Wednesday Tidbit: Join vMA to AD and restrict access

20150703 - VMwareAs part of studying for my VDCA550-DCA, I’ve started relying more on the CLI and a lot less on the GUI.  IMHO, the best tool for the job is the vSphere vMA.

For ease of use, I decided to add it to my domain and then lock it down so only certain users could logon.

First, logon to the vMA and add it to the domain:

sudo domainjoin-cli join

This will prompt you for the vMA super-user password you set during installation, followed by the password for the account you’re using to add the vMA to the domain. The vMA will then require a reboot.

Once restarted, edit /etc/likewise/lsassd.conf and add the AD groups you wish to have access to the vMA:

sudo sed -i "/require-membership-of/c\require-membership-of = NL\\\vMA Access Users" /etc/likewise/lsassd.conf

In this case, I created an AD group called vMA Access Users and used that.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.