Proxmox and sssd pam auth

G

geos_one

Renowned Member
Aug 28, 2014
32
0
71
Is there a way to authenticate with the pam sssd module ?
in the auth log i can find the pam auth with success but i am unabel to login via webinterface (user in in gui created with admin permissions)

{"EventReceivedTime":"2016-08-01 12:50:11","SourceModuleName":"unix_in","SourceModuleType":"im_uds","SyslogFacilityValue":1,"SyslogFacility":"USER","SyslogSeverityValue":5,"SyslogSeverity":"NOTICE","SeverityValue":2,"Severity":"INFO","Hostname":"pro-pve01-p","EventTime":"2016-08-01 12:50:11","SourceName":"IPCC.xs","ProcessID":"17095","Message":"{\"EventReceivedTime\":\"2016-08-01 12:50:11\",\"SourceModuleName\":\"unix_in\",\"SourceModuleType\":\"im_uds\",\"SyslogFacilityValue\":10,\"SyslogFacility\":\"AUTHPRIV\",\"SyslogSeverityValue\":6,\"SyslogSeverity\":\"INFO\",\"SeverityValue\":2,\"Severity\":\"INFO\",\"Hostname\":\"pro-pve01-p\",\"EventTime\":\"2016-08-01 12:50:11\",\"SourceName\":\"IPCC.xs\",\"ProcessID\":\"17095\",\"Message\":\"pam_sss(common-auth:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=xxxx.yyyy\"}"}
 
Is incorrect. I think that if you want sssd, maybe is because you are thinking in get auth from your AD LDAP. But, you don't need sssd on your node to authenticate against AD in the web based console. For that purpose, you can configure auth against AD from the web interface.

Go to Datacenter -> Authentication
Click on "Add" button.
complete the fields on the box.

When you complete that, you have an additional authentication method. Now, you need add users for that auth method have added. For that, go to Users tab and then clic in 'Add' button. In the window box, select the REALM that you added. The username must previously exist in your AD.

Now. You must logout. The next time, when login, select the adecuate REALM when put your username & password.


Greetings!
 
yes i know
we dont want to have local users
the ldfap bind has the problem that it dont support non anonymous bind.
and always adding a patch to a file will make it hard to update the system.
 
geos_one said:
Is there a way to authenticate with the pam sssd module ?
(...):\"2016-08-01 12:50:11\",\"SourceName\":\"IPCC.xs\",\"ProcessID\":\"17095\",\"Message\":\"pam_sss(common-auth:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=xxxx.yyyy\"}"}
Click to expand...

Did you solve this? I have now the same problem and am wondering why that's happening.
 
no not working at the moment
i got distracted by other problem.
but it still needs to be solved
 
geos_one said:
no not working at the moment
i got distracted by other problem.
but it still needs to be solved
Click to expand...
Hey

All you need to do is to add the user separately in the UI. Then it starts working.

If you are using HBAC rules you have to add a HBAC service called common-auth. Then later on add the host to use the service and user.

This should do the job.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back