Setting up LDAP Authentication for ProxMox VE
Вставка
- Опубліковано 19 гру 2021
- #Proxmox #LDAP #Authentication
Full steps can be found at i12bretro.github.io/tutorials...
NOTE: ProxMox does not like spaces in user or group names
--------------------------------------------------------------------
Create VMAdmins Group
--------------------------------------------------------------------
01. Click the Start button ≫ Windows Administrative Tools ≫ Active Directory Users and Computers
02. Expand the domain name
03. Right click on the Users container ≫ New ≫ Group
04. Name the group VMAdmins ≫ Click OK
05. Double click the newly created VMAdmins group
06. Select the Members tab ≫ Click the Add... button
07. Add users who will be administrators for the ProxMox host
--------------------------------------------------------------------
Configuring LDAP Authentication in ProxMox VE
--------------------------------------------------------------------
01. Open a web browser and navigate to the ProxMox VE web UI
02. Log in
03. Select Datacenter in the left navigation menu
04. Select Permissions ≫ Authentication in the left sub navigation menu
05. Click the Add dropdown ≫ LDAP Server
06. Fill out the LDAP Server form as shown below
Realm: i12bretro.local
Base Domain Name: CN=Users,DC=i12bretro,DC=local
Server: 10.10.27.1
User Attribute Name: sAMAccountName
07. Click the Sync Options button at the top
08. Fill out the Sync Options form as shown below
Bind User: CN=readonly_svc,CN=Users,DC=i12bretro,DC=local
Bind Password: Read0nly!!
E-Mail attribute: mail
User classes: person, user
Group classes: group
User Filter: (&(memberOf=CN=VMAdmins,CN=Users,DC=i12bretro,DC=local))
Group Filter: (&(distinguishedName=CN=VMAdmins,CN=Users,DC=i12bretro,DC=local))
Scope: Users and Groups
Enable new users: Yes
Full: Yes
Purge: Yes
09. Click the Add button
10. Back on the Authentication page, select the new ldap authentication and click the Sync button
11. Click the Preview button to test the sync without creating or modifying anything
12. If the users and groups display as expected, close the preview and re-run the sync to create the users and groups
13. Select Permissions in the left sub navigation menu
14. Click Add ≫ Group Permission from the dropdown at the top of the page
15. Set the path to /, select the VMAdmins group from the dropdown and select the desired Role ≫ Click Add
16. Select the user dropdown in the top right of the screen ≫ Logout
17. Log in with one of the LDAP users in the VMAdmins group, making sure to set the Realm to the domain realm created earlier
Connect with me and others ###
★ Discord: / discord
★ Reddit: / i12bretro
★ Twitter: / i12bretro
you just saved my life.
Glad it was helpful
Same for me!
Awesome!
Hi, I thank you a lot for this video. I wanted to ask about the lines
Bind User: CN=readonly_svc,CN=Users,DC=i12bretro,DC=local
Bind Password: Read0nly!!
Where do you get this?
Also, Bind Password is the password to login where?
I don't still understand what's going on at the root of it.
also, If this is a user in ldap how do you assign read only access in windows?
I'm kind of doing by myself but I can't find how to put mine.
The bind user is the distinguishedName of a user in LDAP. In Active Directory you can view this by looking at the user's attributes.
The bind password is the bind user's password
The account is "readonly" because it hasn't been granted any domain level permissions. In other words, it doesn't have rights to change anything in LDAP other than itself, but it can be used to read data from LDAP/AD
@@i12bretro thabks very much for explaining to me.
No problem