Configurations and Environment Preparation
Authentication Configuration of Linux SHD/DVM Servers
Once all the required packages are installed, the next step is to configure Linux VDI for authentication. Three types of authentications are: Microsoft Active Directory, LDAP and Workgroup.
Join AD Domain
Active directory domain can be joined using:
- Accops Custom Script (Recommended Process)
- Using DomainJoin - CLI (Command Lines)
Accops Custom Script (Recommended Process)
Follow the below given steps to join the Linux SHD/DVM to AD:
-
Open Terminal on Ubuntu VM and execute the following command to join the machine to the specified AD.
sudo /usr/bin/edcdvm/scripts/active_directory_join.py <JSON-INPUT>
JSON-INPUT:
"{ "\"JoinDomainType"\":1, "\"ComputerName"\":"\"<ComputerName>"\", "\"DomainName"\":"\"<DomainName>"\", "\"DomainUserNme"\":"\"<DomainUserName>"\", "\"DomainUserPassword"\":"\"<DomainUserPassword>"\", "\"PreferredDns"\":"\"<PreferredDNS>"\", "\"AlternateDns"\":"\"<AlternateDNS>"\" }"-
In the above command, replace the following parameters with appropriate values:
-
<ComputerName>: This name will be assigned to the machine.
-
<DomainName>: Domain name of your organization. Machine will be joined to this domain.
-
<DomainUserName>: User having rights to add/update objects in Active directory for joining the machine to domain.
-
<DomainUserPassword>: Password of the domain user
-
<PreferredDNS>: IP address of preferred DNS server
-
<AlternateDNS>: IP address of alternate DNS server
-
-
-
If the machine has joined domain successfully, success message will be displayed in command output. Alternatively use the below given command to verify:
> sudo domainjoin-cli query The output of this command will display the new machine name and domain information.
Join AD using DomainJoin using Command line
Prerequisites:
-
Offline package and DVM Tools are installed.
-
Appropriate DNS entries are added into VM network configuration settings
Change Hostname: It is important to have a unique hostname of Linux SHD/DVM (specially if you're trying to join VM to AD), as having the same hostname in network may drop the connection. To change hostname of Linux SHD, follow the below steps:
-
Open Terminal on Ubuntu VM and execute the following command:
sudo domainjoin-cli setname \<new hostname>
-
Reboot the machine
Join Domain:
-
Make sure date/time is correctly synced with active directory machine
-
Open Terminal on Ubuntu VM and execute the following command:
sudo domainjoin-cli join 'domain_name' 'domain_user' 'domain_password'
-
If the machine has joined domain successfully, success message will be displayed.
-
Reboot the machine
Configure to Authenticate with LDAP
Follow the below given steps to join the Linux SHD/VM to LDAP:
-
Open Terminal and go to the directory where offline package is extracted (e.g. cd /home/\<Username>)
-
Find LDAP configuration template file at \<offline package root>/ templates/ldap_templates
cd \<offline package path>/templates/ldap_templates
-
Make the following changes in ldap.conf and sssd.conf,:
-
Ldap.conf changes:
-
Change BASE with the Base DN details of your organization
-
Change URI with address of LDAP server in format ldaps://
-
-
sssd.conf changes:
-
ldap_uri in format ldaps://\<LDAP server IP address>
-
ldap_search_base: base DN of LDAP server; e.g. dc=example,dc=mylabs,dc=com
-
ldap_user_search_base = OU or container in which the specific user should be searched e.g. ou=IT,ou=Pune,ou=india,dc=example,dc=mylabs,dc=com
-
ldap_group_search_base = OU or container in which the specific group should be searched e.g. ou=IT,ou=Pune,ou=india,dc=example,dc=mylabs,dc=com
-
-
-
Save the config files
-
Run the script from same folder
./script+readme.sh
-
Machine will reboot automatically if the machine has joined domain successfully.
Note
In Centos7-Everything-1708/1804 to run script+readme.sh it requires "openldap-clients" package which needs to be installed manually otherwise it will throw an error as "ldapsearch command not found"
Deployment in Workgroup Environment
No specific configurations are needed.