Issues with Active Directory logins

[lowerym]

I was able to create a realm for my domain. " test.net " and sync over the group of users i wanted to pull into PVE, Assigned groups / roles to my users.

however when i go to login as the user i am using username (no @ or anything after) the AD password for the user, and selecting the realm I get a Login failed. Please try again. this happens even with the same user i did my sync with.

Can someone point me to which logs i should be viewing to troubleshoot this type of issue? or is there another step to get Active Directory working for ldap logins?

 

[lowerym]

After doing some digging in the lgos i get Authentication Failure; rhose=xxx.xxx.xxx.xxx (the server i tried to login from) user =me@domain.net msg=80090308: LdapErr: DSID-0c090446, comment: AcceptSecurityContect error, data 52e, v2580

this indicates that i used the wrong password. but its no the wrong password. also this is attempting with the same user i did my sync with. which my user was synced and assigned permissions.

 

[Markus S.]

We have the same issue. Active Directory Sync is working. Got groups and users.

Feb 25 12:28:07 proxmox5 pvedaemon[15648]: <root@pam> starting task UPID:proxmox5:00005C83:02BDD29C:603789C7:auth-realm-sync-test:company.com:root@pam:
Feb 25 12:28:08 proxmox5 pvedaemon[15648]: <root@pam> end task UPID:proxmox5:00005C83:02BDD29C:603789C7:auth-realm-sync-test:company.com:root@pam: OK
Feb 25 12:28:13 proxmox5 pvedaemon[4847]: <root@pam> starting task UPID:proxmox5:00005CE6:02BDD4CE:603789CD:auth-realm-sync:company.com:root@pam:
Feb 25 12:28:13 proxmox5 pvedaemon[4847]: <root@pam> end task UPID:proxmox5:00005CE6:02BDD4CE:603789CD:auth-realm-sync:company.com:root@pam: OK

When I try to login with the same user that is used for sync (which is also in the group) I get

Feb 25 12:28:45 proxmox5 pvedaemon[4847]: authentication failure; rhost=x.x.x.x user=proxmox@company.com msg=80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839#000 at /usr/share/perl5/PVE/LDAP.pm line 83.

Proxmox Version 6.3-3

 

[pjoneninerone-sps]

I've got the same error as you guys on Proxmox Version 6.3-3
Did you find a solution on this at all?

authentication failure; rhost=x.x.x.x user=firstname.surname@domain.local msg=80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563

 

[Serverhamster]

I would like to know this as well. Is it a configuration error or bug? sync works fine.

 

[dcsapak]

LdapErr: DSID-0C090453, comment: AcceptSecurityContext error,

means login error on the ad side

make sure that the user can bind with "user@domain" on the ad server

 

[Tekuno-Kage]

I'm confronting similar issue. I test my user credentials on a domain computer, as @dcsapak suggest, with:
powershell: runas /u:<username>@<domainname> notepad.exe and works, Notepad was open if credential are valid, if I on purpose mistype the password it fails.
But when I try to login on Proxmox I get the error message. Any suggestions?

My environment:

proxmox-ve: 7.1-1 (running kernel: 5.13.19-6-pve)
pve-manager: 7.1-12 (running version: 7.1-12/b3c09de3)
pve-kernel-helper: 7.1-14
pve-kernel-5.13: 7.1-9
pve-kernel-5.11: 7.0-10
pve-kernel-5.13.19-6-pve: 5.13.19-15
pve-kernel-5.13.19-5-pve: 5.13.19-13
pve-kernel-5.13.19-2-pve: 5.13.19-4
pve-kernel-5.11.22-7-pve: 5.11.22-12
pve-kernel-5.4.27-1-pve: 5.4.27-1
ceph: 16.2.7
ceph-fuse: 16.2.7
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown: not correctly installed
ifupdown2: 3.1.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.22-pve2
libproxmox-acme-perl: 1.4.1
libproxmox-backup-qemu0: 1.2.0-1
libpve-access-control: 7.1-7
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.1-5
libpve-guest-common-perl: 4.1-1
libpve-http-server-perl: 4.1-1
libpve-network-perl: 0.7.0
libpve-storage-perl: 7.1-2
libqb0: 1.0.5-1
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 4.0.12-1
lxcfs: 4.0.12-pve1
novnc-pve: 1.3.0-2
openvswitch-switch: not correctly installed
proxmox-backup-client: 2.1.5-1
proxmox-backup-file-restore: 2.1.5-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.4-7
pve-cluster: 7.1-3
pve-container: 4.1-4
pve-docs: 7.1-2
pve-edk2-firmware: 3.20210831-2
pve-firewall: 4.2-5
pve-firmware: 3.3-6
pve-ha-manager: 3.3-3
pve-i18n: 2.6-2
pve-qemu-kvm: 6.2.0-2
pve-xtermjs: 4.16.0-1
qemu-server: 7.1-4
smartmontools: 7.2-pve2
spiceterm: 3.2-2
swtpm: 0.7.1~bpo11+1
vncterm: 1.7-1
zfsutils-linux: 2.1.4-pve1

 

[Andreas S.]

Ran into the same issue with following datacenter -> Permissions -> Realms configuration:

Realm:       REALM.EXAMPLE.COM
Domain:      example.com

What it solved for me:

Realm:       REALM.EXAMPLE.COM
Domain:      realm.example.com

Not sure whether this as OP's problem, but I hope this helps somebody.

 

[pilchu]

It worked for me, too. thx

 

[Lamarus]

Ran into the same issue with following datacenter -> Permissions -> Realms configuration:

Realm:       REALM.EXAMPLE.COM
Domain:      example.com

What it solved for me:

Realm:       REALM.EXAMPLE.COM
Domain:      realm.example.com

Not sure whether this as OP's problem, but I hope this helps somebody.

yap, its needed right name of domain in Domain field. In my case it was

realm: audit
domain: ad.example.com
but right one is just example.com in domain fileld.

 

[trill1208]

just to add to this thread, also try this on the "bind user" field
instead of: CN=mkent,CN=group_name,DC=example,DC=com
try: CN=mike kent,CN=group_name,DC=example,DC=com

 

[jvic]

TASK ERROR: 00002020: Operation unavailable without authentication at /usr/share/perl5/PVE/LDAP.
TASK ERROR: BindSimple: Transport encryption required. at /usr/share/perl5/PVE/LDAP.pm line 55.

After making sure the settings are filled up as shown below. All the Syncing errors above were all gone.