Guys, I currently have the ability to authenticate against Active Directory from my ESX 3 host. I useradd individual accounts and have them authenticate against AD.
What I'd like to know is.......
Is it possible to....
a) Create a group on the ESX host
b) then create a replica group in Active Directory
c) add my users to the Active Directory group,
d) then logon via SSH and authenticate in ESX?
Check out this thread and download the doc I posted. This should point you in the right direction
http://communities.vmware.com/message/789543#789543
Steve Beaver
VMware Communities User Moderator
*Virtualization is a journey, not a project.*
Thanks Steve. I'll have a look and get back to you.
You can create users on AD and have the ESX authenticate, but the problem is we tried it and it keeps locking the AD accounts, so we quit using it.
I don't think you can replicate groups, only users.
There are lots of variants for LDAP script to query AD for group membership, and then delete/add user ids on each ESX host. There are a few good examples of the script on various blogs, google it. It works well for us.