VMware Cloud Community
draposo
Contributor
Contributor
Jump to solution

How come I do not have a Users/groups tab on my ESX server to create users with web admin permissions?

I have an ESX 3 server and I am connected to it using Virtual Centert server root account. I want to add a user to access the web admin pages, but there is no users/groups tab when I select the Host from the left frame. Any idea why and how can I get that enabled?

Thanks

Reply
0 Kudos
1 Solution

Accepted Solutions
kjb007
Immortal
Immortal
Jump to solution

Is your vCenter server a member of that domain? If so, then you can add those users directly. If not, then you will have to go to your Vcenter windows machine. Create local windows users inside of the vCenter machine. Then, use those user accounts to apply permissions on the vm objects in the vi client.

-KjB

VMware vExpert

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB

View solution in original post

Reply
0 Kudos
10 Replies
Troy_Clavell
Immortal
Immortal
Jump to solution

you need to point your VIC to the ESX Host, not vCenter. There you should see the tab

Reply
0 Kudos
kjb007
Immortal
Immortal
Jump to solution

That user will only be local to ESX. Are you trying to create an account on the vCenter server?

-KjB

VMware vExpert

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
Reply
0 Kudos
draposo
Contributor
Contributor
Jump to solution

I did login to the ESX host while using the VIC client that is instaleld on the VIC server. (Whew ... Say that 10 times fast!!)

I want the users to have web access to manage a subset of vms. I assume doing this on the server (each individual ESX server) is the best way to go. Are you possibly suggesting that I should consider VIC users instead? As possibly a way to not have to create multiple duplicate users in the event that I move the vm from host to host?

Reply
0 Kudos
kjb007
Immortal
Immortal
Jump to solution

That is correct. Create your users on the vCenter windows machine, and assign permissions based on those user accounts. A better way to go would be to have AD, and select AC accounts, assuming you have an existing AD forest.

-KjB

VMware vExpert

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
draposo
Contributor
Contributor
Jump to solution

I have "AD" but it is OenLDAP/SAMBA based. Can I use that? If so how? Becasue I still don't have a user/group tab there either. I have

Getting started

Datacenters

Virtual Machines

Hosts

Tasks & Events

Alarms

Permissions

Maps

IF I hightlight a VM Host I also have

Pefromance

Configuration

Reply
0 Kudos
kjb007
Immortal
Immortal
Jump to solution

Is your vCenter server a member of that domain? If so, then you can add those users directly. If not, then you will have to go to your Vcenter windows machine. Create local windows users inside of the vCenter machine. Then, use those user accounts to apply permissions on the vm objects in the vi client.

-KjB

VMware vExpert

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
Reply
0 Kudos
Troy_Clavell
Immortal
Immortal
Jump to solution

...and it would be done through the permissions tab in vCenter.

draposo
Contributor
Contributor
Jump to solution

Problem #1. I was using RDP and accidentally loggin into local not domain account

Problem #2 ... With that resolved I can now change the DOMAIN to myDOMAIN, however when it attempts to populate the list I get the error message

" A general system error occurred: error accessing directory "

Reply
0 Kudos
draposo
Contributor
Contributor
Jump to solution

Found it

You must edit Active Directory settings.




To edit Active Directory settings:

</div>

  1. Log in to VirtualCenter with a local Administrator account.

  2. Click Administration &gt; VirtualCenter Management Server Configuration.

  3. Click Active Directory.

  4. Change the Active Directory Timeout from 60 to 120 seconds.

  5. Ensure that Enable Query Limit is selected and enter a limit of 100.

  6. Click OK.

from this url http://kb.vmware.com/selfservice/viewContent.do?externalId=1010094&sliceId=1

Reply
0 Kudos
AndreTheGiant
Immortal
Immortal
Jump to solution

I have "AD" but it is OenLDAP/SAMBA based. Can I use that? If so how?

Yes you can use.

User and group must be defined or in samba or in local user/group of your VC (are you using the Virtual Center?).

Then simple add a permission to associate a user or group to the role.

Andre

**if you found this or any other answer useful please consider allocating points for helpful or correct answers

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
Reply
0 Kudos