Active Directory Realm invalid format error - domain starts with a number

F

flipswitchingmonkey

New Member
Oct 9, 2018
5
0
1
48
Berlin
Upon trying to add our AD server as authentication (Proxmox 5.2), we get this error:

Parameter verification failed. (400)

realm: invalid format - value does not look like a valid realm

It appears that a domain name starting with a number is not accepted, even though it works fine within AD. Any way to work around this? Thanks.
 
flipswitchingmonkey said:
Parameter verification failed. (400)

realm: invalid format - value does not look like a valid realm
Click to expand...
Does it already occur when adding the realm?

On what 'pveversion -v' are you exactly?
 
Alwin said:
Does it already occur when adding the realm?

On what 'pveversion -v' are you exactly?
Click to expand...

It was a test-install that I wiped now, so I can't check the exact version :( (but I downloaded the image a week or so ago)

It happened during the initial entry. The form will not allow a numeric domain name.
 
the 'realm' is only the identifier in pve and that cannot start with a number
the domain as well as the server can start with a number
 
Hello! Apologies for resuming an old post. I'm running into this exact issue, except it's now impacting my AD logins.

Our domain starts with numbers. As this is the company's name, we're unable to change the name of the domain.

To get the realm entry to appear, I gave it a name of simply "Active-Directory". However, logins are failing because ProxMox is trying to use the incorrect realm name that I had to create to get the AD server added:

Code: 
Mar 22 17:29:20 pve-ex pvedaemon[3992]: authentication failure; rhost=10.100.0.12 user=test.user@48testing.com@Active-Directory msg=no such user ('test.user@48testing.com@Active-Directory')

As you can see, it's adding the realm name after the username (in the above example, I need the user to simply be test.user@48testing.com).

Is there any way to work around this limitation? Below is my domains.cfg file:
Code: 
ad: Active-Directory
    comment 48testing.com AD Authentication
    domain 48testing.com
    server1 x.x.x.x
    bind_dn CN=Service Account,OU=Service Accounts,OU=Admins,DC=48testing,DC=com
    default 1
    port 389
    secure 0
    server2 x.x.x.x
    sync-defaults-options full=0,purge=0,scope=users

pve: pve
    comment Proxmox VE authentication server

pam: pam
    comment Linux PAM standard authentication

I have attempted to change the realm name after it was already added in domains.cfg, but doing so causes the AD server to disappear from PVE entirely.

Any help would be greatly appreciated!
 
the log message is only what pve writes (this will not sent to the ldap this way)

but the error message indicated the problem:

JustinG said:
msg=no such user ('test.user@48testing.com@Active-Directory')
Click to expand...
did you add the user to pve ?

pve does not automatically sync the ldap/ad users, this either has to be done manually or with 'pveum realm sync' (see 'man pveum' for details)
 
You must log in or register to reply here.
Top Bottom