux Desktops
- Sample Script to Clone Linux Virtual Machines
- Sample Script to Join Cloned Virtual Machines to AD Domain
- Sample Script to Join Cloned Virtual Machines to AD Domain Using SSH
- Sample Script to Upload Configuration Files to Linux Virtual Machines
- Sample Script to Upload Configuration Files to Linux Virtual Machines Using SSH
- Sample Script to Upgrade Horizon Agent on Linux Desktop Machines
- Sample Script to Upgrade Horizon Agent on Linux Virtual Machines Using SSH
- Sample Script to Perform Operations on Linux Virtual Machines
- Troubleshooting Linux Desktops
- Collect Diagnostic Information for Horizon 7 for Linux Machine
- Troubleshooting Copy and Paste between Remote Desktop and Client Host
- Configuring the Linux Firewall to Allow Incoming TCP Connections
- View Agent Fails to Disconnect on an iPad Pro Horizon Client
- SLES 12 SP1 Desktop does not Auto Refresh after Drag and Drop
- SSO Fails to Connect to a PowerOff Agent
- Unreachable VM After Creating a Manual Desktop Pool for Linux
2 Configure the SSSD in the Linux desktop to directly use LDAP authentication against the Microsoft
Active Directory.
The Winbind Domain Join solution involves the following steps:
1 Install the Winbind, Samba, and Kerberos packages on the Linux desktop.
2 Join the Linux desktop to the Microsoft Active Directory.
If you use the LDAP-based solutions, you need to do the configuration in a template virtual machine and
no additional steps are required in the cloned virtual machines.
If you use the Winbind Domain Join solution or other Keberos authentication-based solution, you need
join the template virtual machine to the Active Directory, and re-join the cloned virtual machine to the
Active Directory. For example, use the following command:
sudo /usr/bin/net ads join -U <domain
user>%<domain password>
Use the following options to run the domain re-join command on a cloned virtual machine for the Winbind
solution:
n
Remote connect such as SSH or vSphere PowerCLI to each virtual machine and run the command.
For more information on scripts, see Chapter 8 Bulk Deployment of Horizon 7 for Manual Desktop
Pools.
n
Include the command to a shell script and specify the script path to Horizon agent option
RunOnceScript in the /etc/vmware/viewagent-custom.conf file. For more information, see
Setting Options in Configuration Files on a Linux Desktop.
Note For ease of deployment, use the SSSD LDAP authentication against the Microsoft Active Directory
solution.
Setting Up Single Sign-on and Smart Card Redirection
To set up single sign-on (SSO) and smart card redirection, you must perform some configuration steps.
Single Sign-on
The Horizon single sign-on module communicates with PAM (pluggable authentication modules) in Linux
and does not depend on the method that you use to integrate Linux with Active Directory (AD). Horizon
SSO is known to work with the OpenLDAP and Winbind solutions that integrate Linux with AD.
By default, SSO assumes that AD's sAMAccountName attribute is the login ID. To ensure that the correct
login ID is used for SSO, you must perform the following configuration steps if you use the OpenLDAP or
Winbind solution:
n
For OpenLDAP, set sAMAccountName to uid.
Setting Up Horizon 7 for Linux Desktops
VMware, Inc. 31