Non-domain-joined Linux VDAs
Overview
Non-domain-joined VDAs obliterate the need to join VDAs to Active Directory domains for VDA and user authentication. When creating a non-domain-joined VDA, you generate a public-private key pair for registering the VDA to the cloud control plane. Thus, joining an Active Directory domain is no longer required. When a user launches a session from the non-domain-joined VDA, the VDA creates a local mapping account using the user name that the user uses to log on to Citrix Workspace app. The VDA assigns a random password that the local mapping account uses for SSO and session reconnection. If you change the random password, SSO and session reconnection fail. To disable SSO, see Non-SSO authentication.
Important:
- Non-domain-joined VDAs are supported for Citrix DaaS.
- Your control plane must be deployed over Citrix DaaS.
- You can deploy non-domain-joined VDAs in a public cloud or on-premises data center. The control plane in Citrix DaaS manages non-domain-joined VDAs.
- To create non-domain-joined VDAs, you must enable Rendezvous V2. Cloud Connectors are required only if you plan to provision machines on on-premises hypervisors or if you want to use Active Directory as the identity provider in Workspace.
- To create non-domain joined VDAs, you can use both Machine Creation Services (MCS) and easy install. For more information, see Create non-domain-joined Linux VDAs using MCS and Create a non-domain-joined Linux VDA using easy install.
- MCS doesn’t support bare metal servers.
Features available for non-domain-joined Linux VDAs
Create local users with specified attributes on non-domain-joined VDAs
When you open a session hosted on a non-domain-joined VDA, the VDA automatically creates a local user with default attributes. The VDA creates the local user based on the user name that you used to log on to Citrix Workspace™ app. You can also specify user attributes including the user’s User Identifier (UID), Group ID (GID), home directory, and log-in shell. To use this feature, complete the following steps:
-
Run the following command to enable the feature:
/opt/Citrix/VDA/bin/ctxreg create -k "HKLM\Software\Citrix\VirtualDesktopAgent\LocalMappedAccount" -t "REG_DWORD" -v "CreateWithUidGid" -d "0x00000001" --force <!--NeedCopy--> -
Specify the following attributes in the
/var/xdl/getuidgid.shscript under the installation path of the VDA:Attribute Required or optional Description uidRequired A User Identifier (UID) is a number assigned by Linux to each user on the system. It determines which system resources that the user can access. gidRequired A Group Identifier (GID) is a number used to represent a specific group. homedirOptional The Linux home directory is a directory for a particular user. shellOptional A login shell is a shell given to a user upon the login to their user account. The following is an example of the
getuidgid.shscript:Note:
Make sure that the attributes specified in the script are valid.
#!/bin/bash ############################################################################### # # Citrix Virtual Apps™ & Desktops For Linux Script: Get uid and gid for the user # # Copyright (c) Citrix Systems, Inc. All Rights Reserved. # export LC_ALL="en_US.UTF-8" function get_uid_gid_for_user() { echo "uid:12345" echo "gid:1003" echo "homedir:/home/$1" echo "shell:/bin/sh" } get_uid_gid_for_user $1 <!--NeedCopy-->
Non-SSO authentication
By default, the Linux VDA has single sign-on (SSO) enabled. Users log on to Citrix Workspace app and to VDA sessions using one set of credentials. To have users log on to VDA sessions using a different set of credentials, disable SSO on the Linux VDA. For more information, see Non-SSO authentication.
Authentication with Azure Active Directory
The non-domain-joined VDAs that you deploy in Azure integrate with the AAD identity service to provide user authentication. For more information, see Authentication with Azure Active Directory.
Rendezvous V2
Non-domain-joined VDAs are supported for using Rendezvous V2 to bypass Citrix Cloud Connectors. For more information, see Rendezvous V2.