Integrate Linux System with Windows Active Directory

Version 8
Visibility: Open to anyone

    Since VMware Horizon Connection Server is using Microsoft Active Directory for directory server, we need configure Linux Desktop OS to authenticate/login with AD User.

     

    There are several solutions to integrate the Linux with AD:

     

    1. For the Kerberos authentication based solution (such as Winbind domain join), the authentication requires the Computer Account in the domain. If you join the template VM to AD and clone a VM from it, you need re-join domain to create new Computer Account for the cloned VM

     

    2. For LDAP based authentication, if you configure it in the template VM and cloned aVM from it, LDAP authentication can keep working without any setting changing. LDAP based authentication will send the user ID and password out for authentication, for security purpose, LDAPS is mandatory requirement, which requires you to install Certificate Service on AD.

    - OpenLDAP server solution: You need setup a OpenLDAP server, synchronize the user account information (except password) from AD to OpenLDAP server, configure Linux to do LDAP authentication to OpenLDAP server. OpenLDAP server will forward the password validation to AD.

    - SSSD + LDAPS solution: Since AD supports the LDAP protocol, configure the Linux to do the LDAP authentication to AD directly

     

    Here are 3 guides for above solutions:

    - Winbind

    - OpenLDAP Server

    - SSSD + LDAPS