Configurations and Environment Preparation

Authentication Configuration of Linux SHD/DVM Servers

Once all the required packages are installed, the next step is configuring Linux VDI for authentication. Three types of authentications are supported:

1. Microsoft Active Directory
2. LDAP
3. Workgroup.

Join AD Domain

Active directory domain can be joined using:

1. Accops Custom Script (Recommended Process)
2. Accops GUI Script
3. Using DomainJoin - CLI (Command Lines)

Important

Ensure that the assistive packages are installed for the active directory environment. If they are not, use environment switch scripts to set the machine for the AD environment.

Accops Custom Script (Recommended Process)

Follow the below-given steps to join the Linux SHD/DVM to AD:

1. Open Terminal on Ubuntu VM and execute the following command to join the machine to the specified AD.

   sudo /usr/bin/edcdvm/scripts/active_directory_join.py <JSON-INPUT>

   JSON-INPUT:

       "{
   
               "\"JoinDomainType"\":1,
   
               "\"ComputerName"\":"\"<ComputerName>"\",
   
               "\"DomainName"\":"\"<DomainName>"\",
   
               "\"DomainUserNme"\":"\"<DomainUserName>"\",
   
               "\"DomainUserPassword"\":"\"<DomainUserPassword>"\",
   
               "\"PreferredDns"\":"\"<PreferredDNS>"\",
   
               "\"AlternateDns"\":"\"<AlternateDNS>"\"
   
       }"
   

   1. In the above command, replace the following parameters with the required values:

      1. <ComputerName>: Name to be assigned to the machine.

      2. <DomainName>: Domain name of your organization. The machine will be joined to this domain.

      3. <DomainUserName>: The user can add/update objects in the Active directory for joining the machine to the domain.

   2. <DomainUserPassword>: Password of the domain user

   3. <PreferredDNS>: IP address of preferred DNS server

   4. <AlternateDNS>: IP address of alternate DNS server

2. The command output will display a success message if the machine successfully joins the domain. Alternatively, use the below-given command to verify:

   > sudo domainjoin-cli query
   

   The output of this command will display the new machine name and domain information.

Joining Machine to Domain using GUI Script

1. Open Terminal and go to directory.

   >   cd /usr/bin/edcdvm/scripts
   

2. Run command.

   >   sudo ./active_directory_join_GUI.py
   

3. Provide root password if prompted.

4. Domain join window will be displayed.

   

5. Provide the details and click on the OK button to proceed.

   • Computer Name: New hostname for the machine e.g., itubuntu-001

   • Preferred DNS: Primary DNS server address.

   • Alternate DNS: Secondary DNS server address.

   • Domain Admin Username: The Username of the AD user having appropriate rights on AD to join the machine to the domain.

   • Domain Admin Password: The AD user’s password is provided above.

   • Domain Name: Domain name to which this machine will be joined, e.g., example.local.

6. The machine will be joined to the domain. Once it is configured correctly for the domain, reboot the machine.

Join AD using DomainJoin using the Command line

Prerequisites:

1. Offline package and DVM Tools are installed.

2. Appropriate DNS entries are added to the VM network configuration settings

Change Hostname: It is essential to have a unique hostname of Linux SHD/DVM (especially if you're trying to join VM to AD), as having the same hostname in the network may drop the connection. To change the hostname of Linux SHD, follow the below steps:

1. Open Terminal on Ubuntu VM and execute the following command:

   sudo domainjoin-cli setname \<new hostname>

2. Reboot the machine

Join Domain:

1. Make sure the date/time is correctly synced with the active directory machine.

2. Open Terminal on Ubuntu VM and execute the following command:

   sudo domainjoin-cli join 'domain_name' 'domain_user' 'domain_password'

3. A success message will be displayed if the machine successfully joins the domain.

4. Reboot the machine.

Configure to Authenticate with LDAP

Important

The assistive packages must be installed for the LDAP environment. If not the environment switch scripts should be used to set the machine for the LDAP environment.

Follow the steps given below to join the Linux SHD/VM to LDAP:

1. Open the Terminal and go to the directory where the offline package is extracted.

   cd /home/\<Username>)

2. Find the LDAP configuration template file at:

   cd \<assistive package path>/templates/ldap_templates

3. Make the following changes in ldap.conf and sssd.conf,:

   1. Ldap.conf changes:

      1. Change BASE with the Base DN details of your organization.

      2. Change the URI with the address of the LDAP server in the format. ldaps://\<LDAP Server IP>

      

   2. sssd.conf changes:

      1. ldap_uri in format ldaps://\<LDAP server IP address>

      2. ldap_search_base: base DN of LDAP server; e.g. dc=example,dc=mylabs,dc=com

      3. ldap_user_search_base = OU or container in which the specific user should be searched, e.g. ou=IT,ou=Pune,ou=india,dc=example,dc=mylabs,dc=com

      4. ldap_group_search_base = OU or container in which the specific group should be searched, e.g. ou=IT,ou=Pune,ou=india,dc=example,dc=mylabs,dc=com

   

4. Save the config files.

5. Run the script from the same folder.

   ./script+readme.sh

6. After the script execution is completed successfully, reboot the machine. The machine is not ready for user authentication and access with configured LDAP server.

Note

In Centos7-Everything-1708/1804 to run script+readme.sh it requires "openldap-clients" package, which needs to be installed manually; otherwise, it will throw an error as "ldapsearch command not found."

Deployment in Workgroup Environment

Install dependency packages for workgroups or use switch scripts later to configure machines for specific environments.

Switch the Deployment Mode of Machine

Use the script mentioned below to change the deployment from AD to LDAP:

1. Go to the location where the DVM Tools Assistive Online Package is extracted.
2. Go to the extracted folder, locate the script, and run the following command.

sudo ./switch_ldap_AD_workgroup.sh [Option], where [Option] is the target environment.

Examples:

• To remove previous configurations and make them ready for the LDAP environment

  ​ sudo ./switch_ldap_AD_workgroup.sh LDAP =>

• To remove previous configurations and make them ready for the AD environment

  sudo ./switch_ldap_AD_workgroup.sh AD

• To remove previous configurations and make them ready for the Workgroup environment

  sudo ./switch_ldap_AD_workgroup.sh WG

This will remove all the previous configurations, and the admin needs to add a new configuration per the requirement.

RHEL Subscription Configurations

Accops HyWorks does not update the subscription details of RHEL machines being prepared by installing packages or using dynamic provisioning; thus, all such VMs prepared must update the subscription details.

Follow the steps below to update the subscription details. Open the terminal and use the below commands:

sudo subscription-manager clean sudo subscription-manager register --username --password sudo subscription-manager attach --auto sudo yum update