Solved: Re: Problems in enabling active directory for ESX ...

varun_tbd · ‎08-21-2008

Hi,

I am running into a few problems in enabling users with an active directory account to access our esx servers(running the latest build). I am following the directions as given in the following vmware document-

I have also tried following the suggestions of a few other posts I found online that suggest using the domain name for the --addc option. I have also tried using an IP address in its place. I have used the useradd option to add users and assigned them admin privileges by logging in as admin and using the Permissions option. Users having active directory accounts are still unable to access the esx server. So, I have tried each of the following seperately

esxcfg-auth --enablead --addomain=domain_name --addc=domain_name

esxcfg-auth --enablead --addomain=domain_name --addc=FQDN of domaincontroller

esxcfg-auth --enablead --addomain=domain_name --addc=<ip address of domain controller>

I have also looked up krb5.conf and find that the changes as mentioned in the vmware document are made. I also used nmap to confirm that the ports mentioned in the krb5 file for domain controllers are actually open on the server.

Is there some command or configuration that I have overlooked?

Thanks

Regards

Varun

jguidroz · ‎08-22-2008

Check the log files.

Make sure you have NTP turned on, and time is synchronized. If the time on the ESX server is too far off from the domain controller, you will not be able to log in.

View solution in original post

Texiwill · ‎08-22-2008

Hello,

If you want them to have VIC access to the Host then they you need to also modify the authorizations.xml file. It would be easier to create this file if you first created the users using the VIC yourself however, you can edit the authorizations.xml file by hand.

They should be able to connect to the host using ssh however.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

admin · ‎08-22-2008

Hi

you must also add the user to the ESX console :

adduser aduseraccount

Texiwill · ‎08-22-2008

Hello,

OP has stated he used 'useradd' already which is the appropriate tool.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

jguidroz · ‎08-22-2008

Check the log files.

Make sure you have NTP turned on, and time is synchronized. If the time on the ESX server is too far off from the domain controller, you will not be able to log in.

Squid_Ro · ‎08-22-2008

Just to reiterate the above...

esxcfg-auth --enablead --addomain=FQDN --addc=FQDN

time synch needs to be setup (NTP) so ESX hosts are within tolerance

varun_tbd · ‎08-25-2008

Hi,

The problem actually did turn out to be a timing issue between the server running the active directory and the esx server. On getting both to update their time using ntp through a third server, applying changes on the active directory, the problem got resolved. The change does take some time to take effect on the active directory.

Thanks once again for all your help.

Regards

Varun

All

Problems in enabling active directory for ESX 3.5 servers