Configurations and Environment Preparation

Authentication Configuration of Linux SHD/DVM Servers

Once all the required packages are installed, the next step is to configure Linux VDI for authentication. Three types of authentications are supported: Microsoft Active Directory, LDAP and Workgroup.

Join AD Domain

Active directory domain can be joined using:

1. Accops Custom Script (Recommended Process)
2. Accops GUI Script
3. Using DomainJoin - CLI (Command Lines)

Important

• The assistive packages must be installed for active directory environment. If not the environment switch scripts should be used to set the machine for AD environment.

Accops Custom Script (Recommended Process)

Follow the below given steps to join the Linux SHD/DVM to AD:

1. Open Terminal on Ubuntu VM and execute the following command to join the machine to the specified AD.

   sudo /usr/bin/edcdvm/scripts/active_directory_join.py <JSON-INPUT>

   JSON-INPUT:

       "{
   
               "\"JoinDomainType"\":1,
   
               "\"ComputerName"\":"\"<ComputerName>"\",
   
               "\"DomainName"\":"\"<DomainName>"\",
   
               "\"DomainUserNme"\":"\"<DomainUserName>"\",
   
               "\"DomainUserPassword"\":"\"<DomainUserPassword>"\",
   
               "\"PreferredDns"\":"\"<PreferredDNS>"\",
   
               "\"AlternateDns"\":"\"<AlternateDNS>"\"
   
       }"
   

   1. In the above command, replace the following parameters with the required values:

      1. <ComputerName>: Name to be assigned to the machine.

      2. <DomainName>: Domain name of your organization. Machine will be joined to this domain.

      3. <DomainUserName>: User having rights to add/update objects in Active directory for joining the machine to domain.

      4. <DomainUserPassword>: Password of the domain user

      5. <PreferredDNS>: IP address of preferred DNS server

      6. <AlternateDNS>: IP address of alternate DNS server

2. If the machine has joined domain successfully, success message will be displayed in command output. Alternatively use the below given command to verify:

   > sudo domainjoin-cli query
   

   The output of this command will display the new machine name and domain information.

Joining Machine to Domain using GUI Script

1. Open Terminal and go to directory

   >   cd /usr/bin/edcdvm/scripts
   

2. Run command

   >   sudo ./active_directory_join_GUI.py
   

3. Provide root password if prompted

4. Domain join window will be displayed

   

5. Provide the details and click on OK button to proceed.

   • Computer Name: New hostname for the machine e.g., itubuntu-001

   • Preferred DNS: Primary DNS server address

   • Alternate DNS: Secondary DNS server address

   • Domain Admin Username: Username of AD user having appropriate rights on AD to join machine to domain

   • Domain Admin Password: Password of AD user provided above

   • Domain Name: Domain name to which this machine to be joined e.g., example.local

6. Machine will be joined to the domain. Reboot the machine once it is configured correctly to domain.

Join AD using DomainJoin using Command line

Prerequisites:

1. Offline package and DVM Tools are installed

2. Appropriate DNS entries are added into VM network configuration settings

Change Hostname: It is important to have a unique hostname of Linux SHD/DVM (specially if you're trying to join VM to AD), as having the same hostname in network may drop the connection. To change hostname of Linux SHD, follow the below steps:

1. Open Terminal on Ubuntu VM and execute the following command:

   sudo domainjoin-cli setname \<new hostname>

2. Reboot the machine

Join Domain:

1. Make sure date/time is correctly synced with active directory machine

2. Open Terminal on Ubuntu VM and execute the following command:

   sudo domainjoin-cli join 'domain_name' 'domain_user' 'domain_password'

3. If the machine has joined domain successfully, success message will be displayed.

4. Reboot the machine

Configure to Authenticate with LDAP

Important

• The assistive packages must be installed for LDAP environment. If not the environment switch scripts should be used to set the machine for LDAP environment.

Follow the steps given below to join the Linux SHD/VM to LDAP:

1. Open Terminal and go to the directory where offline package is extracted

   cd /home/\<Username>)

2. Find LDAP configuration template file at \<assistive package root>/ templates/ldap_templates

   cd \<assistive package path>/templates/ldap_templates

3. Make the following changes in ldap.conf and sssd.conf,:

   1. Ldap.conf changes:

      1. Change BASE with the Base DN details of your organization

      2. Change URI with address of LDAP server in format ldaps://\<LDAP Server IP>

      

   2. sssd.conf changes:

      1. ldap_uri in format ldaps://\<LDAP server IP address>

      2. ldap_search_base: base DN of LDAP server; e.g. dc=example,dc=mylabs,dc=com

      3. ldap_user_search_base = OU or container in which the specific user should be searched e.g. ou=IT,ou=Pune,ou=india,dc=example,dc=mylabs,dc=com

      4. ldap_group_search_base = OU or container in which the specific group should be searched e.g. ou=IT,ou=Pune,ou=india,dc=example,dc=mylabs,dc=com

      

4. Save the config files

5. Run the script from same folder

   ./script+readme.sh

6. After the script execution is completed successfully, reboot the machine. The machine is not ready for user authentication and access with configured LDAP server.

Note

In Centos7-Everything-1708/1804 to run script+readme.sh it requires "openldap-clients" package which needs to be installed manually otherwise it will throw an error as "ldapsearch command not found".

Deployment in Workgroup Environment

Make sure to install dependency packages for workgroup or use switch scripts later for configuring machine for specific environments.

Switch the Deployment Mode of Machine

Use the script mentioned below to change the deployment from AD to LDAP:

1. Go to location where DVM Tools Assistive Online Package is extracted
2. Now go to extracted folder and locate script and run following command

sudo ./switch_ldap_AD_workgroup.sh [Option], where [Option] is target environment.

Examples:

• To remove previous configurations and make it ready for LDAP environment

  >   sudo  ./switch_ldap_AD_workgroup.sh LDAP =>
  

• To remove previous configurations and make it ready for AD environment

  >   sudo  ./switch_ldap_AD_workgroup.sh AD
  

• To remove previous configurations and make it ready for Workgroup environment

  >   sudo  ./switch_ldap_AD_workgroup.sh WG
  

This will remove all the previous configuration and admin need to add new configuration as per the requirement.

RHEL Subscription Configurations

Accops HyWorks does not update the subscription details of RHEL machine being prepared by installing packages or using dynamic provisioning and thus all such VMs prepared have to update the subscription details.

Follow the steps given below to update subscription details:

1. Open terminal and use below commands:

   >   sudo subscription-manager clean
   >   sudo subscription-manager register --username <Username> --password <password>
   >   sudo subscription-manager attach --auto
   >   sudo yum update