Wednesday, 25 November 2015

Joining a Platform Service Controller to the AD Domain (vCSA 6.0)

In vCSA 6.0 the way we connect the AD is changed when compare to the older version. To join the AD in 6.0 VMware  included the Infrastructure node configuration which is part of the Platform Service controller.
When we have more that one PSC in the Load Balacer configuration then we have to configure the AD in all the PSC so that if active PSC is down still we can login to the other PSC.

Before configuring the AD make sure the Time Synchronization and naming is correct between the PSC and AD.

Login to the Web-Client with SSO Username and Password.
Navigate to Administration – Deployment – System Configuration.
l2ed 9itled
Select the Platform Service Controller and go to Manage –
Active Directory.
Click join
e45d9d

0ed
Once the authentication is provided then make sure to reboot the PSC and when booted we can see the AD configuration.
01ed
Make the same changes to the other PSC node also and in case if we are having issue on adding AD to the PSC and getting the below error then we need to activate the agent directly by login in to the PSC.
56ed
-ed
Login to the PSC SSH : /opt/likewise/bin/domainjoin-cli join domain username
Provide the AD password to join the domain.
Once it shows SUCCESS then reboot the PSC node.
Note it wont show the domain in GUI AD option like other PSC but still it is authenticated with the AD domain.
Another way to add the Domain is to by login to the Https://FQDNPSC/PSC
Provide the administrator@domain.local \ password
Go to the Appliance Settings.
Click Manage
Add Active Directory.
ssgo1
After the AD configuration is completed in PSC , Go to the Single Sign-On – Configuration – Identity Sources.
Click on Add symbol +
Ung
Before adding the AD Domain in PSC it will show the below message .
3led
Select the first option Active Directory ( Integrated Windows Authentication ) and in the Domain Name we can see the AD Domain which we added in the PSC.
Ungg
Next we have to add the appropriate AD Groups and the Users to the roles we want to access the VC.
Go to Global Permissions.
Und
Ungd
Click Add.
Select the AD Domain.
Search the User or Group
Un43
Also if you want to login directly with your domain user without adding the domainname in the username credentials , make the domain as default so it will allow directly AD user without domain name.
aad
Once user is added then try to login in to the webclient using the AD user.

No comments:

Post a Comment