vSphere-6:Part 5-Adding AD Authentication in vCenter Server


In last post of this series we learnt how to install vCenter Server 6 on Server 2012. I am new to vSphere 6 so at beginning I had kept things simple and installed vCenter and PSC on a single machine (embedded mode) and also used embedded vPostgres database.

If you have missed earlier posts of this series then you can access the same by clicking on below links:

1: Introduction to vSphere 6

2: vSphere 6-Lab Setup

3: Installing and Configuring Esxi Server 6

4: Installing vCenter 6

Earlier vCenter Server was holding the SSO component, but in vSphere 6 it is included as part of PSC. The Platform Services Controller contains the shared services that support vCenter Server and vCenter Server components.

In this post we will learn how to configure AD authentication in vCenter Server 6.0.

The vCenter SSO authentication service makes the VMware infrastructure more secure by allowing the various vSphere software components to communicate with each other through a secure token exchange mechanism, instead of requiring each component to
authenticate a user separately with a directory service like Active Directory.

Lets begin with configuring AD authentication for vCenter Server

After installing vCenter Server 6 I was trying to connect to vcenter using vSphere C# client providing my domain credentials. It was not allowing me to login and throwing error username or password is incorrect.

wc-001wc-002

I was aware of this behaviour. This happens because by default your domain users don’t have permission to login to vCenter Server. To remediate this you need to login to vCenter Server using Web-Client and then assign permission to your domain users or groups on vCenter level.

wc-1

After successful login, we need to navigate to Home> Administration and then click on Global Permissions and select manage tab. Click on the green + button to start assigning permission for domain users.

wc-003

A new window will be launched. Under Assigned Role select Administrator and click on “Add” button at the bottom.

wc-004

Clicking on Add button will launch a separate window, where you have to select your identity source from “Domain” drop down menu.

wc-005

To my surprise in drop down menu my domain “alex.local” was not listed. I have seen this behaviour with vSphere 5.5, where at the time of installation, vCenter is unable to discover your identity source (happens rarely)

I don’t know this is by design in vSphere 6.0 or what but seems vCenter was unable to locate my domain at the time of installation. But we need not to worry at this point as this can be easily corrected by adding Identity source manually.

To add identity source navigate to Home > Administration > Configuration. Select Identity Sources tab and click on green “+” button to add.

wc-006

Here you will get various option to select from. vSphere 6.0 supports following as identity source:

1: Active Directory (Integrated Windows Authentication): This option works with both, Windows-based vCenter Server and vCSA. The underlying system (Windows Server or Infrastructure node of PSC) has to be a member of the Active Directory domain.

2: Active Directory As an LDAP Server

3: Open LDAP

4: Local OS

In my lab, my domain is configured on Microsoft AD (Server 2012) so I chose first option. Your environment may differ from mine so choose accordingly.

wc-007

Verify your domain name and click on OK to add it as Identity Source.

Now your domain will appear in the list of Identity Sources and now you will be able to assign vCenter permissions to users and groups from your active directory.

Select your domain and click the world with arrow button (marked in green) to make your AD as default domain.

 

wc-008

Note: If your environment does not have Windows Integrated AD, then I would recommend reading this Blog post by Florian Grehl for how to configure AD with Open LDAP as identity source.

Also you can check vSphere 6 documentation for the same.

Now again navigate to Home> Administration > Global permissions to assign permission to your domain users.

Now I can see my domain listed in drop-down menu while trying to add user. Select your domain here.

wc-010

After selecting your domain you can see your user’s listed below.

Select the appropriate user and click on Add button. Optionally you can click on Check names to verify the username is correct or not.

wc-011

Once you are done with adding all the required users, click on OK button.

Make sure to select correct role (under Assigned Roles) for the users you are adding.

wc-012

After this you will be able to login to vCenter Server (using both vSphere Web-Client and C# Client) using your domain credentials.

With this AD configuration for vCenter Server 6 is finished. In next post of this series we will learn how to configure vCenter Server.

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable 🙂

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in Vmware, vSphere 6 and tagged . Bookmark the permalink.

7 Responses to vSphere-6:Part 5-Adding AD Authentication in vCenter Server

  1. fuad says:

    This is simple and awesome. Thank you admin.

    Like

  2. Pingback: vSphere-6:Part 6-vCenter Server Basic Configuration | Go Virtual.

  3. Pingback: vSphere-6:Part 7-Configuring dvSwitch & Port groups | Go Virtual.

  4. Pingback: Newsletter: January 10, 2016 | Notes from MWhite

  5. Pingback: vSphere-6:Part 8-Configuring Esxi Hosts Settings | Go Virtual.

  6. Pingback: vSphere-6:Part 9-Installing vSphere Update Manager | Go Virtual.

  7. Pingback: vSphere-6:Part 10-Configuring vSphere Update Manager | Go Virtual.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s