Hello!
We have a vCSA 5.5 integrated to our Child.DOMAIN.COM subdomain in corporate
Active Directory. Identity source set as "Active Directory (Integrated Windows Authentication)"
with "Use machine account" option. Users from our child domain has no problem with access
to the vSphere. We can list users and groups from parent DOMAIN.COM domain and assign
permissions for them. But users from parent domain can't be authenticated by vCSA. The
only "Provided credentials are not valid" message rose. Doesn't matter which form of login
to use - "DOMAIN\Username", "Username@DOMAIN.COM".
In the vmware-sts-idmd.log the messages like
INFO [IdentityManager] Authentication failed for user [Username@DOMAIN] in tenant [vsphere.local] in [315] milliseconds
We have a VMware support from HP Company side. But they say "it's not a poblem of software" and
declined to open a case. One of possible recipe is to join vCSA to the parent domain but it's impossible
in our case.
Is the anybode else use vCSA 5.5 to organise a cross-domain user authentication?
Best Regards.