5.0

ManualsBrandsVMware ManualsApplicationsvSphere

Table Of Contents

vSphere Management Assistant Guide

vSphere Management Assistant Guide

16 VMware, Inc.

Troubleshooting Unattended Authentication

IfyouarenotabletoauthenticatefromvMAorcannotaddvMAtothedomaincontroller,verifythefollowing

conditions:

 YourDNSserversetupinvMAresolvestheIPaddressorhostnameofthevCenterservertoafully

qualifieddomainname(FQDN)andthattheFQDNcontainsthedomainnametowhichvMAisadded.

 Thecommandvifp listserversshowsthenameofvCenterserverastheFQDNthatcontainsthe

domainnametowhichvMAisaddedasthesuffix.

 ThedateandtimesettingsonvMA,thedomaincontrollerandthevCenterserverarethesame.Verifythe

timezoneaswell.Thetimemayvarybyanhour,butalargetimeskewmightcauseauthentication

problems.

Enable the vi-user Account

Aspartofconfiguration,vMAcreatesavi‐useraccountwithnopassword.However,youcannotusethe

vi‐useraccountuntilyouhavespecifiedavi‐userpassword.

To enable the vi-user account

1LogintovMAasvi‐admin.

2RuntheLinuxpasswdcommandforvi‐userasfollows:

sudo passwd vi-user

IfthisisthefirsttimeyouusesudoonvMA,amessageaboutrootuserprivilegesappears,andyouare

promptedforthevi‐adminpassword.

3Specifythevi‐adminpassword.

4Whenprompted,typeandconfirmthepasswordforvi‐user.

Afterthevi‐useraccountisenabledonvMA,

ithasnormalprivilegesonvMAbutisnotinthesudoerslist.

WhenyouaddESXitargetservers,vMAcreatestwousersoneachtarget:

 vi‐adminhasadministrativeprivilegesonthetargetsystem.

 vi‐userhasread‐onlyprivilegesonthetargetsystem.vMAcreatesvi‐useroneachtargetthatyouadd,

evenifvi‐userisnotcurrentlyenabledonvMA.

WhenauserisloggedintovMAasvi‐user,vMAusesthataccountontargetESXihosts,andthe

usercanrun

onlycommandsontargetESXihoststhatdonotrequireadministrativeprivileges.

vMA User Account Privileges

Table 2‐1liststheprivilegesthatthedifferentuseraccountshaveforvCLIusageagainstdifferenttargets.

MPORTANTThevi‐useraccounthaslimitedprivilegesonthetargetESXihostsandcannotrunany

commandsthatrequiresudoexecution.Youcannotusevi‐usertoruncommandsforActiveDirectorytargets

(ESXiorvCenterServer).ToruncommandsfortheActiveDirectorytargets,usethevi-adminuseror

login

asanActiveDirectoryusertovMA.

Table 2-1. Account Privileges for vCLI Usage

Target

Authentication

Policy vi-admin vi-user domain user

ESXifpauthYYN

ESXi adauth Y N Y

vCenterServer fpauth Y N N

vCenterServer adauth Y N Y