We have a new vCenter server and its joined to the domain as well. Its a vCenter appliance 6.5.
We have added the domain group with proper permission in vCenter but the users in that group are not able to login to the vCenter server. They are getting below error.
Unable to login because you do not have permission on any vCenter Server systems connected to this client.
Check the vSphere Web Client server logs for details.
However, the same domain user is able to login to the vCenter server if i added him individual to the vcenter permission.
Its strange issue but i am not able to find the solution for this.
Request everyone to please help if you have any clue about this issue.
What type of AD group is this? Is the user a direct member of this group or is the user nested more than one layer deep?
how is the identity source configured .. integrated windows or ad as an ldap
Check the vmware-sts-idmd.log and search with username for the actual error message. Possible the users is in another group with no permissions or the groups permissions are not inherited properly..
Thanks,
MS
This group is universal security group in AD and user is directly added into this group only.
Identity source is configured as Integrated windows authentication. User is in right group which we have added to the vCenter server with proper permission.
[2018-05-01T17:02:00.090Z vsphere.local 08941158-c30f-43eb-bf1f-cea7812053bc INFO ] [LinuxNativeAuthDbAdapter] Authenticating user ["USER_NAME"]
[2018-05-01T17:02:00.091Z vsphere.local 08941158-c30f-43eb-bf1f-cea7812053bc ERROR] [IdentityManager] Failed to authenticate principal ["USER_NAME"] for tenant [vsphere.local]
javax.security.auth.login.LoginException: User not found
at com.vmware.identity.idm.server.provider.localos.LocalOsIdentityProvider.authenticate(LocalOsIdentityProvider.java:143) ~[vmware-identity-idm-server.jar:?]
at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2981) ~[vmware-identity-idm-server.jar:?]
at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:9762) ~[vmware-identity-idm-server.jar:?]
at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source) ~[?:?]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_141]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_141]
at su
javax.security.auth.login.LoginException: User not found and it is intersting that the user is not found when it failed to look for the user.. if we give the direct account, it works fine.. possibly some issue with group or the user might be missing in the group
thanks,
MS