Today let’s talk about the AD Integration with ESX 3.5
I believe most of you have to, at least once, to log in the ESX console for some troubleshooting, some third part app installation or maintenance, whatsoever.
You can do this with root account.
But you don’t want to share it’s password with dozens of administrators of your company. The auditors will be pulling their hairs off if you do that.
The best practice is to disable the remote access (SSH) for the root account.
Edit the /etc/ssh/sshd_config file
And change the PermitRootLogin from yes to no
Restart the sshd service
Now you should be safe ; )
But you still need the capability of login remotely, right ?!?
Here’s the thing:
- create a local account, with blank password, where the ID’s match the ID’s on your AD
run: useradd bob
there are a few options for group, comments, shell, etc.. (Check useradd man page for all options)
now that you have your accounts create locally you can set up LDAP redirection to your domain.
Run:
esxcfg-auth --enablead --addomain=example.com --addc=dc1.example.com
now you should be able to login through a SSH session with the ID and password from your AD domain.
Now you realized you cannot run the command which require admin privileges.
It’s time to tweak the /etc/sudoers file. Use VISUDO to do that.
if you have doubts, here’s the SUDO website about it.
Next post I will talk about the Active Directory integration with ESX 4.x
Who am I
- Eduardo Meirelles da Rocha
- I’m and IT specialist with over 15 years of experience, working from IT infraestructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Senior Consultant, helping customers to embrace the Cloud Era and make them succefully on this journay. Despite the fact I'm a VMware employee these postings reflect my own opnion and do not represents VMware's position, strategies or opinios.
Most Viewed Posts
-
During the past few weeks, my NSX partner in crime, the Sr. Consultant Anderson Duboc and I have been working on a NSX Reference Poster...
-
A few weeks ago I talked about vSphere Integrated ContainersNetworking , what they are used for, syntaxes and how the traffic flows to and...
-
One of the many vSphere Integrated Containers , VIC, benefits is its ability to control and manage resource allocation. Let’s make a compa...
-
At this point, you probably already heard about vSphere Integrated Containers and how it solves many of the challenges with traditional c...
-
After I talked about resources management within vSphere Integrated Containers some questions arose immediately: ...
-
Some time ago I blogged about how to change vRealize Automation All services icon , despite the fact it was a not supp...
-
Once again, Eric Siebert , launched it’s popular VMware related blog contest for 2017 . We should give this man a credit, despite all...
-
vRealize Automation 7.1 brings several new features and functionalities, while the community is covering the fanciest...
-
If you just install VMware Converter and start running it with it’s default configuration, I’m sure you will be successfully. But, the...
-
There's a new interface in town for vRealize Orchestrator which allows you to better configure plugins and cluster’s configuration,...
No comments:
Post a Comment