New User, Permission to Login via VI client

DevotedDad · ‎01-18-2010

Hello,

We just setup our first ESXi 4 box ... as I understand it, best practice is to lockdown remote "root" login at the console ... to that end, have created a new user via the VI console and assigned to the root and localadmin groups ... however when attempting to login as this user via the VI client, we get "...You do not have permission to login to the server...". Exactly which group(s) should I add this user to for it to be an admin and login remotely via the VI client?

Many Thanks.

AndreTheGiant · ‎01-18-2010

Have you used useradd command?

Group is not important, but user (or group) must be authorized also in vSphere: use the client and the permission tab to add it with a right role.

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro

danm66 · ‎01-18-2010

By default, SSH access to the host is disabled in ESXi, so there is no need to worry about root or any other account accessing the host through that method. If you are concerned about the physical console being open to attack, then restricting physical access to the hardware should be the primary concern.

If you are concerned about someone using the vSphere client to hack in with the root account, then create the new account with the vSphere client under Users and Groups and assign it the Administrator role. Verify it works in all respects, then disable root.

HTH

All

New User, Permission to Login via VI client