Setup Active Directory Authentication in Proxmox 2

Setup Active Directory Authentication in Proxmox 2

Category : How-to

Get Social!

Proxmox 2 makes setting up AD authentication simple if you have the AD server names. AD only provides the authentication and does not import or automatically create each user. You will still need to add each user to Proxmox before they can login.

Click on the Datacenter folder on the left hand side and click Authentication. Click Add and then Active Directory Server.

Enter the following details into the Add: Active Directory Server dialogue box and click Add.

  • Realm: the name to use for this authentication server.
  • Domain: AD domain name which holds the users which will be used for authentication.
  • Comment: optional attribute – note this will show up on the main login dialogue box.
  • Default: tick to make this the default authentication method.
  • Server: AD server IP or hostname
  • Fallback Server: secondary AD server IP or hostname
  • Port: keep as Default unless your AD server port has changed.
  • SSL: keep unticked unless you require SSL communication to the AD server.

Click the Groups tab and then Create to create a new group on your proxmox server for your AD users. Enter a Name for this group and click Create.

Click the Permissions tab, then click Add and Group Permission.

Enter the settings as per below and click Add.

  • Path: the path on the server tree which this group can access. ‘/’ is the top of the hierarchy and can therefore access the full server.
  • Group: the group you created in the previous step.
  • Role: the role, or access level users of this group will have.
  • Propagate: use these permissions for any child objects.

You can now Logout and log back in as an Active Directory user. Make sure your Realm is set to the Realm you created in the first steps of this tutorial.

If you need to log back in without AD, set your login Realm to Linux PAM standard authentication.


7 Comments

angel

20-Jan-2014 at 11:24 am

It does not seems to work for me. I can add manually a AD user inside Users tab, and it works, but creating a Group and assigning the root of the hierarchy does not seems to do the job. I cannot log in with any user of the AD.
I’m using proxmox 3.1-24.

    wenbinlee

    7-Dec-2016 at 3:04 am

    add AD —— create group—— config group permissions —— add ad user to administrator group—— login ok!

      Mahesh Maheshri

      7-Apr-2017 at 1:00 pm

      How can i add ad users to administrator group

Phillip Ankerson

21-Jul-2016 at 9:13 pm

Same here, using ProxMox VE 4.2 It does seem there is more configuration needed, but I’m still figuring it all out. I may try the Samba/Winbind route…

    wenbinlee

    7-Dec-2016 at 3:03 am

    add AD —— create group—— config group permissions —— add ad user to administrator group—— login ok!

Barry

26-Mar-2017 at 2:32 am

any idea how to get ssl woring?

Koperlite

7-Oct-2018 at 12:08 pm

Hello !

Everything is well resumed on the first sentence :
“AD only provides the authentication and *does not import or automatically create each user*. You will *still* need to add each user to Proxmox before they can login.”

Very clear !

When did you do the mapping between the AD Organizational Unit of administrators and the “AD-Administrators” group of Proxmox ? Never… Because it is not possible in proxmox for now (18-10-07).

Proxmox IS NOT omniscient ;) It cannot do it by arbitrary choosing an OU on the AD to map it to an admin group in Proxmox. I dont even think it is a Proxmox feature… or a project of feature.

… passing my way to something more usefull to add hundreds of users from AD… and not one by one, of course.

It should be done with a Mono (.NET) script on AD… I do not understand why it is not available for now ..

But thanks for this post.

Leave a Reply

Visit our advertisers

Quick Poll

Which type of virtualisation do you use?
  • Add your answer

Visit our advertisers