When using VMware ESXi 5 in an environment with Microsoft Active Directory, it is worth joining the hosts to Active Directory, and very simple to do.
Windows Domain Controller
A fresh build of ESXi 5.0 with just root password configured, and acquiring an IP address via DHCP
Configuration via the host Configuration tab
1. DNS and Routing Configuration:
Configure with Name, DNS Domain, and IP address of a DNS server which serves Microsoft Active Directory Domain DNS information.
2. Time Configuration:
Check time on the ESXi host is in sync with the Domain Controllers.
NTP should be configured to point to either internal NTP servers - alternatively can use the VMware NTP pool - 0.vmware.pool.ntp.org, 1.vmware.pool.ntp.org, 2.vmware.pool.ntp.org.
3. Authentication Services:
Select Directory Service Type: Active Directory
Enter the DNS domain
Click ‘Join Domain’
And enter username and password.
And that’s it! No need to reboot and no Security Profile settings on the host - Services or Firewall -have been changed from defaults.
The ESXi host will appear in Active Directory with an Operating System of unknown, version: unknown, and service pack: Likewise Identity 5.3.0
Note that the host is not added into DNS; this needs to be done manually.
Configuration via the host Permissions Tab
Via the Permissions tab, add in a domain user with permissions to the host (problems connecting to AD for group and user information, may be caused by Windows Firewall on the Domain Controller!)
Test connection to the host using an Active Directory login.
The domain login could even be used via SSH (check that the SSH service is started first from the Configuration tab > Security Profile > Services properties)
Via SSH, the root password is still required to enter privileged mode (using su - .) An AD user with the Administrator role can reset the root password.
Post a Comment