[SOLVED] ssh access to nodes with active directory realm users?

[m.ardito]

Hi,

I have since years an active directory realm on my pve servers, and it works ok by the web interface, but can I also log with ssh using those credentials? how? I tried any user/domain form, as username but it doesn't seem to work. Looked into the wiki page, but didn't find any reference...

Anyone knows if is doable and how?

Thanks, Marco

 

[wolfgang]

Hi,
the AD do only work with the api2 (GUI).
If you like to have also ssh login fore AD then see
https://wiki.debian.org/AuthenticatingLinuxWithActiveDirectory

 

[m.ardito]

Yes, but I meant if AD users could have the same privileges on pve resources by ssh, as they have by web interface.

 

[wolfgang]

Proxmox use the standard ssh server, there is no magic where we can remap users.
Also for what should this good for?

 

[m.ardito]

Proxmox use the standard ssh server, there is no magic where we can remap users.
Also for what should this good for?

...I think of ssh just as an "access method", like the web browser, or the local console, or else... pve is putting a lot of "magic" around a standard debian, btw, so maybe it could be possibile in some way...

What I was asking was if there was a way (a simple way) to make all internal commands behind pve to respect privileges (on virtual machines, and other resources) of users accessing by ssh or local console in the same way as it is possible by web interface, some kind of permission system enforced by pve on its underlying commands.

The reason was: I thought to let some users operate on ssh instead of web browser, without giving root access to them, using the same grants they have on the web management console.

Now I guess I can't. Thanks.

 

[wolfgang]

Ok now I got it,I was confused by the ssh.

You can use the API with a REST client.
There you have all capabilities and permissions from the GUI.
But this is not a shell.