<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: 5.5 SSO AD Group Authentication in vCenter™ Server Discussions</title>
    <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940073#M28608</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;So it does appear that "-" is acii.&amp;nbsp; Another thought, my DA account is a member of 13 groups.&amp;nbsp; I wonder if I can break my test account by adding it to more groups?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Fri, 27 Sep 2013 12:26:32 GMT</pubDate>
    <dc:creator>badazws6</dc:creator>
    <dc:date>2013-09-27T12:26:32Z</dc:date>
    <item>
      <title>5.5 SSO AD Group Authentication</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940071#M28606</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Lots of SSO discussion here...&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Anyway, I seem to be having a slightly different problem than the others I have been seeing.&amp;nbsp; When I give admin rights to my vcenter instance to "domain admins", which my account is a direct member of, I can not log in.&amp;nbsp; When I give my domain admin account direct permissions to the vcenter instance I can log in no problem.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Anyway, my environment is 2008r2, everything is up to 2008 functional levels, vCenter is installed into a fresh 2008r2 instance.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Anyone else seeing this behavior?&amp;nbsp; Any suggestions?&amp;nbsp; I will be doing more testing.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;MR&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 27 Sep 2013 12:04:54 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940071#M28606</guid>
      <dc:creator>badazws6</dc:creator>
      <dc:date>2013-09-27T12:04:54Z</dc:date>
    </item>
    <item>
      <title>Re: 5.5 SSO AD Group Authentication</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940072#M28607</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Ok, bumping around trying different things.&amp;nbsp; I removed my domain admins account from a the one group with a "_", with no love.&amp;nbsp; I noticed that account is a member of about half a dozen accounts that contain&amp;nbsp; "-".&amp;nbsp; I setup another account that is not a member of any of those "-" groups and added it to domain admins.&amp;nbsp; I get love on this new test account, it is not been assigned direct permissions.&amp;nbsp; &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;So I am learning at least my in my instance it appears there are issues with "-"'s in group membership for SSO accounts.&amp;nbsp; Is "-" non-ascii?&amp;nbsp; Researching that now.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;So it appears I am having issues similar to the following thread.&lt;/P&gt;&lt;P&gt;&lt;A _jive_internal="true" href="https://communities.vmware.com/message/2293089#2293089"&gt;https://communities.vmware.com/message/2293089#2293089&lt;/A&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 27 Sep 2013 12:22:22 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940072#M28607</guid>
      <dc:creator>badazws6</dc:creator>
      <dc:date>2013-09-27T12:22:22Z</dc:date>
    </item>
    <item>
      <title>Re: 5.5 SSO AD Group Authentication</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940073#M28608</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;So it does appear that "-" is acii.&amp;nbsp; Another thought, my DA account is a member of 13 groups.&amp;nbsp; I wonder if I can break my test account by adding it to more groups?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 27 Sep 2013 12:26:32 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940073#M28608</guid>
      <dc:creator>badazws6</dc:creator>
      <dc:date>2013-09-27T12:26:32Z</dc:date>
    </item>
    <item>
      <title>Re: 5.5 SSO AD Group Authentication</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940074#M28609</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hmmm, so I added the test account to the same number of groups as well as adding it to a group that contains a "-".&amp;nbsp; It still works.&amp;nbsp; Maybe default group?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 27 Sep 2013 12:31:45 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940074#M28609</guid>
      <dc:creator>badazws6</dc:creator>
      <dc:date>2013-09-27T12:31:45Z</dc:date>
    </item>
    <item>
      <title>Re: 5.5 SSO AD Group Authentication</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940075#M28610</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Ok, getting some love.&amp;nbsp; The test accounts primary group was set to "domain users", the DA account's primary group was set to "Domain Admins".&amp;nbsp; When I changed the DA's primary group to "domain users" it was able to log in.&amp;nbsp; So...&amp;nbsp; Still somewhat confused here, why should it matter?&amp;nbsp; What is the difference?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 27 Sep 2013 12:35:24 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940075#M28610</guid>
      <dc:creator>badazws6</dc:creator>
      <dc:date>2013-09-27T12:35:24Z</dc:date>
    </item>
    <item>
      <title>Re: 5.5 SSO AD Group Authentication</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940076#M28611</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;So, just for testings sake I made my DA account's primary group "domain admins" again.&amp;nbsp; I can still log in...&amp;nbsp; &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I don't like problem resolutions that don't make sense and I can't replicate...&amp;nbsp; What am I missing here?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 27 Sep 2013 12:53:18 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940076#M28611</guid>
      <dc:creator>badazws6</dc:creator>
      <dc:date>2013-09-27T12:53:18Z</dc:date>
    </item>
    <item>
      <title>Re: 5.5 SSO AD Group Authentication</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940077#M28612</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Im seeing this problem as well when AD is configured as "Windows Integrated - machine account". When I configure AD with SPN, I cannot add any users or groups as I get the "cannot load users from this domain" message. If I configure AD via the AD as LDAP method then we get the "client cannot authenticate with inventory service" error. &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I don't have the solution (yet), but you are not alone, SSO 5.5 certainly has issues.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 01 Oct 2013 20:49:55 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940077#M28612</guid>
      <dc:creator>dpomeroy</dc:creator>
      <dc:date>2013-10-01T20:49:55Z</dc:date>
    </item>
    <item>
      <title>Re: 5.5 SSO AD Group Authentication</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940078#M28613</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I'm having very similar problems.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;A href="https://communities.vmware.com/thread/481571"&gt;5.5 SSO issue&lt;/A&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 18 Jun 2014 13:21:00 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/5-5-SSO-AD-Group-Authentication/m-p/940078#M28613</guid>
      <dc:creator>amurrey</dc:creator>
      <dc:date>2014-06-18T13:21:00Z</dc:date>
    </item>
  </channel>
</rss>

