Linux Virtual Desktop 1.0 supports both single and multiple Active Directory domain environments, but is limited to a single forest. We have sorted this out. The new Linux Virtual Desktop 1.1 release now supports most complex cross-domain and cross-forest topologies, and is very close to feature parity with the Windows VDA.
Users logging onto the Linux VDAs via StoreFront can now reside in any trusted domain or forest. Transitive trusts, one-way trust relationships, selective authentication, and all domain functionality level from Windows Server 2000 Native and above (excluding Windows Server 2003 Interim) are now fully supported.
Linux VDAs communicating with Delivery Controllers across forest boundaries is also now supported. There only difference between the Linux and Windows VDA is that the Linux VDA requires these forest trust relationships to be two-way. Support for one-way trusts on the Windows VDA relies on “falling back” from Kerberos to NTLM authentication, which is less than ideal from a security standpoint. We chose not to implement NTLM-enabled services in the Linux VDA. Note that this only affects VDA to Controller communication; the VDA domain need only a one-way outgoing trust with the user domain.
The good news for Linux Virtual Desktop customers looking to migrate their single domain/forest PoC environment to a complex cross-forest production environment is that the process is fairly straightforward. If the forest or external trusts are in place, DNS is properly configured, and the underlying Linux Active Directory integration is working as it should, then the Linux VDA should just work. No special VDA configuration required.
It is also worth mentioning that if you are struggling with Winbind or have concerns how well this will stand up in production, you may want to consider the commercial alternatives. Centrify’s DirectControl (including their free Express edition) and Dell’s Quest Authentication Service products are two leading enterprise-grade alternatives that are well worth an evaluation. We recently added support for Centrify in Linux Virtual Desktop 1.1.
To read more from the Linux Virtual Desktop Team, be sure to check out all of our posts here.