RobMcLean
Contributor
Contributor

Active Directory as a Identity source

vCenter 6.7 U3

I have been trying to Add AD as an identity source, for some time now.

When I try to do it via the cli (sso-config.sh) I get ERROR [com.vmware.identity.interop.ldap.OpenLdapClientLibrary] ldap_bind_s : Invalid credentials (49).  This is roughly the same error I was getting when I tried to do an ldapsearch from my Ubuntu boxes.

After speaking to our Directory Services team, I discovered that our DCs only allow Kerberos authentication.  

So on my Ubuntu systems I loaded the Kerberos packages and configure the krb5.conf file, then I could do a kinit and pull a Kerberos ticket, and query AD.

I see vCenter has a krb5.conf file as well, which is blank.  I'm wondering if I populate the krb5.conf file with the same info I used for the Ubuntu systems if it would work?  What would be the net effect of editing this file on a production vCenter server?

If at all possible, I want to avoid joining the vCenter to the domain.  Is there still a way to use AD as an identity source?

 

0 Kudos
3 Replies
scott28tt
VMware Employee
VMware Employee

vSphere has a dedicated area within the forums, since this has nothing to do with any SDK it doesn't belong in the {code} areas, I've reported your thread, a moderator should move it.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
RobMcLean
Contributor
Contributor

My apologies, I looked around, but did not see that section.  Please move this to the appropriate section.

Rob.

0 Kudos
scott28tt
VMware Employee
VMware Employee

If you look above your initial post you'll see it's now been moved to the ESXi area.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos