We are using the 2-Factor Authentication from Google in Horizon View for all our external Horizon users. Therefore we have setup a CentOS VM with the Google Authenticator package installed. The Guide for this can be found here: https://blogs.vmware.com/consulting/files/2015/02/VMW_15Q1_TD_Horizon-View-Google-Authenticator_0217...
Because Sysadmins are a bit lazy :smileygrin: and we also do not want to generate every QR-code by hand for all our Users, we have come up with this fully automated Linux script.
A cronjob runs this script every 5 minutes. If a new user and HomeDir is created, the script automaticly creates the QR-code for this user and places a textfile with the URL for the QR-code in the Users Homedir. It works like a charm and saves us a lot of time.
:smileyinfo: Feel free to use this script in your own environment, but please leave the header info as it is
# This script is created by John at RTV-Noord. You may use and distribute
# it as long as you keep this header as it is.
# THE USAGE OF THIS SCRIPT IS AT YOUR OWN RISK!
# There are some prerequisites to make this script work:
# - machine you run it from is a Active Directory Domain member
# - the share with AD homedirs is mounted on /mnt/home
# - the google-authenticator package is installed
# - replace domainname.com with your AD domainname
ls /mnt/home > all_users
MAKEQR=$(comm -3 all_users users_with_qr | wc -l)
if [ $MAKEQR -gt 0 ]; then
echo "Found users without QR."
comm -3 all_users users_with_qr > users_without_qr
for user in $(cat users_without_qr); do
echo " $(date) make qr for $user..."
su -l "$email@example.com" -c "google-authenticator -tdf -r 3 -R 30 -w 17 -Q UTF8 | grep http > google-authenticator.txt"
mv /firstname.lastname@example.org/google-authenticator.txt /mnt/home/$user/
cat all_users > users_with_qr
echo "$MAKEQR QR-code has been created"