Create SSO users using SSH session on VCSA 6.5 with help of dir-cli utility. I had faced the strange issue after VCSA 6.5 deployment on My LAB that SSO account was not created. Could be my mistake and haven’t followed the best practice for the VCSA 6.5 deployment. But I have figured out the way to add the SSO users by logging in to VCSA 6.5’s ssh as root user. From vSphere 6.0, you can now easily create and manage SSO Users using dir-cli within the Platform Services Controller (PSC).
Pre-requisites :
You must have access to VCSA 6.5’s root account & ssh access must be enabled for VCSA 6.5 appliance.
- Login to VCSA 6.5 as root on ssh session.
2. You will get command prompt like below.
3. Gain the shell access.
4. Create a new user account on SSO using dir-cli.
root@VCSA6.5:# [ ~ ]# /usr/lib/vmware-vmafd/bin/dir-cli user create --account rajkumar --first-name rajkumar --last-name kumar --user-password 'Welcome@123' Enter password for administrator@vpshere.local: User account [rajkumar] created successfully root@VCSA6.5:# [ ~ ]#
5. Add the user in group administrator.
root@VCSA6.5:# [ ~ ]# /usr/lib/vmware-vmafd/bin/dir-cli group modify --name Administrators --add rajkumar Enter password for administrator@vpshere.local: Account [rajkumar] added to group [Administrators] Group member [rajkumar] added successfully
6. List the administrators users.
root@VCSA6.5:# [ ~ ]# /usr/lib/vmware-vmafd/bin/dir-cli group list --name Administrators Enter password for administrator@vpshere.local: cn=Administrator,cn=Users,dc=vpshere,dc=local CN=machine-8dc51c49-183f-450e-8f4d-384fc0e22142,CN=ServicePrincipals,DC=vpshere,DC=local CN=vsphere-webclient-8dc51c49-183f-450e-8f4d-384fc0e22142,CN=ServicePrincipals,DC=vpshere,DC=local CN=Linges waran,cn=users,dc=vpshere,dc=local CN=rajkumar kumar,cn=users,dc=vpshere,dc=local root@VCSA6.5:# [ ~ ]#
7. Access the vSphere web-client portal and try to login with newly created user.
——————————————————————————————————————–
We could also create the appliance management user account from the command prompt.
=> List the appliance management account.
Command> localaccounts.user.list
Config:
1:
Username: root
Status: enabled
Role: superAdmin
Passwordstatus: valid
Fullname: root
Email: ''
Command>
=> Creating the appliance management account .
Command> localaccounts.user.add --role operator --username unixarena --password
Enter password:
Reenter password:
Command>
Command> localaccounts.user.list
Config:
1:
Username: root
Status: enabled
Role: superAdmin
Passwordstatus: valid
Fullname: root
Email: ''
2:
Username: unixarena
Status: enabled
Role: operator
Passwordstatus: valid
Fullname: unixarena
Email: '
root@192 [ ~ ]#
snowfox says
I try create SSO user account(VCSA 6.0 use). but i’ve got below error messages.
localhost:/usr/lib/vmware-vmafd/bin # ./dir-cli user create –account snowwolf –first-name snow –last-name wolf –user-password
Enter password for administrator@vcenter.local:
Enter password for snowwolf@vcenter.local:
dir-cli failed. Error 9232: Possible errors:
LDAP error: Constraint violation
Win Error: Operation failed with error ERROR_WRITE_PROTECT (19)
Have any idea?
Greg says
Nice article!
one can also utilize VMware.vSphere.SsoAdmin module to deal with SSO actions from the repo https://github.com/vmware/PowerCLI-Example-Scripts
KP says
Great info. Helped me solve my issue. Thank you.
sang deuk says
Thank yo for your posting
It helped me to solve any issues
I wanna communicate with you. ~~
my email is sangsang.kwon@samsung.com ^.^