AD Group Users Permissions Not Right

R

rbjohnson78

Member
Aug 8, 2022
23
0
6
I've setup a new instance of Proxmox 7.2-7 and I can get the AD integration to work fine. However, I needed to create a new AD group, since a lot of ours have spaces in them, so I created a new group "Proxmox_Admins" and added "Domain Admins" to this group. I have the group permission set as Administrator, Path as /, and propagate as true. I can login, but I don't get Administrator privileges, It's a very limited view. If I directly add a user to the Proxmox_Admins group, the permissions are fine. So could this be a bug or am I missing something?

Thank you!
 
rbjohnson78 said:
so I created a new group "Proxmox_Admins" and added "Domain Admins" to this group.
Click to expand...
did that sync the group assignment correctly? note that recursive group sync is not yet implemented

can you post your user.cfg (anonymized if necessary) ?
 
I think I found the issue. Domain Admins has a space in the name, so even though I was trying to get around the issue by creating a group with no space and adding Domain Admins to the group, Proxmox doesn't like it that way either. We will have to just use the Proxmox_Admins group we created and add users to it.
 
rbjohnson78 said:
I think I found the issue. Domain Admins has a space in the name, so even though I was trying to get around the issue by creating a group with no space and adding Domain Admins to the group, Proxmox doesn't like it that way either. We will have to just use the Proxmox_Admins group we created and add users to it.
Click to expand...
You are a lifesaver - such a simple 'work-around', to have a dedicated group for this containing no spaces and add the Proxmox admins into that.

However (sorry for cross-posting), I still sincerely believe that on the end of Proxmox this could use a fix to comply with the naming conventions of Microsoft AD, which by design contain spaces (i.e. 'Domain Admins').
Especially since also open source variants (UCS AD w/Samba) went through great lenghts to mimic the behavior and conventions of Microsoft AD.

Related posts and bug / feature requests:
https://forum.proxmox.com/threads/group-names-and-active-directory-sync.74072/

https://forum.proxmox.com/threads/ldap-sync-with-nested-groups.80749/

https://bugzilla.proxmox.com/show_bug.cgi?id=2929
 
UnsoberDev said:
You are a lifesaver - such a simple 'work-around', to have a dedicated group for this containing no spaces and add the Proxmox admins into that.

However (sorry for cross-posting), I still sincerely believe that on the end of Proxmox this could use a fix to comply with the naming conventions of Microsoft AD, which by design contain spaces (i.e. 'Domain Admins').
Especially since also open source variants (UCS AD w/Samba) went through great lenghts to mimic the behavior and conventions of Microsoft AD.

Related posts and bug / feature requests:
https://forum.proxmox.com/threads/group-names-and-active-directory-sync.74072/

https://forum.proxmox.com/threads/ldap-sync-with-nested-groups.80749/

https://bugzilla.proxmox.com/show_bug.cgi?id=2929
Click to expand...
You are welcome. I thought it was kind of silly that spaces are not supported.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom