VMware Cloud Community
vmproteau
Enthusiast
Enthusiast
‎03-04-2013 11:14 AM

Can't login to ESXi 5.1 Host with Active Directory Credentials

I am trying to setup Active Directory authentication for my ESXi 5.1 Hosts. I can successfully add the Host to the AD Domain but can't login.

  • Firewall on the Host shows AD ports wide open.
  • Domain Controller is in the same network as the Host.
  • "Authentication Services" show the correct Domain under "Domain Settings". "Trusted Domain Controllers" doesn't show anything.
  • I created an "ESX Admins" group in AD (assuming this is still the group that is automatically added to Hosts).
  • Tried all login formats: user@domain.com, domain\user, and just the user but, can't login with any.

I have done this previously in a separate ESXi 4.1 environment a while back and didn't have any issues. Has something changed with 5.1.

0 Kudos
4 Replies
Cyberfed27
Hot Shot
Hot Shot
‎03-04-2013 01:08 PM

Did you configure your domain controllers in the webclient interface to setup SSO? I'm assuming you are using vCenter 5.1?

0 Kudos
vmproteau
Enthusiast
Enthusiast
‎03-04-2013 01:20 PM

I'm not sure if I'm clear what you are referring to. SSO is setup with the same Domain I am adding my ESXi 5.1 Hosts to. However, I didn't do anything specific with the actual Domain Controllers themselves in SSO.

I can obviously authenticate to vCenter with my Domain credentials.

0 Kudos
vmproteau
Enthusiast
Enthusiast
‎03-05-2013 07:25 AM

Still haven't found any alternate instructions describing changes from previous versions of ESXi with respect to AD authentication.

Adding the Host to the Domain is successful but, it doesn't auto-add the ESX Admins AD group I created. Also, if I try to add a Domain account directly  to the Host when logged in directly as root (via VIC), it only allows for local account permission adds. Domain accounts are not an option.

Has anyone successfully setup direct ESXi 5.1 Host AD authentication (i.e. SSH, VIC, Console authentication)?

0 Kudos
vmproteau
Enthusiast
Enthusiast
‎03-15-2013 02:44 PM

Checking again if anyone has setup to authenticate to their ESXi 5.1 Hosts with Active Directory Domain credentials. I have set this up in the past without issue with ESXi 4.1.

In this case, I can successfully add the Host to the AD Domain. It shows up as a computer object as I'd expect. However, when I log into the Host and attempt to browse AD, I only see local users. The "ESX Admins" AD Group is not showing up and I see no way to browse the Domain to manually add users.

I wasn't sure if SSO somehow changes how this functions for ESXi 5.1 but I haven't found anything documenting a difference.

0 Kudos