I've successfully joined vMA to AD domain, however AD users can login to appliance only using local console (login: class\Administrator) but not using ssh.
Here is example:
login as: Administrator@class.local@vma1
Welcome to SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) - Kernel \r (\l).
Using keyboard-interactive authentication.
Password:
Access denied
Messages from /var/log/messages
2015-08-28T11:59:01+02:00 vma1 sshd[5545]: Invalid user 'class\\Administrator'@vma1 from 10.216.1.143
2015-08-28T11:59:01+02:00 vma1 sshd[5545]: input_userauth_request: invalid user 'class\\\\Administrator'@vma1 [preauth]
2015-08-28T11:59:01+02:00 vma1 sshd[5545]: Postponed keyboard-interactive for invalid user 'class\\\\Administrator'@vma1 from 10.216.1.143 port 40538 ssh2 [preauth]
2015-08-28T11:59:04+02:00 vma1 sshd[5547]: pam_unix2(sshd:auth): Unknown option: `try_first_pass'
2015-08-28T11:59:04+02:00 vma1 sshd[5547]: pam_tally2(sshd:auth): pam_get_uid; no such user
2015-08-28T11:59:08+02:00 vma1 sshd[5545]: error: PAM: User not known to the underlying authentication module for illegal user 'class\\Administrator'@vma1 from 10.216.1.143
2015-08-28T11:59:08+02:00 vma1 sshd[5545]: Failed keyboard-interactive/pam for invalid user 'class\\Administrator'@vma1 from 10.216.1.143 port 40538 ssh2
2015-08-28T11:59:08+02:00 vma1 sshd[5545]: Postponed keyboard-interactive for invalid user 'class\\\\Administrator'@vma1 from 10.216.1.143 port 40538 ssh2 [preauth]
Messages from /var/log/auth.log
2015-08-28T11:57:49+02:00 vma1 sshd[5538]: Invalid user 'class\\Administrator'@vma1 from 10.216.1.143
2015-08-28T11:57:49+02:00 vma1 sshd[5538]: Invalid user 'class\\Administrator'@vma1 from 10.216.1.143
2015-08-28T11:57:49+02:00 vma1 sshd[5538]: input_userauth_request: invalid user 'class\\\\Administrator'@vma1 [preauth]
2015-08-28T11:57:49+02:00 vma1 sshd[5538]: input_userauth_request: invalid user 'class\\\\Administrator'@vma1 [preauth]
2015-08-28T11:57:49+02:00 vma1 sshd[5538]: Postponed keyboard-interactive for invalid user 'class\\\\Administrator'@vma1 from 10.216.1.143 port 40528 ssh2 [preauth]
2015-08-28T11:57:49+02:00 vma1 sshd[5538]: Postponed keyboard-interactive for invalid user 'class\\\\Administrator'@vma1 from 10.216.1.143 port 40528 ssh2 [preauth]
2015-08-28T11:57:53+02:00 vma1 sshd[5540]: pam_unix2(sshd:auth): Unknown option: `try_first_pass'
2015-08-28T11:57:53+02:00 vma1 sshd[5540]: pam_tally2(sshd:auth): pam_get_uid; no such user
2015-08-28T11:57:57+02:00 vma1 sshd[5538]: error: PAM: User not known to the underlying authentication module for illegal user 'class\\Administrator'@vma1 from 10.216.1.143
2015-08-28T11:57:57+02:00 vma1 sshd[5538]: error: PAM: User not known to the underlying authentication module for illegal user 'class\\Administrator'@vma1 from 10.216.1.143
2015-08-28T11:57:57+02:00 vma1 sshd[5538]: Failed keyboard-interactive/pam for invalid user 'class\\Administrator'@vma1 from 10.216.1.143 port 40528 ssh2
2015-08-28T11:57:57+02:00 vma1 sshd[5538]: Failed keyboard-interactive/pam for invalid user 'class\\Administrator'@vma1 from 10.216.1.143 port 40528 ssh2
2015-08-28T11:57:57+02:00 vma1 sshd[5538]: Postponed keyboard-interactive for invalid user 'class\\\\Administrator'@vma1 from 10.216.1.143 port 40528 ssh2 [preauth]
2015-08-28T11:57:57+02:00 vma1 sshd[5538]: Postponed keyboard-interactive for invalid user 'class\\\\Administrator'@vma1 from 10.216.1.143 port 40528 ssh2 [preauth]
already tried different combinations all with similar results
'class\Administrator'@vma1
class\\Administrator@vma1
class\\Administrator@vma1
Administrator@class.local
Administrator@class@vma1
Administrator/class
class/administrator
class\\Administrator@local
'class\\Administrator'@local
tomsmig - just as akarydas2 mentioned, you need to comment out the "Allow Groups" line in the sshd_config file. This is mentioned in the original vMA 6.0 release notes. You can do this by first logging in to the vMA as the vi-admin user, and then running the following command:
sudo vim /etc/ssh/sshd_config
Once in the file, arrow down to the "Allow groups wheel" line and press letter "i" to insert and then place a "#" at the beginning of the line. The line will turn blue when it is commented out.
To save it, press "Esc" then enter a colon ":" then type "wq" (write + quit)
Next, type: sudo reboot followed by the vi-admin password.
After the vMA has rebooted, you can SSH via PuTTy using your administrator@class.local credentials. There is no need to append "@vma1" to the end. I hope this helps!
From the release notes of the vMA version 6.0:
If you want direct SSH access to the appliance with Active Directory credentials, then comment out the AllowGroups line in the sshd_config file.
tomsmig - just as akarydas2 mentioned, you need to comment out the "Allow Groups" line in the sshd_config file. This is mentioned in the original vMA 6.0 release notes. You can do this by first logging in to the vMA as the vi-admin user, and then running the following command:
sudo vim /etc/ssh/sshd_config
Once in the file, arrow down to the "Allow groups wheel" line and press letter "i" to insert and then place a "#" at the beginning of the line. The line will turn blue when it is commented out.
To save it, press "Esc" then enter a colon ":" then type "wq" (write + quit)
Next, type: sudo reboot followed by the vi-admin password.
After the vMA has rebooted, you can SSH via PuTTy using your administrator@class.local credentials. There is no need to append "@vma1" to the end. I hope this helps!
Thanks, that is good explanation