Re: AD permissions to ESXi, once logged in can't e...

kwg66 · ‎03-21-2017

I spent a good deal of time integrated our hosts with AD.

Set up the ESX admins group in AD, added the people who deserve the rights etc..

Now, as a member of the ESX Admins group, when I log into ESXi via SSH why is it that I can't execute anything, keep getting errors pertaining to executing the commands I want to run, including ping... there HAS to be something wrong..

The host config tab shows I am connecting to AD, the trusted domain controllers appear in the interface, not the dashes you see when your connection is broke..

Why did I set all this up only to have to su to root to execute anything? Can't even execute ping without su to root first..

Is this by design? if yes, what good is it if you have to su to root? that means for everyone you provide AD account access to ESXi you'll have to share the root pw for them to do anything.. doesn't this defeat the purpose?

Or perhaps there is something wrong with my set up... I can log in with AD account, but can't really do anything without su to root..

kwg66 · ‎03-22-2017

Waiting for someone to confirm that this need to "su to root after logging in" with account that is located within the AD ESX Admins group is by design...

I had read in many posts that you should have root \ admin permissions on the host. Yet, as mentioned, logging in with this account doesn't seem to allow you to do anything without su first..

All

AD permissions to ESXi, once logged in can't execute anything without su to root