Solved

vSphere 6 - AD authentication - why allowing every domain user to login?

Posted on 2016-11-03
4
67 Views
Last Modified: 2016-11-04
I joined my vCenter appliance to AD, and added as an Identity source.
As soon as I do that, it allows any domain user in the forest to login.
Why is it doing that?
I thought the purpose of Access Control > Global Permissions was to control what user/group from which Identity Source is allowed to login?
In this case it seems simply adding an Identity source of AD permits anyone in that source to login...
0
Comment
Question by:garryshape
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 120
ID: 41873085
if any user can login, what access do they have ?
0
 

Author Comment

by:garryshape
ID: 41873094
It looks like most menu items are there, but no objects show up.
So if I'm in as one of these unwanted users, I click Networks, it shows 0. Same with VMs, Hosts, etc.

Just seems odd that it lets a user login though.
It looks like that's the same case in vCenter 5.5
0
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 41873148
That looks normal, until you assign permissions, users cannot do anything.

You need to create groups, assign user permissions so they can access any objects.
0
 

Author Comment

by:garryshape
ID: 41873169
Yeah I guess I just see a login as its own form of "permission".    
Seems like it would be more appropriate to just give a "no authorization" type of message unless there were permissions setup within.  
I guess since this is by design, the only workaround would be to setup firewall rules if we wanted to. Oh well, I guess it's not an issue.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When rebooting a vCenters 6.0 and try to connect using vSphere Client we get this issue "Invalid URL: The hostname could not parsed." When we get this error we need to do some changes in the vCenter advanced settings to fix the issue.
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Teach the user how to convert virtaul disk file formats and how to rename virtual machine files on datastores. Open vSphere Web Client: Review VM disk settings: Migrate VM to new datastore with a thick provisioned (lazy zeroed) disk format: Rename a…
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question