padulka
Hot Shot
Hot Shot

Horizon Autologon Issue

Jump to solution

Hi to all,

I'm create a the following environment:

1 Active Directory

1 Connection Server (Horizon for linux)

1 Template Ubuntu 18.04.5 release

I've configured Ubuntu to join AD through "System Security Services Daemon (SSSD) LDAP Authentication against the Microsoft Active Directory" that, as reported in the official guide (https://docs.vmware.com/en/VMware-Horizon-7/7.11/linux-desktops-setup/GUID-D8E3A4AA-83E9-46A4-8BBA-8...😞

If you use the LDAP-based solutions, you must perform the configuration in a template virtual machine and no additional steps are required in the cloned virtual machines.

The customer license support only Full clone (also linked clone but it doesn't want to buy other MS license).

The issue is after create a desktop pool trying to access with Horizon Connection Client (2006 8.0.0) the Single Sign On doesn't work; I need to enter the same user credential two times, one for Horizon and one for OS Client.

I'm trying any settings but I can't find the solution

Looking on auth.log this is the error:

Dec 22 22:02:18 ecsp-vm003 gdm-vmwcred]: pam_unix(gdm-vmwcred:auth): check pass; user unknown
Dec 22 22:02:18 ecsp-vm003 gdm-vmwcred]: pam_unix(gdm-vmwcred:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost=127.0.0.1
Dec 22 22:02:18 ecsp-vm003 gdm-vmwcred]: pam_sss(gdm-vmwcred:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost=127.0.0.1 user=fc600046
Dec 22 22:02:18 ecsp-vm003 gdm-vmwcred]: pam_sss(gdm-vmwcred:auth): received for user fc600046: 10 (User not known to the underlying authentication module)

Someone could help me?

Regards

0 Kudos
1 Solution

Accepted Solutions
padulka
Hot Shot
Hot Shot

I have to change authentication method from SSSD to Winbind

View solution in original post

0 Kudos
5 Replies
chenyu_vmware
VMware Employee
VMware Employee

Hi,

Could you please run below command and collect the command output and log file. We will check this issue further. thanks. 

# id <login_user>
# getent passwd <login_user>

# /usr/lib/vmware/viewagent/bin/dct-debug.sh -> to collect log bundle file.

0 Kudos
padulka
Hot Shot
Hot Shot

@chenyu_vmware 

I find the solution of my issue.

Now I have another one: 

I need to execute a bash script after "VM Customization Specifications" has renamed the hostname of alla VDI of full clone desktop pool

0 Kudos
chenyu_vmware
VMware Employee
VMware Employee

Good to know you have solved your sso problem:)

You mean, to solve your issue, need to run one script, right? could you please share what kind of script for that?

 

0 Kudos
padulka
Hot Shot
Hot Shot

@chenyu_vmware I explain my environment:

I have an Ubuntu client joined with active directory throughout SSSD and realm configuration, I have created a dedicated full clone pool with a customization spec that only rename the hostname about vm label.

When the VMs are created they remain joined but the computer doesn't created, in this situation passthrough access doesn't work.

After customization spec has renamed the VM I need to execute a bash script with following command:

Realm leave

Ream join

Systemctl restart SSSD

I have tried crontab, rc.local, view agent.conf, but nothing works.

Regards

0 Kudos
padulka
Hot Shot
Hot Shot

I have to change authentication method from SSSD to Winbind

View solution in original post

0 Kudos