Hi -
I have used my kickstart script to build multiple ESX 4 hosts. Worked wonderfully. However last night I used the same ks.cfg to build another ESX 4 host and ran into security issue when trying to login using PUTTY. Just to clarify I'm logging in with my own account and not as "root" using AD authentication.
I've validated that my account does exist on the host as well as other peers created from kickstart script. No one is able to login getting "Access Denied".
Did I overlook something simple and just not thinking properly today?
Thanks!
Hi,
Ensure that all the requirements mentioned in KB http://kb.vmware.com/kb/1021970 are met. If this KB does not resolve the issue it would be interesting to see the output of /usr/bin/esxcfg-authconfig -a
I hope this information helps
If you found this or other information useful, please consider awarding points for "Correct" or "Helpful".
It was helpful and I have validated the kb article. See sample of kickstart script below. Hope this helps.
Can't get results output from /usr/bin/esxcfg-authconfg -a until able to log into host.
Install or Upgrade
install cdrom
can test the script with the following
#dryrun
#Network install type
network --bootproto=static --ip=XXXXXXXX --gateway=XXXXXXX --netmask=XXXXXXXXX --hostname=hostname.xxx.xxx --nameserver=DNS server ,DNS server --device=vmnic0 --addvmportgroup=0
root Password
rootpw --iscrypted XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Authconfig
authconfig --enableshadow --enablemd5
Regional Settings
keyboard us
timezone America/Chicago
Firewall settings
firewall --allowOutgoing
Enable reboot after script
reboot
Boot Config
bootloader --location=mbr
Disk Partitioning
clearpart --firstdisk --overwritevmfs
part /boot --fstype=ext3 --size=2000 --onfirstdisk --asprimary
part hostname-local --fstype=vmfs3 --size=50000 --grow --onfirstdisk
part None --fstype=vmkcore --size=100 --onfirstdisk
Create the vmdk on the cos vmfs partition.
virtualdisk esxconsole --size=40000 --onvmfs=hostname-local
Partition the virtual disk.
part / --fstype=ext3 --size=20000 --grow --onvirtualdisk=esxconsole
part swap --fstype=swap --size=1600 --onvirtualdisk=esxconsole
part /var --fstype=ext3 --size=4000 --grow --onvirtualdisk=esxconsole
part /home --fstype=ext3 --size=10000 --grow --onvirtualdisk=esxconsole
part /opt --fstype=ext3 --size=2000 --grow --onvirtualdisk=esxconsole
part /tmp --fstype=ext3 --size=2000 --grow --onvirtualdisk=esxconsole
Accept the EULA
vmaccepteula
%post --interpreter=bash
/usr/bin/sleep 90
Enable Kerberos Auth
/usr/sbin/esxcfg-auth --enablead --addomain=domaint --addc=domain
Create user ID/s to enable ssh to host with DOMAINS ID
/usr/sbin/useradd -c userid
/usr/sbin/useradd -c userid
/usr/sbin/useradd -c userid
/usr/sbin/useradd -c userid
%post --interpreter=bash
Create post-config script
cat << \EOF > /etc/rc3.d/s99postconf
#!/bin/bash
Open firewall ports for appropriate services
/usr/sbin/esxcfg-firewall --openport 88,tcp,out,KerberosClientTCP
/usr/sbin/esxcfg-firewall -blockOutgoing
/usr/sbin/esxcfg-firewall -e ntpClient
/usr/sbin/esxcfg-firewall -e activeDirectorKerberos
/usr/sbin/esxcfg-firewall -e smbClient
/usr/sbin/esxcfg-firewall -e sshServer
Configure 64-bit queue depth on QLogic adapters
/usr/sbin/esxcfg-module -s ql2xmaxqdepth=64 qla2300_707_vmw
/usr/sbin/esxcfg-boot -b
echo “Removing automated post script.”
rm /etc/rc3.d/s99postconf
EOF
chmod +x /etc/rc3.d/s99postconf
I've fingured out my issues. NTP problem.
Thanks