Solved: Use Intergrated Windows Authentication in vSphere ...

melay · ‎11-27-2014

Hi all.

Our freshly installed vCenter 5.5 is not joined to our domain for security reasons (not managed by the same teams).

VM admins need to login with their Windows credentials though, so right now the SSO identity source is set to "Active Directory as a LDAP Server".

Pass-through authentication does not work with this setup, presumably because it needs the identity source to be set to "Active Directory (Integrated Windows Authentication)".

Is there any way to get pass-through authentication working without joining the vCenter to the Windows domain ?

pratjain · ‎11-27-2014

SSO would not work if the machine is not joined to the domian.

The machine has to be joined to some domain ( test or internal ) to be working and for SSO to work correctly.

Reference KB - http://kb.vmware.com/kb/2058919

Regards, PJ If you find this or any other answer useful please mark the answer as correct or helpful.

View solution in original post

pratjain · ‎11-27-2014

SSO would not work if the machine is not joined to the domian.

The machine has to be joined to some domain ( test or internal ) to be working and for SSO to work correctly.

Reference KB - http://kb.vmware.com/kb/2058919

Regards, PJ If you find this or any other answer useful please mark the answer as correct or helpful.

melay · ‎11-28-2014

OK.

Since vCSA manages to get it work, and is not technically joined to the domain (does it rely on Samba?), I thought there might be some way to work around this, but I've searched long and large and found nothing.

pratjain · ‎11-28-2014

vCenter Server Appliance not joined to the domain would still work and would be able to authenticate to domain accounts but not the windows version one.

Regards, PJ If you find this or any other answer useful please mark the answer as correct or helpful.

All

Use Intergrated Windows Authentication in vSphere SSO without joining vCenter to the domain ?