AD Group Users Permissions Not Right

R

rbjohnson78

Member
Aug 8, 2022
32
0
11
I've setup a new instance of Proxmox 7.2-7 and I can get the AD integration to work fine. However, I needed to create a new AD group, since a lot of ours have spaces in them, so I created a new group "Proxmox_Admins" and added "Domain Admins" to this group. I have the group permission set as Administrator, Path as /, and propagate as true. I can login, but I don't get Administrator privileges, It's a very limited view. If I directly add a user to the Proxmox_Admins group, the permissions are fine. So could this be a bug or am I missing something?

Thank you!
 
rbjohnson78 said:
so I created a new group "Proxmox_Admins" and added "Domain Admins" to this group.
Click to expand...
did that sync the group assignment correctly? note that recursive group sync is not yet implemented

can you post your user.cfg (anonymized if necessary) ?
 
I think I found the issue. Domain Admins has a space in the name, so even though I was trying to get around the issue by creating a group with no space and adding Domain Admins to the group, Proxmox doesn't like it that way either. We will have to just use the Proxmox_Admins group we created and add users to it.
 
rbjohnson78 said:
I think I found the issue. Domain Admins has a space in the name, so even though I was trying to get around the issue by creating a group with no space and adding Domain Admins to the group, Proxmox doesn't like it that way either. We will have to just use the Proxmox_Admins group we created and add users to it.
Click to expand...
You are a lifesaver - such a simple 'work-around', to have a dedicated group for this containing no spaces and add the Proxmox admins into that.

However (sorry for cross-posting), I still sincerely believe that on the end of Proxmox this could use a fix to comply with the naming conventions of Microsoft AD, which by design contain spaces (i.e. 'Domain Admins').
Especially since also open source variants (UCS AD w/Samba) went through great lenghts to mimic the behavior and conventions of Microsoft AD.

Related posts and bug / feature requests:
https://forum.proxmox.com/threads/group-names-and-active-directory-sync.74072/

https://forum.proxmox.com/threads/ldap-sync-with-nested-groups.80749/

https://bugzilla.proxmox.com/show_bug.cgi?id=2929
 
UnsoberDev said:
You are a lifesaver - such a simple 'work-around', to have a dedicated group for this containing no spaces and add the Proxmox admins into that.

However (sorry for cross-posting), I still sincerely believe that on the end of Proxmox this could use a fix to comply with the naming conventions of Microsoft AD, which by design contain spaces (i.e. 'Domain Admins').
Especially since also open source variants (UCS AD w/Samba) went through great lenghts to mimic the behavior and conventions of Microsoft AD.

Related posts and bug / feature requests:
https://forum.proxmox.com/threads/group-names-and-active-directory-sync.74072/

https://forum.proxmox.com/threads/ldap-sync-with-nested-groups.80749/

https://bugzilla.proxmox.com/show_bug.cgi?id=2929
Click to expand...
You are welcome. I thought it was kind of silly that spaces are not supported.
 
You must log in or register to reply here.
Top Bottom