Solved

vSphere 6 - AD authentication - why allowing every domain user to login?

Posted on 2016-11-03
4
54 Views
Last Modified: 2016-11-04
I joined my vCenter appliance to AD, and added as an Identity source.
As soon as I do that, it allows any domain user in the forest to login.
Why is it doing that?
I thought the purpose of Access Control > Global Permissions was to control what user/group from which Identity Source is allowed to login?
In this case it seems simply adding an Identity source of AD permits anyone in that source to login...
0
Comment
Question by:garryshape
  • 2
  • 2
4 Comments
 
LVL 118
ID: 41873085
if any user can login, what access do they have ?
0
 

Author Comment

by:garryshape
ID: 41873094
It looks like most menu items are there, but no objects show up.
So if I'm in as one of these unwanted users, I click Networks, it shows 0. Same with VMs, Hosts, etc.

Just seems odd that it lets a user login though.
It looks like that's the same case in vCenter 5.5
0
 
LVL 118

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
ID: 41873148
That looks normal, until you assign permissions, users cannot do anything.

You need to create groups, assign user permissions so they can access any objects.
0
 

Author Comment

by:garryshape
ID: 41873169
Yeah I guess I just see a login as its own form of "permission".    
Seems like it would be more appropriate to just give a "no authorization" type of message unless there were permissions setup within.  
I guess since this is by design, the only workaround would be to setup firewall rules if we wanted to. Oh well, I guess it's not an issue.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSp…
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now