CSBilbro
Contributor
Contributor

AD Integration with ESX Hosts and Multiple Domains?

I have been doing some reading on enabling Active directory integration with our ESX Hosts and had a a question.

Currently we have Sys Admins in a couple of domains within the same forest. So how do we modify or tweak:

esxcfg-auth --enablead --addomain=domain.com --addc=domain.com to enable multiple domains?

Thanks for the Help

0 Kudos
2 Replies
kjb007
Immortal
Immortal

You'll need a common root domain or something, and add accounts from there. If you have domains within the same forest, then you'll have to setup trusts and transfer accounts that way. Using esxcfg-auth ultimately sets up the kerberos, and I'm pretty sure you can't setup multiple kerberos realms for ESX to talk to.

I'm sure others will correct me if I am mistaken, but I don't think that will work. You'll have to get a domain, and import/authenticate users from that domain.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
Texiwill
Leadership
Leadership

Hello,

It is possible but you would need to edit a bunch of files by hand. I suggest you look into the book "Samba-3 by Example" by Terpstra for assistance in this.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIII: 2009-2021,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos