Solved

vSphere 6 - AD authentication - why allowing every domain user to login?

Posted on 2016-11-03
4
70 Views
Last Modified: 2016-11-04
I joined my vCenter appliance to AD, and added as an Identity source.
As soon as I do that, it allows any domain user in the forest to login.
Why is it doing that?
I thought the purpose of Access Control > Global Permissions was to control what user/group from which Identity Source is allowed to login?
In this case it seems simply adding an Identity source of AD permits anyone in that source to login...
0
Comment
Question by:garryshape
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 121
ID: 41873085
if any user can login, what access do they have ?
0
 

Author Comment

by:garryshape
ID: 41873094
It looks like most menu items are there, but no objects show up.
So if I'm in as one of these unwanted users, I click Networks, it shows 0. Same with VMs, Hosts, etc.

Just seems odd that it lets a user login though.
It looks like that's the same case in vCenter 5.5
0
 
LVL 121

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 41873148
That looks normal, until you assign permissions, users cannot do anything.

You need to create groups, assign user permissions so they can access any objects.
0
 

Author Comment

by:garryshape
ID: 41873169
Yeah I guess I just see a login as its own form of "permission".    
Seems like it would be more appropriate to just give a "no authorization" type of message unless there were permissions setup within.  
I guess since this is by design, the only workaround would be to setup firewall rules if we wanted to. Oh well, I guess it's not an issue.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
Teach the user how to delpoy the vCenter Server Appliance and how to configure its network settings Deploy OVF: Open VM console and configure networking:
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question