Solved

vSphere 6 - AD authentication - why allowing every domain user to login?

Posted on 2016-11-03
4
62 Views
Last Modified: 2016-11-04
I joined my vCenter appliance to AD, and added as an Identity source.
As soon as I do that, it allows any domain user in the forest to login.
Why is it doing that?
I thought the purpose of Access Control > Global Permissions was to control what user/group from which Identity Source is allowed to login?
In this case it seems simply adding an Identity source of AD permits anyone in that source to login...
0
Comment
Question by:garryshape
  • 2
  • 2
4 Comments
 
LVL 119
ID: 41873085
if any user can login, what access do they have ?
0
 

Author Comment

by:garryshape
ID: 41873094
It looks like most menu items are there, but no objects show up.
So if I'm in as one of these unwanted users, I click Networks, it shows 0. Same with VMs, Hosts, etc.

Just seems odd that it lets a user login though.
It looks like that's the same case in vCenter 5.5
0
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 41873148
That looks normal, until you assign permissions, users cannot do anything.

You need to create groups, assign user permissions so they can access any objects.
0
 

Author Comment

by:garryshape
ID: 41873169
Yeah I guess I just see a login as its own form of "permission".    
Seems like it would be more appropriate to just give a "no authorization" type of message unless there were permissions setup within.  
I guess since this is by design, the only workaround would be to setup firewall rules if we wanted to. Oh well, I guess it's not an issue.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
When rebooting a vCenters 6.0 and try to connect using vSphere Client we get this issue "Invalid URL: The hostname could not parsed." When we get this error we need to do some changes in the vCenter advanced settings to fix the issue.
Teach the user how to install and configure the vCenter Orchestrator virtual appliance Open vSphere Web Client: Deploy vCenter Orchestrator virtual appliance OVA file: Verify vCenter Orchestrator virtual appliance boots successfully: Connect to the …
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question