Today let’s talk about the AD Integration with ESX 3.5
I believe most of you have to, at least once, to log in the ESX console for some troubleshooting, some third part app installation or maintenance, whatsoever.
You can do this with root account.
But you don’t want to share it’s password with dozens of administrators of your company. The auditors will be pulling their hairs off if you do that.
The best practice is to disable the remote access (SSH) for the root account.
Edit the /etc/ssh/sshd_config file
And change the PermitRootLogin from yes to no
Restart the sshd service
Now you should be safe ; )
But you still need the capability of login remotely, right ?!?
Here’s the thing:
- create a local account, with blank password, where the ID’s match the ID’s on your AD
run: useradd bob
there are a few options for group, comments, shell, etc.. (Check useradd man page for all options)
now that you have your accounts create locally you can set up LDAP redirection to your domain.
Run:
esxcfg-auth --enablead --addomain=example.com --addc=dc1.example.com
now you should be able to login through a SSH session with the ID and password from your AD domain.
Now you realized you cannot run the command which require admin privileges.
It’s time to tweak the /etc/sudoers file. Use VISUDO to do that.
if you have doubts, here’s the SUDO website about it.
Next post I will talk about the Active Directory integration with ESX 4.x
Who am I
- Eduardo Meirelles da Rocha
- I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell
Most Viewed Posts
-
If you just install VMware Converter and start running it with it’s default configuration, I’m sure you will be successfully. But, the...
-
Most of my time as a Consulting Architect at VMware Professional Services I spend with clients, helping them to create innovative solut...
-
Last time we met I was talking about the basics of Cloud Assembly and how you can create your cloud-agnostic offer (blueprint) leveragi...
-
Managing a vSphere environment is not about making use of the technology by itself, in fact, it’s leveraging this technology to fulfill b...
-
Do you know the LUNs on your environment might have different versions ? Yeah, that’s true!! To check tha LUN version, on the configuratio...
-
One of the most appealing feature of any application/solution is it’s ability to provide higher levels of availability and resiliency, it b...
-
Once again I was working on a vSphere Site Recovery Manager project using vSphere Replication as a replication technology and had to exp...
-
During the past several years, infrastructure Administrators came up with different methods to organize its vCenters, some with folders ...
-
Finally, we get to the last step on this journey of upgrading my environment to the latest and greatest vSphere Integration Containers s...
-
On May 15 th VMware has released a new version of its own docker implementation product, vSphere Integrated Containers 1.4, as alwa...
No comments:
Post a Comment