The vSphere Management Assistant virtual appliance can allow a centralized command to run from a Linux virtual appliance with Active Directory credentials. Here's how to configure Active Directory authentication.
One of the enterprise-ready features of the vSphere Management Assistant (vMA) is its ability to use Active Directory authentication to ensure proper role-based access is used. Even though the vMA is a Linux-based virtual appliance, you can configure it to join an Active Directory domain.After the vMA is installed, establish a connection via SSH using PuTTY. Log in as the vi-admin account that was created in the initial setup. Figure A shows the vMA connected via PuTTY, ready for the command set to join Active Directory. Figure A
Click the image to enlarge.If DHCP assigns proper DNS settings for your Active Directory configuration, you are good. If you need to add a specific DNS setting and suffix, the sudo system-config-network-tui command will allow you to specify settings for Active Directory. This is important, as the vMA doesn't have a native NetBIOS name browser. Figure B shows this step being performed. Figure B
Click the image to enlarge.Once that is configured, you can complete the domain join operation in the vMA. The command syntax is: sudo domainjoin-cli join domain user. In the case of the domain, I'm using my personal virtualization test lab's RWVDEV.INTRA domain name, and the syntax and its success is shown in Figure C. Figure C
Click the image to enlarge.Once the domainjoin command processes successfully, a computer account will appear in Active Directory with the name of the vMA specified in the local DNS configuration. Figure D shows the vMA within Active Directory Users And Computers on a domain controller. Figure D
Click the image to enlarge.The logins via PuTTY can now use the domain credentials. Figure E shows a login to the vMA with an Active Directory credential. Figure E
Click the image to enlarge.
While this user in particular does have vCenter privileges, no connection to a vCenter or ESX(i) server has been specified. Each command will subsequently pass credentials, but has not yet been configured.
Have you used Active Directory configuration for the vMA? If so, share any tweaks you have done to the process to make it work seamlessly, especially with DNS.