We have a bunch of Linux VMware 2 servers, so I wanted to make the VM web access interface is available to some key individuals. The goal is to do this without having to create local users for each user on the hosts. That said, since we have Active Directory, I decided to use it with the hosts. The first thing you have to do is, to make sure that the host has LDAP authentication setup. My implementation involves RHEL 5 hosts, which has a built-in mechanism to set up LDAP authentication. I'm not going to regurgitate how this is done since most confident system administrators will know the procedure already.

Proceed with Caution and at your own risk!Once you've setup LDAP authentication on the OS level, then you can proceed with the setup. I like to keep things clean, so I logged-in to the VM 2 server web interface, used the permission tab and setup a new "permission" for my LDAP VM group. You can call this group whatever you like, in my case, I named it "VM Admins" see below:

Once you've done this, you'll need to take one more step, and that's to tell VM server to authenticate using LDAP. To do this, you'll need to modify "/etc/pam.d/vmware-authd". Comment out the existing content (preserve, not destroy!) and add the following:

auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        sufficient    /lib64/security/pam_krb5.so
auth        requisite     pam_succeed_if.so uid >= 100 quiet
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_succeed_if.so uid < 100 quiet
account     sufficient    /lib64/security/pam_krb5.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

Once you've added the content to the file, save it and exit. At this point, you should be able to test out the web interface by logging-in with your LDAP credentials. Remember, if you're unable to do this, then you should check out /var/log/vmware/hostd.log for more info.

Enjoy!