cluster join failed: 401 permission denied - invalid PMG ticket

[workpush]

Hello!

I just did a setup for 2 fresh pmg (hostname: pmg-03(master) and pmg-04(slave)) on my VPS and want to join them in a cluster.

On the master I did:

root@pmg-03:~# pmgcm create
stop all services accessing the database
save new cluster configuration
update quarantine database
update statistic database
update greylist database
update localstat database
cluster master successfully created

To join I get the following information:

root@pmg-03:~# pmgcm join-cmd
pmgcm join 45.132.XXX.XXX --fingerprint CF:3A:48:08:6F:55:6C:1E:EC:91:C2:A7:5E:7F:42:C5:31:6E:88:FF:E7:B8:AF:CA:FD:BC:69:25:BD:1C:9A:5D

When I want to join the cluster, I get the following erros:

root@pmg-04:~# pmgcm join 45.132.XXX.XXX --fingerprint CF:3A:48:08:6F:55:6C:1E:EC:91:C2:A7:5E:7F:42:C5:31:6E:88:FF:E7:B8:AF:CA:FD:BC:69:25:BD:1C:9A:5D
cluster join failed: 401 permission denied - invalid PMG ticket

Both have the same software versions:

root@pmg-03:~# pmgversion -v
proxmox-mailgateway: 7.2-1 (API: 7.2-4/532fc47f, running kernel: 5.15.83-1-pve)
pmg-api: 7.2-4
pmg-gui: 3.2-2
pve-kernel-helper: 7.3-3
pve-kernel-5.15: 7.3-1
pve-kernel-5.15.83-1-pve: 5.15.83-1
pve-kernel-5.15.74-1-pve: 5.15.74-1
clamav-daemon: 0.103.7+dfsg-0+deb11u1
ifupdown2: 3.1.0-1+pmx3
libarchive-perl: 3.4.0-1
libjs-extjs: 7.0.0-1
libjs-framework7: 4.4.7-1
libproxmox-acme-perl: 1.4.3
libproxmox-acme-plugins: 1.4.3
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.3-2
libpve-http-server-perl: 4.1-5
libxdgmime-perl: 1.0-1
lvm2: 2.03.11-2.1
pmg-docs: 7.2-1
pmg-i18n: 2.8-2
pmg-log-tracker: 2.3.2-1
postgresql-13: 13.9-0+deb11u1
proxmox-mini-journalreader: 1.3-1
proxmox-spamassassin: 3.4.6-5
proxmox-widget-toolkit: 3.5.3
pve-firmware: 3.6-3
pve-xtermjs: 4.16.0-1
zfsutils-linux: 2.1.9-pve1

I disabled 2FA for pmg-03 and pmg-04. So 1 thing what is missing, is probably the NTP. I checked the syslog, which is giving me:

Feb 06 03:21:50 pmg-04 pmgdaemon[1417]: starting task UPID:pmg-04:00003BBA:0001D1A7:63E0643E:clusterjoin::root@pam:
Feb 06 03:21:54 pmg-04 pmgdaemon[15290]: 401 permission denied - invalid PMG ticket
Feb 06 03:21:54 pmg-04 pmgdaemon[1417]: end task UPID:pmg-04:00003BBA:0001D1A7:63E0643E:clusterjoin::root@pam: 401 permission denied - invalid PMG ticket
Feb 06 03:22:17 pmg-04 pmg-smtp-filter[1398]: ERROR: RRD error: rrdcached@unix:/var/run/rrdcached.sock: illegal attempt to update using time 1675650137.000000 when last update time is 1675684156.000000 (minimum one second step)
Feb 06 03:22:47 pmg-04 pmg-smtp-filter[1398]: ERROR: RRD error: rrdcached@unix:/var/run/rrdcached.sock: illegal attempt to update using time 1675650167.000000 when last update time is 1675684156.000000 (minimum one second step)

I tried different things like adding another chrony NTP server
`/etc/chrony/sources.d/ntp.sources`

server 3.de.pool.ntp.org iburst

followed by `chronyc reload sources`,
but it always ends up in `invalid PMG ticket` and that `ERROR: RRD error`

Do have any idea what I could try?

Thank you!!

 

[Stoiko Ivanov]

make sure the 2 hosts really do have the same time!
did you maybe use a wrong password for joining (you need to use the root password for the master node)

Seems the clock was ahead 9 h at some point - try after one day again ....

 

[workpush]

make sure the 2 hosts really do have the same time!
did you maybe use a wrong password for joining (you need to use the root password for the master node)

Seems the clock was ahead 9 h at some point - try after one day again ....

Yes, I entered the root password of pmg-03!

