Re: vShield Manager 5.1 Security and vCenter Grou...

PalmerBr · ‎05-31-2013

Question: How can I get "VCenter Group" type to allow vShield Manager access from the web page?

Background: When assigning an AD domain group the Enterprise Administrator role in vShield manager the domain account members are not allowed to login to vShield Manager

Notes:

* I have never had this working previously. I may be doing it incorrectly.

* I have added the group in the format of domain\group and granted it "Enterprise Administrtator" role in vShield Manager

* If I login to vShield Manager with an AD account that is a member of the domain group I receive the error "Please enter a valid username and password".

* If I add the same individual user account in the format of domain\username and grant it "Enterprise Administrtator" role vShield Manager allows the account to login.

* The AD group has been defined in vCenter itself by adding it to the permissions tab on the root object in vCenter with Administrator permissions.

kklsen282 · ‎08-27-2013

add your AD domain group with FQDN of your domain to vShield Manager: domain.com\ad-group

PalmerBr · ‎08-27-2013

Correct

This fixed the issue! Thanks for your reply!

Note:

The the vShield manager will allow you to use the format domain\username to grant access to individual users and they will receive the necessary access.

However, when specifying a group in the same way it will not work. You must use domains full fqdn domain.com\group in this case.

PalmerBr · ‎08-27-2013

Not seeing how to mark this as correct and grant you the points? Anyone?

yonish · ‎12-04-2013

worked for me thanks

use fqdn domain.local\username using just domain\username doesn't work in 5.1.2

All

vShield Manager 5.1 Security and vCenter Group