Active Director user denied to ESXi SSH login – ESXi 6.0 ( 3620759)

After configuring the AD authentication on the ESXi 6.0 as per the KB 2075361 , we were not able to login to the ESX shell using the AD Authentication .

From the /var/log/ auth.log , we have noticed the below error.

pam_access(sshd:auth): access denied for user 

sshd[123225]: [module:pam_lsass]pam_sm_authenticate: failed [error code:40286

As per the KB 2145400 it is mentioned as the known issue and also mentioned the  workaround  but it didnt help so we contacted the VMware support and they fixed the issue by doing the changes below.

1. Run the command
cp /etc/likewise/openldap/ldap.conf /tmp <—- Copy the file ldap.conf to /tmp directory

2. give write permission to /tmp/ldap.conf
chmod +w /tmp/ldap.conf

3. Modify the file /tmp/ldap.conf to set buffer size to 15KB

Replace the line ‘SASL_SECPROPS maxbufsize=40960’ with ‘SASL_SECPROPS maxbufsize=5242880‘ –> 5 MB


4. Save the file

5. Copy /tmp/ldap.conf to /etc/likewise/openldap/ldap.conf

6. Verify the contents of /etc/likewise/openldap/ldap.conf is modified.

7. restart the likewise daemon lwsmd

/etc/init.d/lwsmd restart



This entry was posted in ESXi issue, VMware and tagged . Bookmark the permalink.

3 Responses to Active Director user denied to ESXi SSH login – ESXi 6.0 ( 3620759)

  1. Thank You says:

    Dude. I’m so luck to have stumbled across your blog post. I’ve had a call into VMware for this very problem for weeks and they still haven’t provided this solution to me. Thank you for taking the time to do this write-up.


  2. A User says:

    This is a non-persistent fix – reboots will return to prior behaviour. Best fix is to go to the next ESXi update.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s