VMware Cloud Community
RLsh
Contributor
Contributor

vMA AD integration with ESX fastpass auth

hey,

I have vMA 4.1 with AD integration and ESXi 4.1/4.0 with fastpass authentication,

now, when I log in with domain user, I need to enter user name and password for each command.

is this normal behavior?

I was sure that fastpass save the credentials, and any user that in the sudoers file will be able to run command without entering username and password.

thanks.

Reply
0 Kudos
4 Replies
lamw
Community Manager
Community Manager

To get this to work, you need to ensure that both your vMA host and ESX(i) host has been added to AD. You also need to ensure that you add your ESX(i) host using --authpolicy adauth, once you've done that, you'll need to initialize your target before you can execute a command in which vi-fastpass will takeover and using your AD credentials w/o prompting you for password.

Also take a look at this blog post, it should be helpful - http://www.virtuallyghetto.com/2010/07/vma-41-authentication-policy-fpauth-vs.html

=========================================================================

William Lam

VMware vExpert 2009,2010

VMware VCP3,4

VMware VCAP4-DCA

VMware scripts and resources at:

Twitter: @lamw

Getting Started with the vMA (tips/tricks)

Getting Started with the vSphere SDK for Perl

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
lamw
Community Manager
Community Manager

Here is a blog post that should help - http://www.virtuallyghetto.com/2010/11/how-to-configure-and-use-vmas-vi.html

=========================================================================

William Lam

VMware vExpert 2009,2010

VMware VCP3,4

VMware VCAP4-DCA

VMware scripts and resources at:

Twitter: @lamw

Getting Started with the vMA (tips/tricks)

Getting Started with the vSphere SDK for Perl

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
RLsh
Contributor
Contributor

hey William,

i already understand this.. mostly from your blog..

my question is what happens if i have number of environments.

for one environment i use AD authentication all the way ( vMA and ESXi's are integrated to AD) and it works perfectly.

For the other environment, same vMA, I want to use fpauth (root user),

but it keeps asking me for user name and password (again i connected to vMA with my domain user).

is this supposed to happen?

BTW when i connect to vMA with vi-admin, the fpauth to the sane ESXi's (with root user) work just fine..

thanks Smiley Happy

Reply
0 Kudos
lamw
Community Manager
Community Manager

As mentioned in the blog post, there are two types of vi-fastpass auth: fpauth and adauth

If you're trying to using fpauth, you need to be logged into vMA using vi-admin account. If you have a mix of both types, you have two options:

1) Login directly as vi-admin account as fpauth is only valid under this account

2) Login using AD credentials and allow the account to sudo over to vi-admin user, this allows you to utilize both type of auths + allows for auditing purposes

=========================================================================

William Lam

VMware vExpert 2009,2010

VMware VCP3,4

VMware VCAP4-DCA

VMware scripts and resources at:

Twitter: @lamw

Getting Started with the vMA (tips/tricks)

Getting Started with the vSphere SDK for Perl

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos