Local or Active Directory Domain users on ESX and ESXi 4.1 systems cannot log in
Article ID: 309205
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
Symptoms:
After installing VMware ESX 4.1, these symptoms may occur:
For local user accounts created on ESX/ESXi:
For local user accounts created on ESX/ESXi:
- Users are unable to log in with a local account that is created by an administrator using the GUI or the command line (useradd).
- After setting a password and granting shell access (via UI), users cannot log in with these new accounts.
-
If attempting to access the host via SSH, users see the error:
Access Denied
-
If attempting to log in via the console, the login attempt fails and the user is presented with a login prompt again.
-
This issue does not occur for users created during the install process.
- Users are unable to log in with an active directory domain account using the GUI after ESX has been joined to the Active Directory domain.
- If attempting to access the host via SSH, users see the error:
Access Denied
- If attempting to log in via the console, the login attempt fails and the user is presented with a login prompt again.
Environment
VMware ESXi 4.1.x Embedded
VMware ESX 4.1.x
VMware ESXi 4.1.x Installable
VMware ESX 4.1.x
VMware ESXi 4.1.x Installable
Resolution
This issue occurs if local or domain accounts are added to a VMware ESX or ESXi 4.1 system and not granted the Administrator role on an object residing on that host (or the host itself). With the implementation of Active Directory integration for VMware ESX hosts, additional logon restrictions have been put in place to limit which accounts have shell access to the host.
For more information see, ESX Server 4.1 Configuration Guide.
For VMware ESXi hosts, see ESXi Configuration Guide.
For more information see, ESX Server 4.1 Configuration Guide.
For VMware ESXi hosts, see ESXi Configuration Guide.
Note: Users must have an Administrator role for an inventory object on the host to have shell access. In general, do not grant shell access unless the user has a justifiable need. Users that access the host only through the vSphere Client do not need shell access. Granting a user shell access requires a home directory mapping. For more information, see Local users are unable to access local or remote Tech Support mode on ESXi 4.1 (1029178).
For example, the HP System Insight Manager requires access as root to monitor devices, temperatures, fan speed but requires no shell access. For more information on HP System Insight Manager see HP Systems Insight Manager 6.3: Overview & Features.
Note: This link was valid as of April 22, 2011. If you find the link to be broken, provide feedback on the article and VMware employee will update the article as necessary.
Additional Information
Enabling root SSH login on an ESX host (8375637)
Using Tech Support Mode in ESXi 4.1 and ESXi 5.0 (1017910)
Using Tech Support Mode in ESXi 4.1, ESXi 5.x, and ESXi 6.x
Local users are unable to access local or remote Tech Support mode on ESXi 4.1
ESX および ESXi 4.1 システム上のローカル ユーザーまたは Active Directory ドメイン ユーザーがログインできない
Enabling root SSH login on an ESX host
Using Tech Support Mode in ESXi 4.1 and ESXi 5.0 (1017910)
Using Tech Support Mode in ESXi 4.1, ESXi 5.x, and ESXi 6.x
Local users are unable to access local or remote Tech Support mode on ESXi 4.1
ESX および ESXi 4.1 システム上のローカル ユーザーまたは Active Directory ドメイン ユーザーがログインできない
Enabling root SSH login on an ESX host
Feedback
Yes
No
Powered by
