VMware Cloud Community
nsousaarlington
Enthusiast
Enthusiast
‎09-08-2020 02:08 PM
Jump to solution

Normal Lockdown Mode Exception Users - Domain Accounts?

Can you add domain accounts to the exception user list for normal lockdown mode? I tried using DOMAIN\user as well as user@domain.com but neither work. Local accounts work just fine.

0 Kudos
1 Solution

Accepted Solutions
Lalegre
Virtuoso
Virtuoso
‎09-09-2020 10:58 PM
Jump to solution

Hey,

Take a look at the next blog post which explains not only the steps needs to be done with the users but also in vCenter permissions,etc: vSphere 6.0 Lockdown Mode Exception Users - VMware vSphere Blog

I think there you will find your solution.

View solution in original post

7 Replies
lucasbernadsky
Hot Shot
Hot Shot
‎09-08-2020 05:25 PM
Jump to solution

Yes, you can!

First you need to add host to active directory: Using Active Directory to Manage ESXi Users and Add a Host to a Directory Service Domain

Next you need to add AD users to exception users: Specify Lockdown Mode Exception Users

Hope it works for you!

0 Kudos
nsousaarlington
Enthusiast
Enthusiast
‎09-09-2020 07:12 AM
Jump to solution

I tried that, but I wasn't able to log into the VMHost (https://vmhost/ui). I tried using DOMAIN\username and username@domain.com, but neither worked. It only allowed UI logins with a local account created on the VMHost.

0 Kudos
lucasbernadsky
Hot Shot
Hot Shot
‎09-09-2020 07:50 AM
Jump to solution

Hi, sorry to hear that.

Did you follow the steps described in this video? DOMAIN JOIN STEPS FOR ESXI 6.7 - YouTube

0 Kudos
nsousaarlington
Enthusiast
Enthusiast
‎09-09-2020 07:54 AM
Jump to solution

Yes, the VMHost is joined to the domain. With lockdown mode disabled, I can SSH into the VMHost using domain credentials. I can also log into the UI with lockdown mode disabled. I just can't get logins to work with Normal Lockdown Mode enabled, even with the domain account added to the Exception Users list. The user in question has full administrator permissions assigned through vCenter, propagated down to the VMHost.

0 Kudos
lucasbernadsky
Hot Shot
Hot Shot
‎09-09-2020 09:18 AM
Jump to solution

Ok, that's a strange behaviour.

Can you take a look at /var/log/auth.log and /var/log/shell.log

0 Kudos
nsousaarlington
Enthusiast
Enthusiast
‎09-09-2020 02:29 PM
Jump to solution

There are no log entries for the failed login attempt through https://vmhost/ui, in both auth.log and shell.log.

I'll open up a ticket with VMware on this one.

0 Kudos
Lalegre
Virtuoso
Virtuoso
‎09-09-2020 10:58 PM
Jump to solution

Hey,

Take a look at the next blog post which explains not only the steps needs to be done with the users but also in vCenter permissions,etc: vSphere 6.0 Lockdown Mode Exception Users - VMware vSphere Blog

I think there you will find your solution.