I followed the procedures for setting up AD to be used when logging on to the console.
Then run:
\# esxcfg-auth --enablead --addomain=domain.com --addc=domain.com
I verified that the fireall ports were opened on the console and that the DC could be pinged. There are no firewalls between my host and the DC.
I then created a user that was already in active directory.
useradd username
When I ssh I get access denied. Did I need to add the user to any special groups?
Thanks
That might indicate a sites and services issues. From ESX if you ping domain.com a DC in that site should respond
Typically the way you control that is by changing the priority and weight of DNS SRV records.
Anyone ever used the AllowGroup in the /etc/ssh/sshd_config
when ESX is using AD for authentication? Will it allow the AD Groups to be
specified without adding them to the /etc/group file? If not, how much info needs to be in the group file? In other words, do all members of the AD group need to be listed in the /etc/group file?
You will need to get winbind set up to be able to do that
Student has AD already configured on the ESX server. They want to use the existing admin group defined in AD and give them access to ssh. Found documentation that says user account must be added to ESX SC for AD users to have login access. Can't find any info about using groups, but sshd_config does have the AllowGroup option.
I wrote a script that can take care of that. PM me with your email
sbeaver could you send me that script? I also want to enable access based on AD on our ESX environment on a group basis.
really appreciated!