Hello!
I'm currently testing whether I can access the Proxmox 9.1.1 environment from the Web GUI using SSSD.
I configured it as follows:
In pam-auth-update, I simply enabled `Create home directory on login` from the default settings.
/etc/sssd/sssd.conf
With this configuration, I have confirmed that I can log in via SSH using the user entry on the LDAP server.
However, I am unable to log in to the Proxmox Web GUI using the same user entry.
Am I correct in thinking that in order to log in to the Web GUI, I need to add a user to the realm "PAM"?
I'm currently testing whether I can access the Proxmox 9.1.1 environment from the Web GUI using SSSD.
I configured it as follows:
Code:
# apt install sudo libsss-sudo sssd sssd-tools oddjob-mkhomedir libpam-ssh-agent-auth
# systemctl disable sssd-nss.socket sssd-pam.socket sssd-ssh.socket sssd-sudo.socket
# pam-auth-update
# vi /etc/sssd/sssd.conf
# chmod 600 /etc/sssd/sssd.conf/etc/sssd/sssd.conf
Code:
[sssd]
services = nss, pam, sudo, ssh
domains=default
[sudo]
[domain/default]
id_provider = ldap
auth_provider = ldap
sudo_provider = ldap
chpass_provider = none
ldap_id_use_start_tls = False
ldap_tls_cacert = /etc/ssl/certs/ldap_certificate.crt
ldap_uri = ldaps://ldsv.internal.example.com/
ldap_search_base = ou=users,ou=testOU,dc=example,dc=com
ldap_group_search_base = ou=groups,ou=testOU,dc=example,dc=com
ldap_group_object_class = x-exampleGroupOfUniqueNames
ldap_default_bind_dn = cn=sssd,ou=admins,dc=example,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = <password>
cache_credentials = True
access_provider = simple
simple_allow_groups = adminGrp
ldap_user_ssh_public_key = sshPublicKey
ldap_sudo_search_base = ou=Sudoers,dc=example,dc=com
[nss]
override_shell = /bin/bashHowever, I am unable to log in to the Proxmox Web GUI using the same user entry.
Am I correct in thinking that in order to log in to the Web GUI, I need to add a user to the realm "PAM"?
