VMware Cloud Community
vmpwcliuser31
Contributor
Contributor
‎03-22-2023 10:30 AM

Authentication issues (SSH works but not ESXi direct web client)

Hello all,

 

I'm running into something interesting that I'm being confused by and hoping someone can point me in the right direction.

I recently joined some ESXi hosts (all are version 7.0.3 build 19898904 or higher) to my AD domain here and edited the Config.HostAgent.plugins.hostsvc.esxAdminsGroup advanced system setting with the appropriate AD security group.  

I then went to verify that I can log into the host with my AD credentials via the ESXi web client (https://hostname/ui).  When I try logging in there, I get the error "Permission to perform this operation was denied."  I tried both ways for the username as well (domain\username and username@domain).

Lockdown mode is disabled (as I can login w/root), firewalls are okay (AD traffic is enabled for all IP addys), nslookups from the ESXi host work just fine and the strangest part, to me, is that I can SSH into the same ESXi host with domain\username credentials without issue.

Sooo...any thoughts as to why I can SSH into the host w/my AD creds but not into the web client itself?  

0 Kudos
5 Replies
UmeshAhuja
Commander
Commander
‎03-22-2023 11:15 AM

Hi,

On the ESXi host, when you are logged in as root, can you see the new AD user under host permissions?

UmeshAhuja_1-1679508898685.png

 

Thanks n Regards
Umesh Ahuja

If your query resolved then please consider awarding points by correct or helpful marking.
0 Kudos
mannharry
Hot Shot
Hot Shot
‎03-22-2023 11:50 AM

Can you get the output of the command esxcli system permission list? 

0 Kudos
vmpwcliuser31
Contributor
Contributor
‎03-22-2023 01:05 PM

Thanks for the replies!

 

I logged into the web client of one of the hosts and do see the AD security group in the host's permissions.  I also SSH'd into the same host as root and ran the command and see the same output (the AD SG having the Admin role).

 

Any other thoughts?

0 Kudos
mannharry
Hot Shot
Hot Shot
‎03-22-2023 10:25 PM

Kindly check and share a screenshot of the below.

  • Lockdown mode on the ESXi host .

 

0 Kudos
vmpwcliuser31
Contributor
Contributor
‎03-23-2023 05:27 AM

As mentioned in my original post, lockdown mode is disabled.

0 Kudos