VMware
11 Replies Last post: Jan 14, 2009 7:29 AM by kjb007  

AD Authentication and the pam_krb5 posted: Dec 12, 2007 3:26 PM

Click to view sbeaver's profile Guru
sbeaver
7,719 posts since
Nov 1, 2004
OK I am working on my build for 3.5 and I have AD Authentication setup and can connect via SSH with AD Authenttication but as soon as I try to as AD Authentication to connect the VI client straight to an ESX server the connection times out with this...

VMware Infrastructure Client couls not establish a connection with server "servername"

Details: The server took too long to respond

I also get a defunct process shortly after I try to connect
root 17786 15635 0 18:13 ? 00:00:00 pam_krb5_storet <defunct>

This also happens when trying to connect via the web console


Anyone seen this or have a clue?

Steve Beaver
VMware Communities User Moderator

**Virtualization is a journey, not a project.**

Re: AD Authentication and the pam_krb5

1. Dec 13, 2007 7:22 AM in response to: sbeaver
Click to view sbeaver's profile Guru
sbeaver
7,719 posts since
Nov 1, 2004

::bump::

Bueller... Bueller...

Steve Beaver
VMware Communities User Moderator

**Virtualization is a journey, not a project.**

Re: AD Authentication and the pam_krb5

2. May 21, 2008 10:50 AM in response to: sbeaver
Click to view tasonis's profile Novice
tasonis
15 posts since
Sep 24, 2007

Hey Steve,

I'm actually experiencing the same problem after upgrading VC and ESX to 2.5/3.5 Update one. After connecting a virtual nic to one of my guests, the reconfigure virtual machine task just stayed "in progress" for hours and I lost access to the console. I can only access the ESX host vis SSH at this point so I'm thinking whichever process that reconfigures guests and provides the connection to the VIC is in question. Have you had any luck on this or did you just do a restart of the host? Will let you know if I make any progress.


Re: AD Authentication and the pam_krb5

3. May 21, 2008 10:58 AM in response to: tasonis
Click to view sbeaver's profile Guru
sbeaver
7,719 posts since
Nov 1, 2004
I ended up doing a kill -9 on the defunct process

Steve Beaver
VMware Communities User Moderator
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
Coming soon to a store near you!
**Virtualization is a journey, not a project.**

Re: AD Authentication and the pam_krb5

4. May 21, 2008 11:07 AM in response to: sbeaver
Click to view tasonis's profile Novice
tasonis
15 posts since
Sep 24, 2007
I've killed the offending guests, but I'm thinking I'll need to run a 'service vmware-vpxa restart' to restart my Virtual Center agent and possibly the hostd as well to bring it back to life. That should hurt any running vm's, right?

Thanks,
Tyson

Re: AD Authentication and the pam_krb5

5. May 21, 2008 11:27 AM in response to: tasonis
Click to view sbeaver's profile Guru
sbeaver
7,719 posts since
Nov 1, 2004
As long as you do NOT have autostart and autostop configured you will be fine running that command

Re: AD Authentication and the pam_krb5

6. May 21, 2008 11:45 AM in response to: sbeaver
Click to view tasonis's profile Novice
tasonis
15 posts since
Sep 24, 2007
Roger that. I do have it enabled. Will wait until tonight to reboot then. Thanks for the help!

Re: AD Authentication and the pam_krb5

7. Jan 12, 2009 7:49 AM in response to: sbeaver
Click to view juchestyle's profile Master
juchestyle
1,357 posts since
Jun 20, 2005

Um, yeah, I am having the same issue! Steve! :)

Matthew

Kaizen!

Re: AD Authentication and the pam_krb5

8. Jan 13, 2009 5:44 AM in response to: juchestyle
Click to view Texiwill's profile Guru
Texiwill
10,205 posts since
Jan 13, 2004
Hello,

What method did you use to configure AD integration? The 'full' method or the LDAP-S method you defined? You may need to upgrade your pam_krb5 to the latest as well.


Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll
Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links

Re: AD Authentication and the pam_krb5

9. Jan 13, 2009 9:08 AM in response to: sbeaver
Click to view atbnet's profile Expert
atbnet
287 posts since
May 26, 2008

I use esxcfg-auth for AD authentication on ESX servers.

Here is a how to...

http://www.vmadmin.co.uk/index.php/resources/35-esxserver/55-esxadauth


Andy, VMware Certified Professional (VCP), http://www.vmadmin.co.uk/

If you found this information useful please award points using the buttons at the top of the page accordingly.

Re: AD Authentication and the pam_krb5

10. Jan 13, 2009 9:16 AM in response to: atbnet
Click to view Texiwill's profile Guru
Texiwill
10,205 posts since
Jan 13, 2004
Hello,

Actually the question was more of which Single Sign On method was used.... I.e. Full Integration or Steve's LDAP-S method.

Either way pam_krb5 is fairly out of date on ESX so may need to be updated but VMware does not have a later version so that could also be an issue.


Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll
Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links

Re: AD Authentication and the pam_krb5

11. Jan 14, 2009 7:29 AM in response to: sbeaver
Click to view kjb007's profile Guru
kjb007
5,476 posts since
Sep 18, 2006

What are you getting in your messages log?

I just connected through both WebAccess and ViClient with ad creds without failure. I'm at U3 on ESX. I use the simple authentication only method with esxcfg-auth and manual edit of authorizaton.xml.

-KjB

Actions

VMware Developer

SDKs, APIs, Videos, Learn and much more in the Developer community.

Learn More

Developer Sample Code

Increase your developer productivity with VMware API sample code.

Learn More

VMworld Sessions & Labs

Online access to the latest VMworld Sessions & Labs and online services.

Learn more

Purchase PSO Credits Online

Purchase credits to redeem training and consulting services online.

Buy Now

Community Hardware Software

View reported configurations or report your own.

Learn More

VMware vSphere

Come witness the next giant leap in virtualization.

Register Today

Communities