Has /etc/pve/domains.cfg changed locations in Proxmox 6.0?

V

victorhooi

Well-Known Member
Apr 3, 2018
253
20
58
38
Hi,

I am attempting to setup LDAP authentication in Proxmox 6.0.

Previously, on Proxmox 5.4 - I had to edit the /etc/pve/domains.cfg file, in order to add the new LDAP realm - as per the Proxmox documentation at https://pve.proxmox.com/wiki/User_Management#pveum_authentication_realms - e.g.:
Code: 
root@syd1:/etc/pve# cat domains.cfg
pam: pam
    comment Linux PAM standard authentication

pve: pve
    comment Proxmox VE authentication server

ldap: example.com
    base_dn dc=example,dc=io
    server1 ldap.google.com
    user_attr uid
    cert /root/Google_2022_05_22_3494.crt
    certkey /root/Google_2022_05_22_3494.key
    port 636
    secure 1
    verify 1
However, I setup a new Proxmox 6.0 cluster, and I went into /etc/pve - and I don't see any domains.cfg file?
Code: 
root@examplemtv-vm01:/etc/pve# ls
authkey.pub  authkey.pub.old  corosync.conf  datacenter.cfg  local  lxc  nodes    openvz    priv  pve-root-ca.pem  pve-www.key  qemu-server  storage.cfg  user.cfg    vzdump.cron
Is this file somewhere else now in Proxmox 6.0? Or how do you setup authentication realms now?
 
Last edited:
victorhooi said:
However, I setup a new Proxmox 6.0 cluster, and I went into /etc/pve - and I don't see any domains.cfg file?
Click to expand...

If there is no custom domain added, there is no such. Just create a new LDAP Authentication and the domain.cfg file will be created.
 
Ah great - thanks! I can confirm it works.

I was thrown off, because the /etc/pve/domains.cfg file on another server had sections for pam and pve:
Code: 
pam: pam
    comment Linux PAM standard authentication
...
pve: pve
    comment Proxmox VE authentication server
However, it seems these aren't really needed (?) and do get created automatically.

So I ran the pvessh command:
Code: 
root@examplemtv-vm01:~# pvesh create /access/domains --realm example.com --type ldap --base_dn dc=example,dc=com --server1 ldap.google.com --port 636 --cert /root/Google_2022_05_22_3494.crt --certkey /root/Google_2022_05_22_3494.key --user_attr uid --secure 1 --verify 1
That seems to have created dummy sections for pam and pve - and also the LDAP one I needed:
Code: 
root@examplemtv-vm01:~# cat /etc/pve/domains.cfg
pam: pam
    comment Linux PAM standard authentication

ldap: example.com
    base_dn dc=example,dc=com
    server1 ldap.google.com
    user_attr uid
    cert /root/Google_2022_05_22_3494.crt
    certkey /root/Google_2022_05_22_3494.key
    port 636
    secure 1
    verify 1

pve: pve
    comment Proxmox VE authentication server
Do you know if it's safe to copy /etc/pve/user.cfg from one cluster to another?
 
Last edited:
You must log in or register to reply here.
Top Bottom