I have been looking through the documentation and it doesn't and playing around with ESX, and it seems I need a local account in order to login to https://ESX-HostName/MOB.
Does anyone know if it is possible to set this up for AD authentication? I need to give someone access to the MOB on all my hosts. I have a lot of hosts and I don't want to go adding a single user to each one.
I already have AD auth working for shell access, but that doesn't work for the MOB.
afaik, it's a local account only.
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
afaik, it's a local account only.
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
OK, thank you.
When I give them a local account, if I don't give them any sudo rights, can they change anything through the MOB or is it read-only?
'sudo' has nothing to do with whether a user can make changes to MOB, so long as the user is in the admin/root group, it'll have permission to do so which may also block basic login access. This is something you'll need to play with by creating a simple user either on the Service Console or using the vSphere Client and trying out various groups and see which will give you expected behavior. Basically, MOB will not auth against AD, it's local
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
Sorry, let me rephrase.
Say I just create a simple local user in the service console, and I do not modify any groups. If I did that, what can the user do via the MOB? Can they make any changes, or control the host in any way? Or can they just read from it?
Or an even broader question on the MOB...what changes/control can root do via the MOB? I don't really know anything about the MOB - just trying to understand what one can change/control with access to it.
Thanks for your help!
root has full access to make changes, the MOB is just an internal representation of the vSphere API and it's object inventory layout. It gives a pretty graphical way to browse around and see what the data structures look like and the data that can be retrieved, it's generally used for learning purposes when programming or scripting against the vSphere API.
To your question:
Say I just create a simple local user in the service console, and I do not modify any groups. If I did that, what can the user do via the MOB? Can they make any changes, or control the host in any way? Or can they just read from it?
Try it, should be a pretty simple test and see if you can make some changes like adding a vSwitch or renaming a portgroup. I would suspect it probably has read-only access but I'm not 100% sure. If you're workign with vCenter which is probably the better approach, then you can auth against AD and guarantee the users will have RO access which will allow them to log into vCenter MOB and has more granular permissions but at the host level I think it's either all or nothing.
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
OK, thanks William.