Hi,
I am running into a few problems in enabling users with an active directory account to access our esx servers(running the latest build). I am following the directions as given in the following vmware document-
I have also tried following the suggestions of a few other posts I found online that suggest using the domain name for the --addc option. I have also tried using an IP address in its place. I have used the useradd option to add users and assigned them admin privileges by logging in as admin and using the Permissions option. Users having active directory accounts are still unable to access the esx server. So, I have tried each of the following seperately
esxcfg-auth --enablead --addomain=domain_name --addc=domain_name
esxcfg-auth --enablead --addomain=domain_name --addc=FQDN of domaincontroller
esxcfg-auth --enablead --addomain=domain_name --addc=<ip address of domain controller>
I have also looked up krb5.conf and find that the changes as mentioned in the vmware document are made. I also used nmap to confirm that the ports mentioned in the krb5 file for domain controllers are actually open on the server.
Is there some command or configuration that I have overlooked?
Thanks
Regards
Varun
Check the log files.
Make sure you have NTP turned on, and time is synchronized. If the time on the ESX server is too far off from the domain controller, you will not be able to log in.
Hello,
If you want them to have VIC access to the Host then they you need to also modify the authorizations.xml file. It would be easier to create this file if you first created the users using the VIC yourself however, you can edit the authorizations.xml file by hand.
They should be able to connect to the host using ssh however.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354
As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization
Hi
you must also add the user to the ESX console :
adduser aduseraccount
Hello,
OP has stated he used 'useradd' already which is the appropriate tool.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354
As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization
Check the log files.
Make sure you have NTP turned on, and time is synchronized. If the time on the ESX server is too far off from the domain controller, you will not be able to log in.
Just to reiterate the above...
esxcfg-auth --enablead --addomain=FQDN --addc=FQDN
time synch needs to be setup (NTP) so ESX hosts are within tolerance
Hi,
The problem actually did turn out to be a timing issue between the server running the active directory and the esx server. On getting both to update their time using ntp through a third server, applying changes on the active directory, the problem got resolved. The change does take some time to take effect on the active directory.
Thanks once again for all your help.
Regards
Varun