[PVE-User] Proxmox VE 2.0 rc1 released!
Alain Péan
alain.pean at lpp.polytechnique.fr
Mon Feb 20 17:03:48 CET 2012
Hi Michael,
I understand better now, and I tried also to add another AD account
using first AD user with role 'Administrator. It failed too.
I think you are right with the mod_auth_ldap, perhaps what I did was
overkill...
Alain
Le 20/02/2012 16:35, Gusek, Michael a écrit :
> Hello Alain,
>
> I did'nt setup setup samba or kerbereos. I think there is no need for this, because I can successfully add AD-users with user root, and I can login with this users. I can't add new AD-user's with an AD-User logged in. Perhaps I miss-configured something or there is a problem with rights, or something else. For authentication against Active Directory you don't need samba in any cases. With mod_auth_ldap for example apache can authenticate against AD, perhaps proxmox used the same technical ?
>
> Michael
>
> -----Ursprüngliche Nachricht-----
> Von: pve-user-bounces at pve.proxmox.com [mailto:pve-user-bounces at pve.proxmox.com] Im Auftrag von Alain Péan
> Gesendet: Montag, 20. Februar 2012 16:13
> An: pve-user at pve.proxmox.com
> Betreff: Re: [PVE-User] Proxmox VE 2.0 rc1 released!
>
> Hi Michael,
>
> I did some configuration before trying to add an AD domain. I installed
> Samba and Kerberos, and configured both for my AD domain, then join the
> PVE hosts to the domain with 'net ads join'.
>
> It is my feeling that these steps are necessary, in order to provide an
> account for the PVE host on the AD domain, initialize the kerberos keys
> (/etc/krb5.keytab) etc.... That is what I do to configure AD
> authentication on other conventionnal linux machines. Notice that my DNS
> servers in /etc/resolv.conf are those from windows domain.
>
> Dietmar can perhaps say if these steps are required or not. If you don't
> enter at any point AD administratror credentials to join the domain, I
> don't see how it could work... And it was indeed working for me.
>
> Did you do some similar configuration ?
>
> Alain
>
> Le 20/02/2012 15:29, Gusek, Michael a écrit :
>> Hi Dietmar,
>>
>> i've added an AD-User to proxmox, explained by you below. Login works fine, but cannot add new user: "no such user ('manfred.mustermann at vanguard.de') (403)". With root there isn't a problem. Here my user.cfg:
>>
>> user:michael.gusek at vanguard.de:1:0:Michael:Gusek:michael.gusek at vanguard-healthcare.com::
>> user:root at pam:1:0:::it at vanguard-healthcare.com::
>>
>> group:admin:michael.gusek at vanguard.de::
>>
>> acl:1:/:@admin:Administrator:
>>
>> Thanks,
>>
>> Michael
>>
>> -----Ursprüngliche Nachricht-----
>> Von: pve-user-bounces at pve.proxmox.com [mailto:pve-user-bounces at pve.proxmox.com] Im Auftrag von Dietmar Maurer
>> Gesendet: Montag, 20. Februar 2012 10:07
>> An: Alain Péan; pve-user at pve.proxmox.com
>> Betreff: Re: [PVE-User] Proxmox VE 2.0 rc1 released!
>>
>>> I added a group with role 'Administrator', and add my AD user to this group. I
>>> thought it was the group with all permissions, but when I log as this AD user, I
>>> cannot see under given node the storages, as I do when logged as root. Is this
>>> normal ?
>> How did you add the role?
>>
>> Goto Datacenter/Permissions/Add/GroupPermissions
>>
>> Path: /
>> Group: yourgroup
>> Role: Administrator
>>
>> Please can you post the '/etc/pve/user.cfg' file If that does not work?
>>
>> - Dietmar
>>
>>
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
--
==========================================================
Alain Péan - LPP/CNRS
Administrateur Système/Réseau
Laboratoire de Physique des Plasmas - UMR 7648
Observatoire de Saint-Maur
4, av de Neptune, Bat. A
94100 Saint-Maur des Fossés
Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33
==========================================================
More information about the pve-user
mailing list