No Login with ActiveDirectory Realm

[Draces]

Hello,

We are currently evaluating the usage of PDM in our environment.
Most of the configurations worked like a charm.
I am currently hitting a roadblock as i am trying to enable AD auth.

I configured as follows:
Realm: MyDomain.de
Server: MyDomain.de
Fallbackserver: FSMO.MyDomain.de
Mode: LDAPS
Port: 636
Verify Certificate: disabled
Bind Domain Name: "DN of read enabled user"
Bind Password: That users Passwort

Attributes and filters work.
The users are correctly imported and the attributes are set correctly.

For Testing, I gave Admin Access on "/" and enabled propagate.
When I try to Login, I enter my AD User, my Password and set the Realm to MyDomain.de and get the Message "Login failed. Please try again (api error (status = 401: Unauthorized))".
The Auth.log file sends the Message: 2026-01-13T09:19:17+01:00: authentication failure; rhost=[::ffff:<<IP>>]:62917 user=adUser@myDomain.de msg=user account disabled or expired.

My User is neither disabled or expired, as I am currently logged on to my machine with this user.

Oh, and wenn I try to disable/enable any user, pdm throws an Error that an Integer was expected.

I hope somebody can point me in the right direction

 

[sterzy]

My User is neither disabled or expired, as I am currently logged on to my machine with this user.

This refers to the users state within PDM and not within your AD realm. Does the user appear as enabled when you look at the overview of users in the access control panel?

Oh, and wenn I try to disable/enable any user, pdm throws an Error that an Integer was expected.

I'll try to reproduce this one, sounds like a wiring issue. Sorry for the inconvenience.

 

[sterzy]

Could be that you are running into a previously patched issue [1], but version has been released that includes it yet [2]. So for now, you can either manually edit the file /etc/proxmox-datacenter-manager/access/user.cfg directly and add the line enable true to any account you want to enable:

user: example@adRealm
    enable true

You can also set “Enable new users” to “Yes” when triggering a sync (note: this will only apply to newly synced users).

[1]: https://git.proxmox.com/?p=ui/proxm...it;h=808a5c0c6a8a4c7ec5a285c9d585425e98d84f6b
[2]: https://git.proxmox.com/?p=proxmox-...it;h=20093a55e49b7e6d66a1e59a41e5052baedafbb0

 

[Draces]

Could be that you are running into a previously patched issue [1], but version has been released that includes it yet [2]. So for now, you can either manually edit the file /etc/proxmox-datacenter-manager/access/user.cfg directly and add the line enable true to any account you want to enable:

user: example@adRealm
    enable true

You can also set “Enable new users” to “Yes” when triggering a sync (note: this will only apply to newly synced users).

[1]: https://git.proxmox.com/?p=ui/proxm...it;h=808a5c0c6a8a4c7ec5a285c9d585425e98d84f6b
[2]: https://git.proxmox.com/?p=proxmox-...it;h=20093a55e49b7e6d66a1e59a41e5052baedafbb0

Hi,
Trank you for your Informations.
I tried with enabled yes and enabled no.
This error kept persisting and i wasn‘t able to toggle any Users from the ad realm.
I will read your links and Check my System again tomorrow. Thank you very much

 

[sterzy]

I tried with enabled yes and enabled no.

Yes, enabling users by default only works when syncing and only for users that get added by that sync operation. So existing users will stay disabled and the bug in the UI is entirely separate from that (unfortunately). So the only workaround for existing users is to edit the user.cfg file directly.

In theory, you could also remove all users again and then do a new sync. However, that is probably more effort than editing the user.cfg file yourself.