Skip to content.

A Note About Website Navigation

Skip to main menu.

For users of screen readers, depending on the screen resolution, the two checkboxes are for opening and closing the side menus that appear to the left and right of the screen. This is designed both for large screens and for mobile devices with a touch screen. Checking either the main menu or sidebar checkboxes causes the menu to open from the left or right side of the screen, respectively. Clearing the checkox in either the main menu or sidebar closes the menu. The checkboxes are visible to screen readers such as JAWS and NVDA for Windows, Voiceover for Mac, and Orca screen reader for Linux. When a screen reader says "clickable" for both main menu and sidebar, that is for the respective checkboxes. End of explaination.

Full Article

Pro Tip for Proxmox Users: Using Linux Containers (LXC) For Testing The Ability To Join Linux to an Active Directory?

Short Version

When creating Linux containers for the purpos of joining them to an Active Directory Domain Controller, make sure the checkbox after the “Unprivileged Container” is unchecked. The “unprivileged container” checkbox is after the “Hostname” edit box. Unprivileged Linux containers won’t be able to join to an Active Directory. Essentially, I forgot to uncheck the “Unprivileged Container” and wasted hours of my time, but I consider time well spent when learning the hard way.

Proxmox has “Unprivileged Container” checked by default when creating a new Linux container. That option cannot be changed once a Linux container is created, so the Linux container will have to be deleted in order to start from scratch with “Unprivileged Container” unchecked.

Skip ahead to Long Version section for more details.

Who Is This Article For?

This article is for anyone who has experience with Proxmox. Proxmox is a Linux distribution and it comes with a web interface for running and managing virtual machines and Linux containers. This link will take you to the web page that explains how virtual machines and Linux containers work. The “long version” also mentions SSSD when I was troubleshooting issues while attempting to log into an Active Directory. System Security Services Daemon (SSSD, for short) is what enrolls a Linux client to an Active Directory. A “daemon” in Linux is another name for “services” in Windows that runs in the background. This article is intended for advanced Linux users only.

Long Version

I wanted to see if I can implement Active Directory functionality without needing Windows Server operating system. A software called “Samba” lets me do just that, so I followed instructions on getting Samba’s Active Directory Domain Controller (AD-DC, for short) up and running. I set this up in a privileged Linux container. The reason why Linux containers need to have privileges is because when I did a search for “setresgid failed [22][Invalid argument]” (without quotes) in StartPage, I came across a page in GitHub titled Cannot log in with Active Directory users via SSSD on Proxmox #3153. That was when I created a new Linux container and I forgot to uncheck the “Unprivileged Container” checkbox. I did a lot of troubleshooting when I looked into /var/log/sssd/sssd_graysonpeddie.lan.log and /var/log/sssd/krb5_child.log. graysonpeddie.lan is my local domain name for my home network. This web page explains how to setup a Linux client for joining to a Samba domain. From what I have learned, if I execute an id command in my Linux client:

gpeddie@ubuntu-desktop1:~$ id
uid=1451201106(gpeddie) gid=1451201104(grayson peddie) groups=1451201104(grayson peddie),1451200513(domain users)

According to the GitHub page that I linked earlier, the maximum user ID and group ID (UID and GID for short) is 65536 for an unprivileged Linux container. Within the issue page, the max UID and GID can be changed to 1000000000 or something higher. However, as this is for experienced Linux users who know the inner workings of Linux containers, the moral of the story is that “Unprivileged Container” needs to be unchecked in order for domain joining to work.

Warning

Bear in mind that privileged containers are not safe for businesses when it comes to attackers exploiting privileged Linux containers. And yes, it’s all about vulnerabilities and exploits when it comes to escaping Linux containers and causing damage to the host; however, for homelab purposes, a privileged Linux container is fine for my needs. If you are concerned about the security of Linux containers, spin up virtual machines instead of Linux containers in Proxmox. Of course, depending on your security hygiene, virtual machines can be as unsafe as privileged and unprivileged Linux containers if you do not have security precautions in place. For more details, learn more about privileged and unprivileged containers.