After configuring the AD authentication on the ESXi 6.0 as per the KB 2075361 , we were not able to login to the ESX shell using the AD Authentication .
From the /var/log/ auth.log , we have noticed the below error.
pam_access(sshd:auth): access denied for user
sshd[123225]: [module:pam_lsass]pam_sm_authenticate: failed [error code:40286
As per the KB 2145400 it is mentioned as the known issue and also mentioned the workaround but it didnt help so we contacted the VMware support and they fixed the issue by doing the changes below.
1. Run the command
cp /etc/likewise/openldap/ldap.conf /tmp <—- Copy the file ldap.conf to /tmp directory
2. give write permission to /tmp/ldap.conf
chmod +w /tmp/ldap.conf
3. Modify the file /tmp/ldap.conf to set buffer size to 15KB
Replace the line ‘SASL_SECPROPS maxbufsize=40960’ with ‘SASL_SECPROPS maxbufsize=5242880‘ –> 5 MB
4. Save the file
5. Copy /tmp/ldap.conf to /etc/likewise/openldap/ldap.conf
6. Verify the contents of /etc/likewise/openldap/ldap.conf is modified.
7. restart the likewise daemon lwsmd
/etc/init.d/lwsmd restart
Dude. I’m so luck to have stumbled across your blog post. I’ve had a call into VMware for this very problem for weeks and they still haven’t provided this solution to me. Thank you for taking the time to do this write-up.
LikeLike
Issue got resolved in new updates
LikeLike
This is a non-persistent fix – reboots will return to prior behaviour. Best fix is to go to the next ESXi update.
LikeLike