Activedirectory Kerberos Only

P

proxmox_web

New Member
Oct 1, 2021
3
0
1
50
Having only port 88 enable to Active Directory, authentication fails, although user is enabled in /etc/pve/user.cfg

Which is wrong?
I expected PVE not to try LDAP!
 
We have in /etc/pve/user.cfg

Code: 
user:mistert@DIR.LOCAL:1:0::::::
user:mistern@DIR.LOCAL:1:0::::::
user:root@pam:1:0::::::


group:ADUser:mistert@DIR.LOCAL,mistern@DIR.LOCAL::


acl:1:/:@ADUser:Administrator:

And in /etc/pve/domain.cfg

Code: 
ad: DIR.LOCAL
        domain dir.local
        server1 192.168.66.99
        default 0
        secure 0
 
As far as I can tell, the Active Directory Authentication uses LDAP (like most other Softwares do, too) instead of Kerberos.
The difference between LDAP & AD backend is mostly that MS AD uses some different attributes like sAMAccountName for the username, otherwise there should be no noteworthy difference.

You need the LDAP Ports open for authentication to work: 389 (unencrypted) or 636 (TLS encrypted).
Using encrypted LDAP (LDAPS) is recommended, because LDAP transmits the users password unencrypted and without transport encryption (TLS) your credentials could get sniffed.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back