Enabling Active Directory Authentication with ESX 3.5 and Vsphere

Posted: June 6, 2009 in Tips and Tricks, VMware

Recently I needed to setup AD authentication with ESX 3.5 as part of a security hardening exercise which stated users other then root needed to authenticate against AD rather then using local passwords.

Off I went on my quest to enable this which brought me to this VMware document here. After browsing through it and thinking “That looks fairly simple” I went and run the following command on the ESX 3.5 service console

esxcfg-auth –enablead –addomain=demo.com –addc=virtualcenter.demo.com

useradd testuser  (This creates a user account on the ESX server, don’t set password for this account)

I then launched a putty session and tried to login but I  kept getting the error “access denied”,  so I  went and tailed the messages log using tail -f /var/log/messages and noticed the error “Time Skew to great” which told me this was a time issue.

I looked at the time on the ESX service console and it was within 30 seconds so I was a bit puzzled because in the past Ive read and experienced problems only if the time was skewed more then 10 minutes . After a heap of playing around I thought well ill set the ESX server to use the AD controller for time so I went and configured NTP and gave it another crack.

Success …. so from this  another reminder to myself about just how important time is within an ESX cluster.

So the next think I wanted to test was if these steps where the same for Vsphere. After running the exact commands as shown above I can confirm the exact same steps also configure AD authentication with Vsphere.

Also just as a note, if you read one of my  posts last week about the Vsphere installer (here) … you might have noticed that NTP can be configured during the install process which is really good to see because Ive lost count of the times Ive seen people forget to set this up post install. (Yes myself included)

  1. […] he’s been doing a lot of work on securing ESX, integrating ESX into Active Directory, and experimenting with vSphere v4. If you’re interested in VMware and are looking for some […]

  2. […] Enabling Active Directory Authentication with ESX 3.5 […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s