| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 |
- <!DOCTYPE html>
- <html lang="en" xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title>Setting up LDAP Authentication for ProxMox VE</title>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <meta charset="UTF-8">
- <meta name="keywords" content="Proxmox LDAP Authentication Setup,Proxmox Active Directory Setup,Proxmox VE,Proxmox,Authentication,Self-Hosted,Home Lab,LDAP,Active Directory,Debian,Linux,Hypervisor,How To,Tutorial,i12bretro">
- <meta name="author" content="i12bretro">
- <meta name="description" content="Setting up LDAP Authentication for ProxMox VE">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <link rel="icon" type="image/x-icon" href="includes/favicon.ico">
- <script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
- <script type="text/javascript" src="includes/js/steps.js"></script>
- <link href="css/steps.css" rel="stylesheet" type="text/css" />
- </head>
- <body>
- <div id="gridContainer">
- <div class="topMargin"></div>
- <div id="listName" class="topMargin">
- <h1>Setting up LDAP Authentication for ProxMox VE</h1>
- </div>
- <div></div>
- <div id="content">
- <p><em>NOTE: ProxMox does not like spaces in user or group names</em></p>
- <h2>Create VMAdmins Group</h2>
- <ol>
- <li>Click the Start button > Windows Administrative Tools > Active Directory Users and Computers</li>
- <li>Expand the domain name</li>
- <li>Right click on the Users container > New > Group</li>
- <li>Name the group VMAdmins > Click OK</li>
- <li>Double click the newly created VMAdmins group</li>
- <li>Select the Members tab > Click the Add... button</li>
- <li>Add users who will be administrators for the ProxMox host</li>
- </ol>
- <h2>Configuring LDAP Authentication in ProxMox VE</h2>
- <ol>
- <li>Open a web browser and navigate to the ProxMox VE web UI</li>
- <li>Log in</li>
- <li>Select Datacenter in the left navigation menu</li>
- <li>Select Permissions > Authentication in the left sub navigation menu</li>
- <li>Click the Add dropdown > LDAP Server</li>
- <li>Fill out the LDAP Server form as shown below
- <p>Realm: i12bretro.local<br />
- Base Domain Name: CN=Users,DC=i12bretro,DC=local<br />
- Server: 10.10.27.1<br />
- User Attribute Name: sAMAccountName</p>
- </li>
- <li>Click the Sync Options button at the top</li>
- <li>Fill out the Sync Options form as shown below
- <p>Bind User: CN=readonly_svc,CN=Users,DC=i12bretro,DC=local<br />
- Bind Password: Read0nly!!<br />
- E-Mail attribute: mail<br />
- User classes: person, user<br />
- Group classes: group<br />
- User Filter: (&(memberOf=CN=VMAdmins,CN=Users,DC=i12bretro,DC=local))<br />
- Group Filter: (&(distinguishedName=CN=VMAdmins,CN=Users,DC=i12bretro,DC=local))<br />
- Scope: Users and Groups<br />
- Enable new users: Yes<br />
- Full: Yes<br />
- Purge: Yes</p>
- </li>
- <li>Click the Add button</li>
- <li>Back on the Authentication page, select the new ldap authentication and click the Sync button</li>
- <li>Click the Preview button to test the sync without creating or modifying anything</li>
- <li>If the users and groups display as expected, close the preview and re-run the sync to create the users and groups</li>
- <li>Select Permissions in the left sub navigation menu</li>
- <li>Click Add > Group Permission from the dropdown at the top of the page</li>
- <li>Set the path to /, select the VMAdmins group from the dropdown and select the desired Role > Click Add</li>
- <li>Select the user dropdown in the top right of the screen > Logout</li>
- <li>Log in with one of the LDAP users in the VMAdmins group, making sure to set the Realm to the domain realm created earlier</li>
- </ol>
- </div>
- </div>
- </body>
- </html>
-
|
