Active Directory Realm invalid format error - domain starts with a number

F

flipswitchingmonkey

New Member
Oct 9, 2018
5
0
1
47
Berlin
Upon trying to add our AD server as authentication (Proxmox 5.2), we get this error:

Parameter verification failed. (400)

realm: invalid format - value does not look like a valid realm

It appears that a domain name starting with a number is not accepted, even though it works fine within AD. Any way to work around this? Thanks.
 
flipswitchingmonkey said:
Parameter verification failed. (400)

realm: invalid format - value does not look like a valid realm
Click to expand...
Does it already occur when adding the realm?

On what 'pveversion -v' are you exactly?
 
Alwin said:
Does it already occur when adding the realm?

On what 'pveversion -v' are you exactly?
Click to expand...

It was a test-install that I wiped now, so I can't check the exact version :( (but I downloaded the image a week or so ago)

It happened during the initial entry. The form will not allow a numeric domain name.
 
the 'realm' is only the identifier in pve and that cannot start with a number
the domain as well as the server can start with a number
 
Hello! Apologies for resuming an old post. I'm running into this exact issue, except it's now impacting my AD logins.

Our domain starts with numbers. As this is the company's name, we're unable to change the name of the domain.

To get the realm entry to appear, I gave it a name of simply "Active-Directory". However, logins are failing because ProxMox is trying to use the incorrect realm name that I had to create to get the AD server added:

Code: 
Mar 22 17:29:20 pve-ex pvedaemon[3992]: authentication failure; rhost=10.100.0.12 user=test.user@48testing.com@Active-Directory msg=no such user ('test.user@48testing.com@Active-Directory')

As you can see, it's adding the realm name after the username (in the above example, I need the user to simply be test.user@48testing.com).

Is there any way to work around this limitation? Below is my domains.cfg file:
Code: 
ad: Active-Directory
    comment 48testing.com AD Authentication
    domain 48testing.com
    server1 x.x.x.x
    bind_dn CN=Service Account,OU=Service Accounts,OU=Admins,DC=48testing,DC=com
    default 1
    port 389
    secure 0
    server2 x.x.x.x
    sync-defaults-options full=0,purge=0,scope=users

pve: pve
    comment Proxmox VE authentication server

pam: pam
    comment Linux PAM standard authentication

I have attempted to change the realm name after it was already added in domains.cfg, but doing so causes the AD server to disappear from PVE entirely.

Any help would be greatly appreciated!
 
the log message is only what pve writes (this will not sent to the ldap this way)

but the error message indicated the problem:

JustinG said:
msg=no such user ('test.user@48testing.com@Active-Directory')
Click to expand...
did you add the user to pve ?

pve does not automatically sync the ldap/ad users, this either has to be done manually or with 'pveum realm sync' (see 'man pveum' for details)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back