Day 95 of #100daysofhomelab and I have been playing with Proxmox Azure AD Auth. I have been mostly OOHL (Out Of Home Lab) for the day, and ended up driving 358KM and for about 4h34m. Fuel consumption was not too bad, mind you… More driving next week, more messing with homelab when i get home.
Proxmox auth with Azure AD
I use Office365 for email and other bits and pieces, and I have Azure AD included. While digging around the Proxmox interface, I found the option of authenticating Proxmox with Azure AD. So, how do you do it?
First, go to portal.azure.com and login. To the Azure AD section and, assuming you have an Azure AD setup, select App Registration in the side bar and select New Registration.
Next Enter a name for your proxmox application, make sure Accounts in this org directory is selected and enter the url of your proxmox server. Make sure application type is set to Web:
Click Register, and on the next page, select Certificates & secrets. Click new client secret:
Enter a name and a expiry date.
you will need to take note of the value of the secret.
Back under overview, take note of the Application (client) ID and then click Endpoints.
take the URL from the OpenID Connect section, removing the /.well-known/openid-configuration part. The url should look like:
https://login.microsoftonline.com/<yourid>/v2.0
Next, login to your Proxmox server, and under data center, select Realms. Select add and Open ID Connect.
Issuer URL is the URL from the Endpoints. Set the Realm name as you want, enter the Client ID and Key and tick the box for Auto Create Users and Default. Then hit add.
Log out, and login with the new Realm. It will redirect you to the Azure Ad login, ask do you approve (if already logged in) and then redirects you back. At this stage, you cant see anything…
Log back out and in as your default admin user, click the Permissions section and click add:
Select User Permissions
find you user and give them the required access.
Log out, select Azure AD and log back in as your user, and heay presto, you are now in will full admin access! Happy Days!
Day 94 of 100DaysOfHomeLab
Day 94 of 100DaysOfHomeLab and I have been playing with OSPF, GRE Tunnels, Mikrotik, Bird and ECMP.
- I got 2 GRE tunnels setup between the MikroTik box and my DEC-IX box (Debian running Bird).
- OSPF running and announcing stuff over those 2 links, plus the original Wireguard Link.
- ECMP enabled over all 3 links!
- IPv4 traffic seems to be sent between the 3 links!
- IPv6 traffic still only going over the single Wireguard link…
I am reading up on OSPF v3 (v2 is for IPv4 traffic) and trying to figure out how to get it running. So far, no luck… Getting so close to it though.
Whats the end game? both WAN links connected to all 3 of my upstream servers (Vultr, VMHaus and DEC-IX box) allowing more stable connections and more bandwidth (hopefully…)
Next week I am OOHL (Out Of Home Lab…) but will still try do a bit of work. Fingers crossed!
Day 93 of 100DaysOfHomeLab
Today i have been working on the Active Directory setup for the house. AD01 is running. Getting DNS sorted now and will get AD02 joined soon enough. Next tasks:
- Azure AD Sync
- Join any Windows and Linux (possibly Macs?) to AD for auth
- WSUS support for Windows Boxes
- Single Sign On for Cloudflare Access.
Day 92 of 100DaysOfHomeLab
Day 92, and I am reading about IPSec, Load balancing over IPSec, Load balancing over Wireguard, and at this stage, my head hurts… So far, I am not 100% sure its possible… More digging and messing required.
On a more different note, i have been using VSCode for editing the blog, and found the a cool addon called Paste Image.
Day 91 of 100daysofhomelab
day 91 of #100daysofhomelab and I am starting on my future plans for the Home Lab.
- Reading how to build a Windows Server 2022 template in Proxmox before i…
- …build 2 brand new Windows Server 2022 VMs to run AD/DNS/Etc…
- Upgrading my Proxmox servers to make sure they are fully up to date…
- updating all other Linux boxes on the network.
- Fixed my Proxmox Backup Server, and backed up all VMs to it.
the future of my homelab
So, we are coming up to the end of #100daysofhomelab, and I have been thinking of some future work for the home lab and what I would like to get done over the next 100 days (well, 109, since I’m on day 91). Below is a list of things going into my homelab backlog, in no particular order…
- Build out AD Servers in house, and hook up to Office365 for single sign-on
- Hook Azure AD to Cloudflare for Single Sing On for Cloudflare Access
- Expose more internal services over Cloudflare Access
- InTune manage any laptops I have
- Setup new Wifi and VPN with RADIUS auth using AD
- Move servers into the Cloudshed.
- Get GodBoxV3 running ProxMox.
- Migrate GodBoxV1 to ProxMox.
- Build a new storage box. (16x8Tb Spinning Rust + 8x960Gb SSDs + 4X10Gb NICs)
- QNAP box to be used for Video Editing stuff (it has 5x8Tb spinny drives + 4x960Gb SSDs)
- Synology box to be used for Backups and other bulk stuff (8x8Tb spinny drives)
- new storage box to be used for Media and other stuff.
This should be enough to start with for a while.
Day 90 of 100DaysOfHomeLab
Day 90 of #100daysofhomelab (nearly finished!) and I have done a couple of bits and pieces:
Day 89 of 100daysofhomelab
Day 89 of #100daysofhomelab and it’s mostly been updates and monitoring.
Not much else going on… Hopefully back to normal tomorrow…
day 88 of 100daysofhomelab
This is an extension to my main #100daysofhomelab tweet for day 88.
tweaks to Sophos XG to include SD-WAN Stuff. I have an LTE modem (hooked up via Ethernet, a NetGear LB2120)
I seem to have lost the connection between my IoT network and the rest of the network… I need to figure out the full details of how Sophos XG does routing… More doc reading is required…
Still trying to get OpenStick working on my new 4G dongles…