Although it is possible to authenticate to a VMware vCenter Server (VCSA) server with a local user account (defined on that server), it is also possible to join that server to an Active Directory domain to be able to log in. authenticate with a user in your Active Directory domain.
To get started, log in as "administrator@vsphere.local" to your VMware vCenter Server via the address: https://vcsa.informatiweb.lan/ui/
Then go to: Menu -> Administration.
Then, in the left menu, go to: Single Sign-On -> Configuration.
Then, in the “Active Directory Domain” tab, click: Join AD.
In the "Join Active Directory Domain" box that appears, indicate:
Then click: Join.
Important : using a read-only domain controller (RODC) is not supported.
Once the join to your AD domain is complete, this message will be displayed:
Node vcsa.informatiweb.lan has joined the active directory successfully. Reboot the node to apply changes.
To restart your VMware vCenter Server from this vSphere Client:
Specify a reason for restarting the node and click: Reboot.
For example: Joining the Active Directory.
Note that restarting this node will have several consequences:
The list of nodes reappears.
If you open the VCSA (vCenter Server Appliance) console from the "VMware Host Client" web interface of your VMware ESXi host, you will see that the shutdown may take a few minutes.
Plain Text
[ ***] (1 of 2) A stop job is running for VMware Service Lifecycle Manager (40s / 3min)
Once the reboot is complete, the blue and gray VCSA console (if applicable) will reappear.
If you try to access the VCSA web interface too quickly, you may receive this error:
503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20 NamedPipeServiceSpecE:0x0000560c737eed50] _...
If this is the case, wait another 1 minute and try again, now the "VMware vSphere" login page will appear without problem.
This is simply because VMware vCenter Server is made up of many services and therefore it takes time before all of these services have finished starting.
To see information about joining your Active Directory domain, go back to: Menu -> Administration -> Single Sign-On -> Configuration -> Active Directory Domain.
As you can see, our server "vcsa.informatiweb.lan" is joined to the Active Directory domain "INFORMATIWEB.LAN" and the LDAP path for the OU had not been specified.
To add an identity source, go to: Menu -> Administration -> Single Sign-On -> Configuration -> Identity Sources.
Then, click on: Add identity source.
Since you just linked your vCenter Server to your Active Directory domain, you can add the identity source for the same Active Directory domain more quickly.
For that :
The new identity source of type "Active Directory (Windows Integrated Authentication)" appears in the list.
As explained previously, adding an identity source allows you to use user accounts present on an Active Directory domain controller to connect to this vSphere Client.
To check this, go to: Single Sign-On -> Users and Groups -> Users.
By default, the selected domain and the SSO domain created when deploying VMware vCenter Server (or VCSA).
The default SSO domain is "vsphere.local".
If you open the "Domain" list, you will see your Active Directory domain appear.
If you select it, you will see that the list of users present in this Active Directory domain will appear.
For example: in our case, we can see our user "InformatiUser" appear.
As a demonstration, we will add a user from our Active Directory domain to the “Administrators” group of vCenter Server.
To do this, go to the “Groups” tab and click on the group name “Administrators”.
Next, click on the link: Add Members.
In the "Add Members" line, select your Active Directory domain name (eg: informatiweb.lan) from the list, then type the name of a user in the following box.
In our case, we specify "Administrator" and vCenter Server finds the "Administrator" user account in our Active Directory domain.
Click on this user's name.
The Administrator account appears in the list of members of this group.
Click Save.
As you can see, the user from our Active Directory domain has been added to the "Administrators" group of VMware vCenter Server.
Log out of the vSphere Client (by clicking your username at the top right of the page), then attempt to log in with the Active Directory user account you just added to the VMware "Administrators" group vCenterServer.
In our case, we therefore indicate:
Then we click on Login.
As expected, we have access to the vSphere Client and we have as many rights as before given that our user account is part of the "Administrators" group of VMware vCenter Server.
VMware 11/1/2024
VMware 7/5/2024
VMware 6/14/2024
VMware 10/16/2024
Pinned content
Contact
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.
You must be logged in to post a comment