We are using the 2-Factor Authentication from Google in Horizon View all for our external Horizon users. Therefore we have setup a CentOS VM with the Google Authenticator package installed. The Guide for this can be found here: https://blogs.vmware.com/consulting/files/2015/02/VMW_15Q1_TD_Horizon-View-Google-Authenticator_021715_FINAL_EMonjoin.pdf
Because Sysadmins are a bit lazy and we also do not want to generate every QR-code by hand for all our Users, we have come up with this fully automated Linux script.
A cronjob runs this script every 5 minutes. If a new user and HomeDir is created, the script automaticly creates the QR-code for this user and places a textfile with the URL for the QR-code in the Users Homedir. It works like a charm and saves us a lot of time.
Feel free to use this script in your own environment, but please leave the header info as it is
#!/bin/bash # This script is created by John at RTV-Noord. You may use and distribute # it as long as you keep this header as it is. # # THE USAGE OF THIS SCRIPT IS AT YOUR OWN RISK! # # There are some prerequisites to make this script work: # - machine you run it from is a Active Directory Domain member # - the share with AD homedirs is mounted on /mnt/home # - the google-authenticator package is installed # - replace domainname.com with your AD domainname ls /mnt/home > all_users MAKEQR=$(comm -3 all_users users_with_qr | wc -l) if [ $MAKEQR -gt 0 ]; then echo "Found users without QR." comm -3 all_users users_with_qr > users_without_qr for user in $(cat users_without_qr); do echo " $(date) make qr for $user..." su -l "$email@example.com" -c "google-authenticator -tdf -r 3 -R 30 -w 17 -Q UTF8 | grep http > google-authenticator.txt" mv /firstname.lastname@example.org/google-authenticator.txt /mnt/home/$user/ done cat all_users > users_with_qr rm users_without_qr echo echo "$MAKEQR QR-code has been created" fi