patron
asked on
How to Add vMa 5.1 in AD ..to get login with domain ids for particulate domain group
Recently We have configured vMA 5.1.
Need help to join vMa 5.1 in Domain: abc.com
but have to make sure ,like in domian..Users from Group ESX Admin can only have login to vma,
Please advice for required config to be done, so that All users form domain group ESX Admin can login to vMA ?
and any config required to get the vma ping/access with name also, now able to access using ip only.
Need help to join vMa 5.1 in Domain: abc.com
but have to make sure ,like in domian..Users from Group ESX Admin can only have login to vma,
Please advice for required config to be done, so that All users form domain group ESX Admin can login to vMA ?
and any config required to get the vma ping/access with name also, now able to access using ip only.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you using adauth, and have you created the ESX Admins group?
Have you also tested adauth, by logging into an ESXi server using an AD Account?
You should only be able to login with an AD Account, if your username is in this group?
Have you also tested adauth, by logging into an ESXi server using an AD Account?
You should only be able to login with an AD Account, if your username is in this group?
ASKER
i have group name ESX Admins in Ad, that is fine for esx host
but now i need same config for vMA as well
how can we make sure that domain user from ad group esx admins can only have login access to vMA 5.1 [not esxi ]
will there be any config required there in vMa for any sudors file or any other config file to =define user/group level access?
as in esxi case we have option there in gui to give ad group name,but here we need this for vMA 5.1
but now i need same config for vMA as well
how can we make sure that domain user from ad group esx admins can only have login access to vMA 5.1 [not esxi ]
will there be any config required there in vMa for any sudors file or any other config file to =define user/group level access?
as in esxi case we have option there in gui to give ad group name,but here we need this for vMA 5.1
So, have you tried logging into to vMA as an AD user in the ESX Admins group, and not in the ESX Admins group ?
So you want different users to be able to login to ESXi and vMA ?
e.g. two different AD groups ?
So you want different users to be able to login to ESXi and vMA ?
e.g. two different AD groups ?
ASKER
Ad group is same ESX Admins
as on esxi host : users of this group:ESX Admins can only have login to esxi host and thay are by default part of root access right ?
Now i need same config to be done with vMA Appliance ?
my need is all users form Group ESX Admins can only have login and work access on vMA, as same as it is configured for vi-admin in vMa ?
as on esxi host : users of this group:ESX Admins can only have login to esxi host and thay are by default part of root access right ?
Now i need same config to be done with vMA Appliance ?
my need is all users form Group ESX Admins can only have login and work access on vMA, as same as it is configured for vi-admin in vMa ?
can you login on your vMA server with an AD Account in the AD Group ESX Admins ?
ASKER
m able to login with all account form AD?
while i needlogin should work for esx admin group form ad?
while i needlogin should work for esx admin group form ad?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks,but my concern is right now all user form ad domain are able to login into vMa using domain ID ?
while i need users form Esx Admin Gorup should only be able to login into vMA and be able to run command as we run using vi-admin account ?
while i need users form Esx Admin Gorup should only be able to login into vMA and be able to run command as we run using vi-admin account ?
did you complete the additional configuration, in this...
http://www.virtuallyghetto.com/2010/07/vma-41-active-directory-intergration.html
http://www.virtuallyghetto.com/2010/07/vma-41-active-directory-intergration.html
ASKER
Thanks,will have look for this,but where we have to give that group name esx admin in vMa config ?
so that users form ad group" ESx admin can only have login and work access on vMAas we have for vi-admin ?
so that users form ad group" ESx admin can only have login and work access on vMAas we have for vi-admin ?
By Adding ESXi and vCenter Servers to vMA using adauth.
ASKER
fine,but i need this to be make sure for vMA login only, as my host are already configured in domain with having access for ESX ADMIN group only
Let me know when you go through the links.
ASKER
yes i have done this config ,given in url
so any AD user can login into vMA ?
can any AD user login into ESXi ?
can any AD user login into ESXi ?
ASKER
any AD user can login into vMa.
but in Esxi AD user form Group named Esx Admins can have login
so i need this to be rectified for vMa ?
but in Esxi AD user form Group named Esx Admins can have login
so i need this to be rectified for vMa ?
have you checked, that only users in the AD Group ESX Admins can login to ESXi ?
also can I have the output from...
sudo vifp listservers -l
run the above as vi-admin and AD user.
also can I have the output from...
sudo vifp listservers -l
run the above as vi-admin and AD user.
ASKER
All Users form AD can not login to Esxi host using putty, Users form ad group named ESx Admins can login to Esxi using putty
but in case of vMa Login via Putty-all from Ad can have login using domain id ?
so i am looking for config like only user form esx admin group can login into vMa
and out put for vifp listservers -l is same for all like vi-admin,user from ad and user form ad group named esx admin
but if i add any server using any of ad id, saying u dont have permission ?
but in case of vMa Login via Putty-all from Ad can have login using domain id ?
so i am looking for config like only user form esx admin group can login into vMa
and out put for vifp listservers -l is same for all like vi-admin,user from ad and user form ad group named esx admin
but if i add any server using any of ad id, saying u dont have permission ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
not allowing to edit n save sudoers or any other file, even m logged in with vi a-dmin
also tried with sudo vi sudoers-no luck ? E45:read-only option i set
and is it require to give domain name like abc.com in place of %Domain
also tried with sudo vi sudoers-no luck ? E45:read-only option i set
and is it require to give domain name like abc.com in place of %Domain
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All done, Great .Thanks a lot.
ASKER
Thanks a lot.
ASKER
I have added vMa 5.1 to Ad Domain.
now i need that specific user or users part of ad group named ESX Admin can only have access on vma ?
also domain user should be able to run command as we can run using vi-admin ?
so need help to configure same @vMA, so that all domain should not be bale to login and use vma command