Wednesday, 6 January 2016

Adding Local User and Domain User To ESXi Host

Written by Suhas Savkoor

Every time you login to ESXi host, you login with root credentials. Now, you do not want to use root as a login name, you want to use a user with root permissions to login to the ESXi host. How do we do this?

1. Adding Domain User to ESXi host:
Step 1:
Here you can see that I have logged in as root to my ESXi host.

Step 2:
  • Create a Forward Lookup and a Reverse Lookup entry for this ESXi host on your DNS. This is required because, you will have to add the ESXi host to an Active Directory domain. 
  • To create a Forward/Reverse lookup record open your DNS manager. 
  • Under Forward Lookup Zones, right click your domain and select New Host (A or AAAA)
  • Enter the name for the host and the IP of the host. Make sure the "Create associated pointer (PTR) record" is checked.
  • Create a Reverse Lookup Zone for this same ESXi host

Step 3:
Verify this information is displayed on the DCUI of the ESXi host. 

Step 4:
  • Now we need to add this ESXi to the domain. For this:
  • Login to the ESXi host or the vCenter managing this host via a vSphere Client.
  • Navigate to Configuration > Authentication Services (Under Software) and click Properties.

  • Select Directory Service Type as Active Directory
  • Enter the Domain Name and Click Join Domain. It will prompt you for username and the password for the domain. 

Once the Username and Password is Provided, click Join Domain. And Click OK. This will Add the host to the active directory domain. 

Now if you go to Permissions tab and try to add a user from this added domain, you will not be able to see the domain. You will just see (server) domain. To resolve this, you will have to restart the management agents on the ESXi host. Run the below command from the Putty session of the ESXi host. 

# restart

Once the services are restarted go to Permissions tab, Right click and select Add Permissions

Click Add and now from the drop-down you can see the domain. 

  • Select a user from the domain and Click Add and click OK. From the Assigned Role Column, select the Administrative Permissions for this user and Click OK
  • Test the configuration by logging in directly to the host via vSphere client using the AD username and credentials. 
  • Test SSH by opening SSH and username will be <domain\username> and Password for the user. 

2. Adding a Local User for ESXi host:
  • Login to the host directly via a vSphere Client session.
  • Select the host and navigate to "Local Users&Groups tab"
  • Right click and Select Add

In the Add New User Window
  • Provide a Login name and a Username and a Password for this User. Do not give a UID as this will be automatically created once the user is added. 
  • Check Grant shell access for this user option and click OK
Go back to permissions again and add this user and grant him Administrative permissions using the same steps as above. This local user can be found under the (server) domain. 

Test the configuration by opening a Putty Session to the host and login with the user/credentials. 

That's it for today!


Post a Comment