Linux Virtual Desktop 1.0 supports both single and multiple Active Directory domain environments, but is limited to a single forest. We have sorted this. The new Linux Virtual Desktop Version 1.1 now supports most complex cross-domain and cross-forest topologies and is very close parity with the Windows VDA function.
user on the Linux VDAS registration via storefront can now reside in any trusted domain or forest. Transitive trusts, one-way trust relationships, selective authentication and all domain functional level of Windows Server 00 Native or higher (with the exception of Windows Server 03 Interim) are now fully supported.
Linux VDAS communication with Delivery Controller on forest boundaries is also now supported. It only difference between the Linux and Windows VDA is that the Linux VDA these relationships Forest Trust requires to be two-way. Support for one-way trusts to the Windows VDA is to "fall back" Kerberos to NTLM authentication, which is less than ideal from a security standpoint. We decided to implement not NTLM-enabled services in Linux VDA. Note that this only applies to VDA communication with controller; VDA domain has only a one-way outgoing trust with the user domain.
The good news for Linux virtual desktop client, which is to migrate their single domain / forest PoC environment into a complex cross-forest production environment that the process is fairly straightforward. If the forest or external trusts exist, DNS is properly configured, and the underlying Linux Active Directory integration works as it should, then the Linux VDA should just work. No special configuration is required VDA.
It is also worth noting that if you are struggling with Winbind or have concerns about how well these stand up in the production process to the commercial alternatives want to consider. Centrify Direct Control (including its free Express Edition) and Products Services Quest Authentication Dell are two leading enterprise-class alternatives that are worth a review. We recently support for Centrify in Linux Virtual Desktop 1.1.
To read more of the Linux Virtual Desktop Team, you should check all of our posts here.
0 Komentar