Tuesday, October 6, 2015

VCSA 51. Интеграция с Active Directory


  1. In the "VMware vCenter Server Appliance" web site got to vCenter Server -> Authentication
    • Check "Active Directory Enabled"
    • Eneter values to fields:
      • Domain - domain name.
      • Administrator user - user principal name (UPN) with administrative rights in the domain.
      • Administrator password - password
    • For example:
  2. Go to vSphere Web Client with root account
    • Go to Administration -> Sign-On and Discovery -> Configuration -> Identity Sources
    • Click the + (green) symbol (Add Identity Source) and fill in the required information:
      • Name - Anything you want to refer to this Identity source as (typically domain name)
      • Primary Server URL: ldap://<domain server FQDN>
      • Secondary Server URL: <optional>
      • Base DN for users: distinguished name (DN) of object unit (OU) with users
      • Domain Name: <Domain Name>
      • Domain alias: <NetBIOS domain name>.
        WARNING!!! You must fill out this field. If you dont - you can't login to vSphere Web Client with AD login <domain>\<username> and option "Use Windows session authentication" don't work.
      • Base DN for groups: distinguished name (DN) of object unit (OU) with groups
      • Authentication Type: (How you want to authenticate the initial connection to your domain)
    • For example:
      • Name - MyDomain
      • Primary Server URL: ldap://mydom-dc1.com
      • Secondary Server URL: ldap://mydom-dc2.com
      • Base DN for users: OU=Users,OU=IT,DC=mydomain,DC=com
      • Domain Name: mydomain.com
      • Domain alias: mydomain
      • Base DN for groups: OU=Groups,OU=IT,DC=mydomain,DC=com
      • Authentication Type: Reuse Session
    • Select your AD server URL and click on the blue dot with an arrow ("Add to default domains").
      WARNING!!! When your domain appears in default domains list click on the blue disk icon to save your change, otherwise you will be wondering why it is not working as expected.
    • Go to Administration -> Access -> SSO Users and Groups -> Groups
      • Select internal group __Administrators__
      • Click "Add Principals"
      • Find user or group in AD domain and add to group __Administrators__
More information can find in this articles:
VMware vCenter 5.1 Installation: Part 9 (Optional SSO Configuration)
Unable to login to vCenter Server after upgrading to vCenter Server 5.1
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)