Hi all,
I tried to use AD Authentication on vMA4.1 and facing an issue.
Below is my setup:
1. I've a vMA4.1 (vm881), vCenter 4.1 (vc41.testvma.test), ESX4.1 (esx9), a domain name is testvma.tes, and a Windows Domain controller(I use the same machine as AD Server), my domain admin username is vmadmin.
2. vMA4.1 added to domain using Administrator user using the below command and later vMA is rebooted
- domainjoin-cli join testvma.test Administrator
3. ESX 4.1 and vCenter both are added to the domain.
4. Added ESX4.1 in vifp targets using the below command:
- vifp addserver esx9.testvma.test --authpolicy adauth --username testvma.test
vmadmin
5. Created ESX Admins group in AD and added "Administrators" and "vmadmin" into it.
6. Added vCenter to the vifp targets using the below command
- vifp addserver vc41.testvma.test --authpolicy adauth --username TESTVMA.TEST
vmadmin
7. Then logged in as domain user (vmadmin) in vMA using the below command
$ ssh vmadmin@testvma.test@vm881
Password:
Welcome to vMA
run 'vma-help' or see http://www.vmware.com/go/vma for more details.
8. When I try to run /opt/vmware/vma/samples/java/listtargets/listTargets.sh script below is the output:
Target Name Product Version
-
-
-
esx9.testvma.test VMware ESX 4.1.0
vc41.testvma.test
esx9.testvma.test ESX adauth
vc41.testvma.test vCenter adauth
9. I'm not able to find out the cause for this error, however if I add both ESX4.1 and vCenter4.1 using fpauth method, listTargets successfully lists both vCenter and ESX server as shown below:
vc41.testvma.test vCenter fpauth
esx9.testvma.test ESX fpauth
exit
Target Name Product Version
-
-
-
vc41.testvma.test VMware vCenter Server 4.1.0
esx9.testvma.test VMware ESX 4.1.0
Can you all please help me understand whats wrong in my setup or its a known limitation/bug in vmware ?
Thank you all
Sachi
Generally when you have the following error "Cannot authenticate in this user's context", it means that account you're using to authenticate is not valid.
Take a look at this blog post which goes over both types of vi-fastpass: fpauth and adauth and see if it helps:
http://www.virtuallyghetto.com/2010/11/how-to-configure-and-use-vmas-vi.html
=========================================================================
William Lam
VMware vExpert 2009,2010
VMware VCP3,4
VMware VCAP4-DCA
VMware scripts and resources at:
Getting Started with the vMA (tips/tricks)
Getting Started with the vSphere SDK for Perl
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
Hi William,
I went through the link and checked all steps. I've followed all steps properly.
But still getting the error "" for vCenter 4.1 when I run listTargets.sh.
Also the below behavior is happening with vCenter:
1. Login as vmadmin (domain user) into vMA
2. Set target to vCenter
3. Use esxcfg -nics -l --vihost on the ESX4.1 which is added in vCenter
4. Credentials are asked for running this command. I gave vmadmin (domain user) and password, then only I got the output.
Probably this might help shed light on why I'm facing issues with running listTargets.sh.
But mainly I'm worried with listTargets.sh running successfully for vCenter 4.1.
Thank you
Sachi
I would not worry too much about listTargets.sh as it's just a quick wrapper about vi-fastpass.
You should be using vifp listservers -l to really verify that the targets have been added using the correct type of vi-fastpass.
How are you adding the targets? Are you using the vi-admin account? Any errors in /var/log/vmware/vma/vifpd.log?
=========================================================================
William Lam
VMware vExpert 2009,2010
VMware VCP3,4
VMware VCAP4-DCA
VMware scripts and resources at:
Getting Started with the vMA (tips/tricks)
Getting Started with the vSphere SDK for Perl
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
Hi William,
This is continuation of Sachi's post .We add the servers using vi-admin user.when added the server it asked for the user name but not password.I dont see any error in the vifpd.log.
vifp listservers -l output pasted below :
ovpesx9.testvma.test ESX adauth
vc41.testvma.test vCenter adauth
listTarget is not working for VC , but for esx it works fine with the domain user.see the output below :
Sachi : Modified
Target Name Product Version
-
-
-
ovpesx9.testvma.test VMware ESX 4.1.0
vc41.testvma.test
Question here is : do we need to do any specific step to make adauth to work for VC ?
Thanks
Selman