Mshen   23525 pts.  |   Mar 31 2009  6:58PM GMT

Purchasing the vCenter Server license, and installing it on a Windows VM or physical machine will allow you to use Active Directory accounts to connect to the vCenter Server to manage your virtual infrastructure.

AdamJB   20 pts.  |   Apr 13 2009  10:17PM GMT

We’ve been using VMware on Linux Hosts and using AD Authentication for the past couple of years, with great success on both VMware Server 1 & 2.

If you already have your Winbind/Samba configuration working and all you need is a working vmware-authd pam file, here is what we use:

auth sufficient pam_unix.so shadow nullok
auth sufficient pam_winbind.so use_first_pass cached_login
account sufficient pam_unix.so
account sufficient pam_winbind.so cached_login

The ‘cached_login’ parameter allows Winbind to use cached account info, which allows a domain account that has previously logged in to log in when no domain controllers are available.

We found during testing that if Domain Controllers are unavailable, Winbind would not switch to offline mode reliably on it’s own. So, we created a simple script to check LDAP connectivity to Domain Controllers, and set Winbind to online or offline mode depending on whether or not the DCs are available. The script is scheduled to run once per minute via cron:

DC1=`nmap -sS -p 389 10.2.1.21|grep open|wc -l`
DC2=`nmap -sS -p 389 172.21.2.2|grep open|wc -l`
WINBINDONLINE=`smbcontrol winbindd onlinestatus|grep ‘AINET:Online’|wc -l`

if [ "$DC1" -eq "1" -o "$DC2" -eq "1" ]; then
if [ "$WINBINDONLINE" -eq "0" ]; then
smbcontrol winbindd online
echo `date` - Switching winbindd to online mode >> /var/log/samba/smbcontrol
fi
else
if [ "$WINBINDONLINE" -eq "1" ]; then
smbcontrol winbindd offline
echo `date` - Switching winbindd to offline mode >> /var/log/samba/ smbcontrol
fi
fi