How to Add vMa 5.1 in AD ..to get login with domain ids for particulate domain group

Thanks.
I have added vMa 5.1 to Ad Domain.
now i need that specific user or users part of ad group named ESX Admin can only have access on vma ?

also domain user should be able to run command as we can run using vi-admin ?

so need help to configure same @vMA, so that all domain should not be bale to login and use vma command

Are you using adauth, and have you created the ESX Admins group?

Have you also tested adauth, by logging into an ESXi server using an AD Account?

You should only be able to login with an AD Account, if your username is in this group?

i have group name ESX Admins in Ad, that is fine for esx host

but now i need same config for vMA as well

how can we make sure that domain user from ad group esx admins can only have login access to vMA 5.1 [not esxi ]

will there be any config required there in vMa for any sudors file or any other config file to =define user/group level access?

as in esxi case we have option there in gui to give ad group name,but here we need this for vMA 5.1

So, have you tried logging into to vMA as an AD user in the ESX Admins group, and not in the ESX Admins group ?

So you want different users to be able to login to ESXi and vMA ?

e.g. two different AD groups ?

Ad group is same ESX Admins

as on esxi host : users of this group:ESX Admins can only have login to esxi host and thay are by default part of root access right ?

Now i need same config to be done with vMA Appliance ?

my need is all users form Group ESX Admins can only have login and work access on vMA, as same as it is configured for vi-admin in vMa ?

can you login on your vMA server with an AD Account in the AD Group  ESX Admins ?

m able to login with all account form AD?
while i needlogin should work for esx admin group form ad?

Thanks,but my concern is right now all user form ad domain are able to login into vMa using domain ID ?

while i need users form Esx Admin Gorup should only be able to login into vMA and be able to run command as we run using vi-admin account ?

did you complete the additional configuration, in this...

http://www.virtuallyghetto.com/2010/07/vma-41-active-directory-intergration.html

Thanks,will have look for this,but where we have to give that group name esx admin in vMa config ?

so that users form ad group" ESx admin can only have login and work access on vMAas we have for vi-admin ?

By Adding ESXi and vCenter Servers to vMA using adauth.

fine,but i need this to be make sure for vMA login  only, as my host are already configured in domain with having access for ESX ADMIN group only

Let me know when you go through the links.

yes i have done this config ,given in url

so any AD user can login into vMA ?

can any AD user login into ESXi ?

any AD user can login into vMa.
but in Esxi  AD user form Group named Esx Admins can have login

so i need this to be rectified for vMa ?

have you checked, that only users in the AD Group ESX Admins can login to ESXi ?

also can I have the output from...

sudo vifp listservers -l

run the above as vi-admin and AD user.

All Users form AD can not login to Esxi host using putty, Users form ad group named  ESx Admins can login to Esxi using putty

but in case of vMa Login via Putty-all from Ad can have login using domain id ?

so i am looking for config like only user form esx admin group can login into vMa

 and out put for vifp listservers -l is same for all like vi-admin,user from ad and user form ad group named esx admin

but if i add any server using any of ad id, saying u dont have permission ?

not allowing to edit  n save sudoers or any other file, even m logged in with vi a-dmin

also tried with sudo vi sudoers-no luck ? E45:read-only option i set


 and is it require to give domain name like abc.com in place of %Domain

All done, Great .Thanks a lot.

Thanks a lot.