VMware Cloud Community
rpmatthews2
Contributor
Contributor
‎03-17-2011 07:46 AM

vMA Active Directory Authentication

I have just installed vMA 4.1 and are in the process of configuring AD authentication. When I attempt to join the domain using the command "sudo domainjoin-cli join mydomain.com myadminaccount@domain.com" I don't get an error but get repeatedly asked for my password until it fails on the third attempt. I have checked DNS lookups to the local Domain Controller are working.

I should point at that due to the size of our Active Directory, local IT departments do not have domain administrator access, instead we have admin accounts that allow us to administer our local OU which includes creating user, computer accounts and can join Windows Servers & Desktops to the domain without problems. Does anyone understand the background processes that take place when joining the vMA to AD and how they may differ from a Windows OS? I have also tried pre-creating the computer account.

Any help much appreciated,


Richard.

Tags (3)
0 Kudos
4 Replies
lamw
Community Manager
Community Manager
‎03-17-2011 02:34 PM

It sounds like it's not accepting the password and that is why you're being re-prompted. To get more details on logging, you can run the following:

sudo domainjoin-cli --loglevel verbose --logfile joindomain.log join [domain_name] [user]

Here's a post on other troubleshooting methods - http://www.virtuallyghetto.com/2010/06/how-to-configure-likewise-open-ad.html

I don't know all the details on what it requires from an AD perspective, but you may also want to see if someone that manages the domain can see any errors on the domain controller.

0 Kudos
rpmatthews2
Contributor
Contributor
‎03-18-2011 04:31 AM

Thanks for the response.

I tried the logging switches but couldn't find the log file after execution?

Managed to fix the problem by point the primary dns at the Domain Controller which holds the FSMO roles. Then it seemed to join, possibly couldn't locate the PDC emulator?

Thanks again.


Richard.

0 Kudos
qrxv28
Contributor
Contributor
‎03-23-2011 11:44 AM

I'm actually getting the same thing I did the point the primary DNS to the server that has FSMO and yet I'm getting the same Sorry try again for the password after I run cmd "sudo domainjoin-cli join domain.com domain-admin-adminuser"  Any ideas? Do I have to make vMA part of my domain to add ESX servers?

0 Kudos
rpmatthews2
Contributor
Contributor
‎03-24-2011 06:24 AM

You don't need to add vMA to the domain to add esx servers, its useful though for ESXi4.1 which can be joined to AD and also means no vCenter User passwords are stored on the vMA. Have you  tried precreating the computer account and using the format domainadmin@mydomain.com for the username?

0 Kudos