[PVE-User] Proxmox VE 2.0 rc1 released!
Gusek, Michael
Michael.Gusek at vanguard-healthcare.com
Mon Feb 20 16:35:02 CET 2012
Hello Alain,
I did'nt setup setup samba or kerbereos. I think there is no need for this, because I can successfully add AD-users with user root, and I can login with this users. I can't add new AD-user's with an AD-User logged in. Perhaps I miss-configured something or there is a problem with rights, or something else. For authentication against Active Directory you don't need samba in any cases. With mod_auth_ldap for example apache can authenticate against AD, perhaps proxmox used the same technical ?
Michael
-----Ursprüngliche Nachricht-----
Von: pve-user-bounces at pve.proxmox.com [mailto:pve-user-bounces at pve.proxmox.com] Im Auftrag von Alain Péan
Gesendet: Montag, 20. Februar 2012 16:13
An: pve-user at pve.proxmox.com
Betreff: Re: [PVE-User] Proxmox VE 2.0 rc1 released!
Hi Michael,
I did some configuration before trying to add an AD domain. I installed
Samba and Kerberos, and configured both for my AD domain, then join the
PVE hosts to the domain with 'net ads join'.
It is my feeling that these steps are necessary, in order to provide an
account for the PVE host on the AD domain, initialize the kerberos keys
(/etc/krb5.keytab) etc.... That is what I do to configure AD
authentication on other conventionnal linux machines. Notice that my DNS
servers in /etc/resolv.conf are those from windows domain.
Dietmar can perhaps say if these steps are required or not. If you don't
enter at any point AD administratror credentials to join the domain, I
don't see how it could work... And it was indeed working for me.
Did you do some similar configuration ?
Alain
Le 20/02/2012 15:29, Gusek, Michael a écrit :
> Hi Dietmar,
>
> i've added an AD-User to proxmox, explained by you below. Login works fine, but cannot add new user: "no such user ('manfred.mustermann at vanguard.de') (403)". With root there isn't a problem. Here my user.cfg:
>
> user:michael.gusek at vanguard.de:1:0:Michael:Gusek:michael.gusek at vanguard-healthcare.com::
> user:root at pam:1:0:::it at vanguard-healthcare.com::
>
> group:admin:michael.gusek at vanguard.de::
>
> acl:1:/:@admin:Administrator:
>
> Thanks,
>
> Michael
>
> -----Ursprüngliche Nachricht-----
> Von: pve-user-bounces at pve.proxmox.com [mailto:pve-user-bounces at pve.proxmox.com] Im Auftrag von Dietmar Maurer
> Gesendet: Montag, 20. Februar 2012 10:07
> An: Alain Péan; pve-user at pve.proxmox.com
> Betreff: Re: [PVE-User] Proxmox VE 2.0 rc1 released!
>
>> I added a group with role 'Administrator', and add my AD user to this group. I
>> thought it was the group with all permissions, but when I log as this AD user, I
>> cannot see under given node the storages, as I do when logged as root. Is this
>> normal ?
> How did you add the role?
>
> Goto Datacenter/Permissions/Add/GroupPermissions
>
> Path: /
> Group: yourgroup
> Role: Administrator
>
> Please can you post the '/etc/pve/user.cfg' file If that does not work?
>
> - Dietmar
>
>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
--
==========================================================
Alain Péan - LPP/CNRS
Administrateur Système/Réseau
Laboratoire de Physique des Plasmas - UMR 7648
Observatoire de Saint-Maur
4, av de Neptune, Bat. A
94100 Saint-Maur des Fossés
Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33
==========================================================
_______________________________________________
pve-user mailing list
pve-user at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
More information about the pve-user
mailing list