VMware Cloud Community
DanielVaknin
Enthusiast
Enthusiast

Test Login doesn't work with vRA Authentication Provider (domain user)

Hi all!

I've installed 2 vRA instances which are behind F5 load balancer, and also 2 instances of vRO (also clustered and behind F5).

I've configured the Directory (Active Directory) in vRA, synced groups and everything seem to work - I can login with domain users and also specifically with the vRO service account which we created previously (I've also granted all the available permissions to the admin group, including IaaS and Tenant admin).

I've also successfully added the authentication provider to vRO and it found the Admin Group from the AD (from vRA).

After configuring it, and restarting the appliance, the test connection fails on the same user which is able to login to vRA (the same tenant).

A few things to notice:

- It happens on both vRO nodes, and it happened also before I joined them to a cluster.

- Both nodes are synced.

- In the authentication provider, if I choose to use the default tenant (vsphere.local) instead of our new tenant (rp), and choose the "vroadmins" as the admin group, the test connection works fine for the administrator user.

- Also, even if I choose our new tenant (rp), and choose "vsphere.local\all_users" as the admin group, the test connection works fine for a local user I created in vRA (on that tenant).

I'll attach some pictures to make it more clear.

Directory.PNG

vro_auth_provider.PNG

test_login.PNG

Reply
0 Kudos
3 Replies
Susie1703
Contributor
Contributor

did you solve that problem?? I got exactly the same Problem.

Reply
0 Kudos
DanielVaknin
Enthusiast
Enthusiast

No, unfortunately I didn't..

I moved to work with vCenter authentication for now.

Reply
0 Kudos
JeredMiller
Contributor
Contributor

I've been having this exact issue trying to get AD auth working on my Orchestrator in 7.2.  I have a support call scheduled for Monday to see if we can figure out why its not working.

Reply
0 Kudos