vCenter 6.7 U3
I have been trying to Add AD as an identity source, for some time now.
When I try to do it via the cli (sso-config.sh) I get ERROR [com.vmware.identity.interop.ldap.OpenLdapClientLibrary] ldap_bind_s : Invalid credentials (49). This is roughly the same error I was getting when I tried to do an ldapsearch from my Ubuntu boxes.
After speaking to our Directory Services team, I discovered that our DCs only allow Kerberos authentication.
So on my Ubuntu systems I loaded the Kerberos packages and configure the krb5.conf file, then I could do a kinit and pull a Kerberos ticket, and query AD.
I see vCenter has a krb5.conf file as well, which is blank. I'm wondering if I populate the krb5.conf file with the same info I used for the Ubuntu systems if it would work? What would be the net effect of editing this file on a production vCenter server?
If at all possible, I want to avoid joining the vCenter to the domain. Is there still a way to use AD as an identity source?
vSphere has a dedicated area within the forums, since this has nothing to do with any SDK it doesn't belong in the {code} areas, I've reported your thread, a moderator should move it.
My apologies, I looked around, but did not see that section. Please move this to the appropriate section.
Rob.
If you look above your initial post you'll see it's now been moved to the ESXi area.