Creating and managing local user accounts on vCenter Server Appliance<\/p>\n
A couple of days back someone asked me how do we create a local user on the vCenter Server Appliance. So I started to understand how things work for local users on the vCenter Server Aplliance. Well it is pretty simple:<\/p>\n
Steps:<\/p>\n
Enable SSH on your vCenter Server Appliance.
\nNow login to your vCenter Server Appliance using a SSH client.
\nCreate a local user, here\u2019s the command:<\/p>\n
useradd vcadmin
\nImportant: Donot use the useraddd.local command.<\/p>\n
Assign a password to the just created user.<\/p>\n
passwd vcadmin
\nUsing the vSphere client, login as root to your vCenter Server Appliance.
\nSelect the object on which you want to assign permissions for this user. Go to permissions tab for this object and add permissions for this user.
\nThat\u2019s it.
\nTest user login and you are done.
\nIf you need to create a root equivalent user, i.e. a vcenter administrator. You will assign the permissions on the vc-inventory-root (datacenters folder).
\nNote: vCenter Server Appliance, uses PAM libraries for authenticating users. The PAM libraries on vCenter Server Appliance have been configured for strong authentication. Thus if any user has more than 3 continuous failed logins, the user account would be locked.<\/p>\n
You can check whether the user account is locked or not by running the following command on the vCenter Server Appliance over SSH login:<\/p>\n
pam_tally –user vcadmin
\nIt will echo something like the following.<\/p>\n
User vcadmin (1005) has 0
\nAs long the user has 0 (zero), everthing is good, if it is more than 3, the account is locked. To unlock the account, run the following command:<\/p>\n
pam_tally –user pam_tally –user username@domainname –reset \/etc\/pam.d\/common-auth Creating and managing local user accounts on vCenter Server Appliance A couple of days back someone asked me how do<\/p>\n
\nIf its a AD account, unlock it using the following command:<\/p>\n
\nBTW, if you need to change the default number allowed failed logins from say 3 to 5, edit the following file and update approriately.<\/p>\n
\nAlthough I have not tested this, I believe one should be able to add local groups in a similar way.<\/p>\n","protected":false},"excerpt":{"rendered":"