5.0
Table Of Contents
- vSphere Management Assistant Guide
- Contents
- About This Book
- Introduction to vMA
- Getting Started with vMA
- Hardware Requirements
- Software Requirements
- Required Authentication Information
- Deploy vMA
- Configure vMA at First Boot
- vMA Console and Web UI
- Configure vMA for Active Directory Authentication
- Configure Unattended Authentication for Active Directory Targets
- Enable the vi-user Account
- vMA User Account Privileges
- Add Target Servers to vMA
- Running vSphere CLI for the Targets
- Reconfigure a Target Server
- Remove Target Servers from vMA
- Modifying Scripts
- Configure vMA to Use a Static IP Address
- Configure vMA to Use a DHCP Server
- Setting the Time Zone
- Shut Down vMA
- Delete vMA
- Troubleshooting vMA
- Update vMA
- Configure Automatic vMA Updates
- vMA Interfaces
- Index
VMware, Inc. 15
Chapter 2 Getting Started with vMA
To add vMA to a domain
1FromthevMAconsole,runthefollowingcommand:
sudo domainjoin-cli join <domain-name> <domain-admin-user>
2Whenprompted,providetheActiveDirectoryadministratorʹspassword.
Onsuccessfulauthentication,thecommandaddsvMAasamemberofthedomain.Thecommandalso
addsentriesinthe/etc/hostsfilewithvmaHostname.domainname.
3RestartvMA.
Now,youcanaddanActiveDirectorytargettovMA.Forstepstodothis,see“A d d TargetServersto
vMA”onpage 17.
To check vMA's domain settings
FromthevMAconsole,runthefollowingcommand:
sudo domainjoin-cli query
ThecommanddisplaysthenameofthedomaintowhichvMAhasjoined.
To remove vMA from the domain
FromthevMAconsole,runthefollowingcommand:
sudo domainjoin-cli leave
ThevMAconsoledisplaysamessagestatingwhethervMAhaslefttheActiveDirectorydomain.
Configure Unattended Authentication for Active Directory Targets
Toconfigureunattendedauthentication(authenticationfromvi‐adminorrootcontext)toActiveDirectory
targets,youmustrenewtheKerberosticketsforthedomainuserusingwhichthetargetisadded.Unattended
authenticationissupportedforESXi4.1Update3andlater.YoumustensurethattheActiveDirectoryissetup
forunattendedlogin.
To configure unattended authentication for Active Directory targets
1OnanyWindowsServer2003computerthatispartofthedomaintowhichvMAisadded,downloadand
installtheKtpasstoolfromtheMicrosoftwebsite.
2Openthecommandpromptandrunthefollowingcommand:
ktpass /out foo.keytab /princ foo@VMA-DC.ENG.VMWARE.COM /pass ca... /ptype KRB5_NT_PRINCIPAL
-mapuser <vma-dc>\<foo>
where,<vma‐dc>isthenameofthedomainandfooistheuserhavingpermissionsforthevCenter
administration.
Thiscommandcreatesafilecalledfoo.keytab.
3Movethefoo.keytabfileto/home/local/VMA-DC/foo.
YoucanuseWinSCPandloginasuservma-dc\footomovethefile.
4 (Optional)Makesurethat
theuservma‐dc\fooonvMAownsthefoo.keytabfilebyusingthefollowing
commands:
ls -l /home/local/VMA-DC/foo/foo.keytab
chown ‘vma-dc\foo’
/home/local/VMA-DC/foo/foo.keytab
5OnvMA,createascriptin/etc/cron.hourly/kticket-renewwiththefollowingcontents:
#!/bin/sh
su - vma-dc\\foo -c '/usr/bin/kinit -k -t /home/local/VMA-DC/foo/foo.keytab foo'
Thisscriptwillrenewtheticketfortheuserfooeveryhour.
Youcanalsoaddtheabovescripttoaservicein/etc/init.dtorefreshtheticketswhenvMAisbooted.