Jump to content
Welcome to our new Citrix community!
  • 0

MCS, SSSD and LDAPS


Question

Im hoping that someone can help me out. The documentation isnt very good and I found very little online in general (I assume since using MCS is fairly new). Anyways, Im trying to figure out the correct order of things, and how to get ldaps working. I should also mention that while I have been doing xenapp/desktop for 15 years, its always been with windows. I am definitely a windows admin and know not a whole ton about linux.

 

There are a few issues, but Im not sure which is what I should tackle first (I assume some may clear up after others are sorted).

 

Env: 
CentOS 7.7
Citrix 1912 LTSR

 

So first of all, what is the correct order of things?
Should I be running ctxinstall.sh before I run deploymcs.sh or not? (Ive seen conflicting guides online and in the documentation) If not, I assume I just set all the correct things in mcs.conf.

How do I get the CA certs into everything? Should I run ctxfascfg.sh or enable_ldap.sh? I assume I would run those before I snapshot.

I also assume that MCS takes care of joining the machines to the domain correct? (this isnt working, but I assume it will eventually after getting other things sorted)

 

Even if I manually run ctxsetup.sh and manually join the domain, etc (I try doing a bunch of things and I eventually get it working). I can su to a AD user, but I still cant actually log into the machine as that user. I assume I have to set AD as an auth method, but how can I do that?


I know there are a lot of questions, but any help would be appreciated. Thank you!

Link to comment

1 answer to this question

Recommended Posts

  • 0

Hi

Please follow these steps https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/installation-overview/use-mcs-to-create-linux-vms.html#supported-distributions

You need to run ctxinstall.sh on the template machine first, and deploy MCS machines by running deploymcs.sh after the template prepared.

For configuring CA certs, you need to prepare certs and use enable_ldap.sh to install the certs on the template machine. Moreover, you also need to copy ldaps relevant registries into /etc/xdl/mcs/mcs_local_setting.reg. deploymcs.sh will recover registries in this file. You can find these registries in https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/configuration/configure-ldaps.html

HKLM\Software\Citrix\VirtualDesktopAgent\ListOfLDAPServers 
HKLM\Software\Citrix\VirtualDesktopAgent\ListOfLDAPServersForPolicy 
HKLM\Software\Citrix\VirtualDesktopAgent\UseLDAPS 
HKLM\Software\Policies\Citrix\VirtualDesktopAgent\Keystore

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...