Wednesday Tidbit: Join vMA to AD and restrict access

20150703 - VMwareAs part of studying for my VDCA550-DCA, I’ve started relying more on the CLI and a lot less on the GUI.  IMHO, the best tool for the job is the vSphere vMA.

For ease of use, I decided to add it to my domain and then lock it down so only certain users could logon.

First, logon to the vMA and add it to the domain:

sudo domainjoin-cli join nl.mdb-lab.com sa_domainjoin@nl.mdb-lab.com

This will prompt you for the vMA super-user password you set during installation, followed by the password for the account you’re using to add the vMA to the domain. The vMA will then require a reboot.

Once restarted, edit /etc/likewise/lsassd.conf and add the AD groups you wish to have access to the vMA:

sudo sed -i "/require-membership-of/c\require-membership-of = NL\\\vMA Access Users" /etc/likewise/lsassd.conf

In this case, I created an AD group called vMA Access Users and used that.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s