Re: Disable domain selection in view client

berndmaier · ‎03-15-2013

Hi,

we have installed a multi-tentant installation of vmware view (horizon version 5.2) for multiple customers.

we have connected all domains with a trust to our root cloud domain.

is it possible to disable the domain selection on the view client login screen???

thats very bad because everyone who wants to login can look on the domain selection and could see all domains (and so all other customers who are on the cloud)

Is there a possiblity to disable this selection??

best regards,

bernd

Linjo · ‎03-15-2013

Yes, you do that on the connection broker with the vdmadmin-command:

Here are some examples:

Add the domain FARDOM to the search exclusion list for the View Connection Server instance csvr1.

vdmadmin -N -domains -search -domain FARDOM -add -s csvr1

Add the domain NEARDOM to the exclusion list for a View Connection Server group.

vdmadmin -N -domains -exclude -domain NEARDOM -add

Display the domain search configuration on both View Connection Server instances in the group, and for the group.

C:\ vdmadmin -N -domains -list

Domain Configuration
====================
Cluster Settings
   Include:
   Exclude:
   Search :
     FARDOM
     DEPTX

Broker Settings: CONSVR-1
   Include:
(*)Exclude:
     YOURDOM
   Search :

Broker Settings: CONSVR-2
   Include:
   Exclude:
   Search :

View Manager limits the domain search on each View Connection Server host in the group to exclude the domains FARDOM and DEPTX. The characters (*) next to the exclusion list for CONSVR-1 indicates that View Manager excludes the YOURDOM domain from the results of the domain search on CONSVR-1.

Display the domain filters in XML using ASCII characters.

vdmadmin -N -domains -list -xml -n

Display the domains that are available to View Manager on the local View Connection Server instance.

C:\ vdmadmin -N -domains -list -active

Domain Information (CONSVR)
===========================
Primary Domain: MYDOM

Domain: MYDOM DNS:mydom.mycorp.com
Domain: YOURDOM DNS:yourdom.mycorp.com
Domain: FARDOM DNS:fardom.mycorp.com
Domain: DEPTX DNS:deptx.mycorp.com
Domain: DEPTY DNS:depty.mycorp.com
Domain: DEPTZ DNS:deptz.mycorp.com

Display the available domains in XML using ASCII characters.

vdmadmin -N -domains -list -active -xml -n

Remove the domain NEARDOM from the exclusion list for a View Connection Server group.

vdmadmin -N -domains -exclude -domain NEARDOM -remove

Remove all domains from the inclusion list for the View Connection Server instance csvr1.

vdmadmin -N -domains -include -removeall -s csvr1

Best regards, Linjo Please follow me on twitter: @viewgeek If you find this information useful, please award points for "correct" or "helpful".

berndmaier · ‎03-15-2013

hi,

thanks for the fast reply.

is it, after that, possible to log in with a user of the excluded domain?!

i want to login with users of the customer domain but i dont want that the domain is displayed in the client login screen...

i think there should be a option like "DOMAIN \username" or "username@DOMAIN" in the username-field and do not display the domain-selection field...

best regards...

berndmaier · ‎03-16-2013

could anybody help me?!

is it possible to login with a user of an excluded domain?!

Mjah01 · ‎09-29-2014

Did you found any solution for this case? I am facing the same challenge to hide customers domain name but allow them to login with a multi tenant environment.

oystbo · ‎09-29-2014

I'm currently on leave, I will read my mail when I'm back February 2. 2015

Øystein Bøhler

p3000 · ‎11-12-2014

This post is old, but I will answer anyway - I found this post via Google and would have been happy to find the answer. Took me five minutes to test it out: YES you can login to excluded domains with user@domain.

Mjah01 · ‎11-12-2014

Correct. But you have to configure everything before adding the domain to the exclusion list. Otherwise you are not able to select the OU for the VDI's in the child domain. (because of the pull-down menu's) make it a combo box would resolve this problem.

The steps are:

The child domain is visible in the Horizon Client at this point.
Add the AD account from the child domain in the composer to add the Computer accounts to the child domain.
Create the VDI pool and entitle the AD security group from the child domain.
Remove the Child domain with vdmadmin to the exclusion list, only the primary domain is visible in the Horizon client right now.
Log in with username@childdomainname (domain selection box is greyed out now).

Log in is succesful with single sign-on to the VDI located in the Child domain

Regards

p3000 · ‎11-12-2014

Ok I see. But the exclusion is per Connection Server. So I could use one CS without exclusion where I would be able to select the Domains when creating pools, right?

edit: I checked this and it doens't work. No matter on which server you use the web interface, the domain is invisible.

Mjah01 · ‎11-12-2014

Yes i think that is possible. I made the exclusion per Connection server group because i don't want to waste a connection server.

I see i made a mistake in my earlier comment. What i meant is when removing the child before creating the pool you are not able to entitle AD group form child because of the pull-down menu.

In the OU selection you can enter a OU manually so that is working, same for the Composer account. I think when using CLI to create the VDI pool you can leave the child in the exclusion. Will test that later on. I have also asked VMware if this is a supported way to do.

edit. TI think you have edited per connection server group instead of per Connection server?

Regards.

p3000 · ‎11-12-2014

Ah now I got your point regarding the entitltement.

Yes maybe I did it per group. Will check that out tomorrow. Enough for today

All

Disable domain selection in view client