[SOLVED] Give LDAPuser rootaccess with shellbutton in webinterface

fireon

fireon

Distinguished Member
Proxmox Subscriber
Oct 25, 2010
4,527
491
153
Austria/Graz
deepdoc.at
Hello,

pve-manager/5.1-42/724a6cb3 (running kernel: 4.10.17-5-pve)

us pveservers are all connected to an ldapserver. In the webinterface and also the server directly. So every administrator with superadminrights can connect to the server and do bad tings with sudo or "sudo -i".

But when we open the shell in the webinterface with ldapusers there are no access because pam permissions. So how can i configure that an cmdaccess with ldapusers is also possible over the webinterface of pve?

Thanks
 
Hi,

if I understand you correct one way is to use ldap with pam.
Then all your user can use the shell over GUI but have only permission of a user.
 
wolfgang said:
if I understand you correct one way is to use ldap with pam.
Then all your user can use the shell over GUI but have only permission of a user.
Click to expand...
We use ldap in pam. Every user can do an "ssh user@pvehost". But when this user login to the webinterface, and click on the shell, then you get an "permission problem" no shell, no window with userrights. Did you mean that so?
 
What do you try to archive?
Sure if a user has bash access you can login with ssh if not restricted.
 
Ok, a picture is better. How can give access to the shell with an ldapuser in the webinterface? Same like with root?
 

Attachments

  • logged in ldapuser.png
    logged in ldapuser.png
    16.5 KB · Views: 51
You have to login as Pam user not as LDAP user in the GUI.
 
although i have not tried ldap with pve,

i think that pam will work with ldap set up.

Question
if ldap works from cli , would pve just use the same results?


it seems to me that pve should work if pam is set up to work with openldap .
 
You must log in or register to reply here.
Top Bottom