VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Configure the Local User Password Expiration Policy for NSX Manager

Configure the password expiration policy for NSX Manager local users in
VMware Cloud Foundation
. You configure the policy on a per-user basis for the built-in NSX accounts.
User
Setting
Default Value
root
Maximum number of days between password change
90
admin
Maximum number of days between password change
90
audit
Maximum number of days between password change
90
guestuser1
Maximum number of days between password change
90
guestuser2
Maximum number of days between password change
90

UI Procedure

  1. Log in to the management domain vCenter Server at
    https://<management_vcenter_server_fqdn>/ui
     by using an account with
    Administrator
     privileges.
  2. In the
    VMs and templates
     inventory, expand the management domain vCenter Server tree and expand the management domain data center.
  3. Expand the VM folder containing the NSX Manager cluster for the management domain.
  4. Select the first node of the NSX Manager cluster and click
    Launch web console
    .
  5. Log in to the NSX Manager node as
    admin
    .
  6. Change the maximum number of days between password change using the following command.
    set user root password-expiration <your_value>
    The change is replicated to the other nodes in the NSX Manager cluster.
  7. Repeat this procedure for the remaining local accounts.
  8. Repeat this procedure on the NSX Local Manager clusters for all VI workload domains.
  9. Repeat this procedure on all NSX Global Manager clusters.

PowerShell Procedure

  1. Start Windows PowerShell.
  2. Replace the values in the sample code and run the commands in the PowerShell console.
    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "administrator@vsphere.local"
$sddcManagerPass = "VMw@re1!"

$sddcDomainName = "sfo-m01"

$maxDays = "90"
  3. Perform the configuration by running the command in the PowerShell console.
    Update-NsxtManagerPasswordExpiration -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -maxdays $maxDays
  4. Repeat this procedure for the NSX Local Manager clusters for all VI workload domains.
  5. Configure the password expiration policies on all NSX Global Manager clusters manually in the appliance console of the first node of each cluster.

Content feedback and comments