Hello all, I have a very strange issue when connecting an Active Directory server to perform authentication for my users.
I have been able to successfully connect the AD server, and perform the bind allowing me to pull in the users I filtered using LDAP filters, however I am running into issues with authenticating certain subgroups of users.
First of all, do we know which username type proxmox pulls for the accounts username vs which username type proxmox actually uses to authenticate with AD (from looking, it seems to pull the sAMAccountName for the user account, but I'm unsure for the actual authentication with AD)? The following screenshots include the 3 different types of user formats we have. Using the old style account format, I am able to successfully authenticate and login using the AD connection, however using the mCWID and Student Worker format I cannot. My hypothesis is related to the sAMAccountName and uid not matching (or being blank) as for the Student Worker format the uid is blank and the sAMAccountName is m123456789.
Can anyone confirm or deny this, and does anyone possibly know of a solution that I can implement on the proxmox side as I do not have write permissions to users in AD. I would like to look into more behind the scenes on how authentication works, but I am not familiar with the proxmox codebase at all, so it might take me a while to figure it out myself.
Thanks in advance,
Nate
Screenshots / User account formats
first is what we call the old style:
Written out:
sAMAccountName: nmoore1
userPrincipalName: nmoore1@___.edu
uid: nmoore1
Next is what we call the mCWID: (sorry for the formatting, was quickly censoring screenshots)
Written out:
sAMAccountName: m12345678
userPrincipalName: yamato_lastname@___.edu
uid: yamato_lastname
and finally we have a new set of accounts for student workers:
Written out
sAMAccountName: m123456789
userPrincipalName: nmoore1_sw@___.edu
uid: (blank)
I have been able to successfully connect the AD server, and perform the bind allowing me to pull in the users I filtered using LDAP filters, however I am running into issues with authenticating certain subgroups of users.
First of all, do we know which username type proxmox pulls for the accounts username vs which username type proxmox actually uses to authenticate with AD (from looking, it seems to pull the sAMAccountName for the user account, but I'm unsure for the actual authentication with AD)? The following screenshots include the 3 different types of user formats we have. Using the old style account format, I am able to successfully authenticate and login using the AD connection, however using the mCWID and Student Worker format I cannot. My hypothesis is related to the sAMAccountName and uid not matching (or being blank) as for the Student Worker format the uid is blank and the sAMAccountName is m123456789.
Can anyone confirm or deny this, and does anyone possibly know of a solution that I can implement on the proxmox side as I do not have write permissions to users in AD. I would like to look into more behind the scenes on how authentication works, but I am not familiar with the proxmox codebase at all, so it might take me a while to figure it out myself.
Thanks in advance,
Nate
Screenshots / User account formats
first is what we call the old style:
Written out:
sAMAccountName: nmoore1
userPrincipalName: nmoore1@___.edu
uid: nmoore1
Next is what we call the mCWID: (sorry for the formatting, was quickly censoring screenshots)
Written out:
sAMAccountName: m12345678
userPrincipalName: yamato_lastname@___.edu
uid: yamato_lastname
and finally we have a new set of accounts for student workers:
Written out
sAMAccountName: m123456789
userPrincipalName: nmoore1_sw@___.edu
uid: (blank)
Last edited:
. 