Has /etc/pve/domains.cfg changed locations in Proxmox 6.0?

victorhooi

Active Member
Apr 3, 2018
250
20
38
37
Hi,

I am attempting to setup LDAP authentication in Proxmox 6.0.

Previously, on Proxmox 5.4 - I had to edit the /etc/pve/domains.cfg file, in order to add the new LDAP realm - as per the Proxmox documentation at https://pve.proxmox.com/wiki/User_Management#pveum_authentication_realms - e.g.:
Code:
root@syd1:/etc/pve# cat domains.cfg
pam: pam
    comment Linux PAM standard authentication

pve: pve
    comment Proxmox VE authentication server

ldap: example.com
    base_dn dc=example,dc=io
    server1 ldap.google.com
    user_attr uid
    cert /root/Google_2022_05_22_3494.crt
    certkey /root/Google_2022_05_22_3494.key
    port 636
    secure 1
    verify 1
However, I setup a new Proxmox 6.0 cluster, and I went into /etc/pve - and I don't see any domains.cfg file?
Code:
root@examplemtv-vm01:/etc/pve# ls
authkey.pub  authkey.pub.old  corosync.conf  datacenter.cfg  local  lxc  nodes    openvz    priv  pve-root-ca.pem  pve-www.key  qemu-server  storage.cfg  user.cfg    vzdump.cron
Is this file somewhere else now in Proxmox 6.0? Or how do you setup authentication realms now?
 
Last edited:
However, I setup a new Proxmox 6.0 cluster, and I went into /etc/pve - and I don't see any domains.cfg file?

If there is no custom domain added, there is no such. Just create a new LDAP Authentication and the domain.cfg file will be created.
 
Ah great - thanks! I can confirm it works.

I was thrown off, because the /etc/pve/domains.cfg file on another server had sections for pam and pve:
Code:
pam: pam
    comment Linux PAM standard authentication
...
pve: pve
    comment Proxmox VE authentication server
However, it seems these aren't really needed (?) and do get created automatically.

So I ran the pvessh command:
Code:
root@examplemtv-vm01:~# pvesh create /access/domains --realm example.com --type ldap --base_dn dc=example,dc=com --server1 ldap.google.com --port 636 --cert /root/Google_2022_05_22_3494.crt --certkey /root/Google_2022_05_22_3494.key --user_attr uid --secure 1 --verify 1
That seems to have created dummy sections for pam and pve - and also the LDAP one I needed:
Code:
root@examplemtv-vm01:~# cat /etc/pve/domains.cfg
pam: pam
    comment Linux PAM standard authentication

ldap: example.com
    base_dn dc=example,dc=com
    server1 ldap.google.com
    user_attr uid
    cert /root/Google_2022_05_22_3494.crt
    certkey /root/Google_2022_05_22_3494.key
    port 636
    secure 1
    verify 1

pve: pve
    comment Proxmox VE authentication server
Do you know if it's safe to copy /etc/pve/user.cfg from one cluster to another?
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!