Table of Contents
Advertisement
vSphere Installation and Setup
Option
OpenLDAP
LocalOS
N
If the user account is locked or disabled, authentications and group and user searches in the
OTE
Active Directory domain will fail. The user account must have read-only access over the User and
Group OU, and must be able to read user and group attributes. This is the default Active Directory
domain configuration for user permissions. VMware recommends using a special service user.
5
If you configured an Active Directory as an LDAP Server or an OpenLDAP identity source, click Test
Connection to ensure that you can connect to the identity source.
6
Click OK.
What to do next
When an identity source is added, all users can be authenticated but have the No access permission. A user
with vCenter Server Modify.permissions privileges can assign permissions to users or groups of users to
enable them to log in to vCenter Server. See
Active Directory Identity Source Settings
If you select the Active Directory (Integrated Windows Authentication) identity source type, you can either
use the local machine account as your SPN (Service Principal Name) or specify an SPN explicitly.
Select Use machine account to speed up configuration. If you expect to rename the local machine on which
vCenter Single Sign-On runs, specifying an SPN explicitly is preferable.
Table 4‑1. Add Identity Source Settings
Field
Domain name
Use machine account
Use SPN
Service Principal
88
Description
Use this option for an OpenLDAP identity source. See
LDAP Server and OpenLDAP Server Identity Source Settings,"
page 89.
Use this option to add the local operating system as an identity source.
You are prompted only for the name of the local operating system. If you
select this option, all users on the specified machine are visible to vCenter
Single Sign-On, even if those users are not part of another domain.
"Assign Permissions in the vSphere Web Client,"
Description
FDQN of the domain. Do not provide an IP address in this
field.
Select this option to use the local machine account as the
SPN. When you select this option, you specify only the
domain name. Do not select this option if you expect to
rename this machine.
Select this option if you expect to rename the local
machine. You must specify an SPN, a user who can
authenticate with the identity source, and a password for
the user.
SPN that helps Kerberos to identify the Active Directory
service. Include the domain in the name, for example,
STS/example.com.
You might have to run setspn -S to add the user you
want to use. See the Microsoft documentation for
information on setspn.
The SPN must be unique across the domain. Running
setspn -S checks that no duplicate is created.
"Active Directory
on
on page 89.
VMware, Inc.
Hide quick links:
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for VMware VS4-ENT-PL-A - vSphere Enterprise Plus
Related Products for VMware VS4-ENT-PL-A - vSphere Enterprise Plus
- VMware vSphere vCenter Server 4.0
- VMware vSphere ESX 4.0
- VMWARE VCENTER CONFIGURATION MANAGER 5.3 - VCENTER DISCOVERED MACHINES IMPORT TOOL GUIDE
- VMWARE VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS
- VMWARE VIEW 4.5 - GUIDE DE MISE A NIVEAU
- VMWARE VCENTER SERVER 4.0 - UPGRADE GUIDE UPDATE 1
- VMWARE VCM 5.3
- VMware vCenter ConfigurationManager 5.3
Need help?
Do you have a question about the VS4-ENT-PL-A - vSphere Enterprise Plus and is the answer not in the manual?