Can you tell me what is the time tolerance which is acceptable? Both show the more or less the same time, if I check one after the other. How can I check that they really have the exact same time? (I mean like in the unit of ms)? For that I have to find a way to trigger the time command on both servers at the same moment?
pmg-03:

root@pmg-03:~# date && timedatectl && hwclock
Tue 07 Feb 2023 12:32:22 PM CET
               Local time: Tue 2023-02-07 12:32:22 CET
           Universal time: Tue 2023-02-07 11:32:22 UTC
                 RTC time: Tue 2023-02-07 11:32:22
                Time zone: Europe/Berlin (CET, +0100)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
2023-02-07 12:32:22.349064+01:00

pmg-04:

root@pmg-04:~# date && timedatectl && hwclock
Tue 07 Feb 2023 12:32:23 PM CET
               Local time: Tue 2023-02-07 12:32:23 CET
           Universal time: Tue 2023-02-07 11:32:23 UTC
                 RTC time: Tue 2023-02-07 11:32:23
                Time zone: Europe/Berlin (CET, +0100)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
2023-02-07 12:32:23.439245+01:00

Just tested again a join. The time errors are gone, but still receive:

Feb 07 12:15:01 pgm-04 pmgdaemon[199700]: starting task UPID:pgm-04:0005DE1B:00B6781B:63E232B5:clusterjoin::root@pam:
Feb 07 12:15:04 pgm-04 pmgdaemon[384539]: 401 permission denied - invalid PMG ticket
Feb 07 12:15:04 pgm-04 pmgdaemon[199700]: end task UPID:pgm-04:0005DE1B:00B6781B:63E232B5:clusterjoin::root@pam: 401 permission denied - invalid PMG ticket

Which time is taken for the synchronization? They are 2 netcup VPS servers. Can it have something to do with that? Like the internal HWclock?
Is there a way to get a more verbose output with the join command? Couldn't find anything in the man page about that.

 

[Stoiko Ivanov]

Tickets are valid for 2 hours by default - however with a 9h offset it might just be that the ticket is considered invalid (because it was created in the future)

timedifference of a few seconds should not matter

can you maybe share the complete journal when you try to join?

 

[workpush]

Tickets are valid for 2 hours by default - however with a 9h offset it might just be that the ticket is considered invalid (because it was created in the future)

timedifference of a few seconds should not matter

can you maybe share the complete journal when you try to join?

There are just these 3 entries on pmg-04 in that time. Else just many incoming ssh connections from foreign IPs.
I just restarted again at 13:08:40 a join try:

Feb 07 13:08:40 pmg-04 pmgdaemon[395016]: starting task UPID:kreator-04:00061333:00BB615C:63E23F48:clusterjoin::root@pam:
Feb 07 13:08:43 pmg-04 pmgdaemon[398131]: 401 permission denied - invalid PMG ticket
Feb 07 13:08:43 pmg-04 pmgdaemon[395016]: end task UPID:pmg-04:00061333:00BB615C:63E23F48:clusterjoin::root@pam: 401 permission denied - invalid PMG ticket

on pmg-03 in the whole time I get:

Feb 07 13:08:40 pmg-03 pmgdaemon[173896]: successful auth for user 'root@pam'
Feb 07 13:08:45 pmg-03 pmgpolicy[33483]: starting policy database maintenance (greylist, rbl)
Feb 07 13:08:45 pmg-03 pmgpolicy[33483]: end policy database maintenance (14 ms, 1 ms)

At least the root-authentication seems to work.

PS: here is some pmgdaemon journal:

Feb 06 18:02:59 pmg-03 pmgdaemon[171413]: authentication failure; rhost=::ffff:5.42.197.50 user=root@pam msg=auth failed: Authentication failure
Feb 06 18:05:39 pmg-03 worker[156702]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 18:05:41 pmg-03 pmgdaemon[156702]: authentication failure; rhost=::ffff:5.42.197.50 user=root@pam msg=auth failed: Authentication failure
Feb 06 18:08:21 pmg-03 worker[173896]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 18:08:23 pmg-03 pmgdaemon[173896]: authentication failure; rhost=::ffff:5.42.197.50 user=root@pam msg=auth failed: Authentication failure
Feb 06 18:11:03 pmg-03 worker[173896]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 18:11:05 pmg-03 pmgdaemon[173896]: authentication failure; rhost=::ffff:5.42.197.50 user=root@pam msg=auth failed: Authentication failure
Feb 06 18:13:44 pmg-03 worker[156702]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 18:13:45 pmg-03 pmgdaemon[156702]: authentication failure; rhost=::ffff:5.42.197.50 user=root@pam msg=auth failed: Authentication failure
Feb 06 18:56:20 pmg-03 worker[173896]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 18:56:20 pmg-03 worker[171413]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 18:56:21 pmg-03 pmgdaemon[173896]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 06 18:56:21 pmg-03 pmgdaemon[171413]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 06 19:11:20 pmg-03 worker[156702]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 19:11:20 pmg-03 worker[171413]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 19:11:21 pmg-03 pmgdaemon[156702]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Au110.84thentication failure
Feb 06 19:11:21 pmg-03 pmgdaemon[171413]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 06 19:26:20 pmg-03 worker[156702]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 19:26:20 pmg-03 worker[173896]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 19:26:22 pmg-03 pmgdaemon[156702]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 06 19:26:22 pmg-03 pmgdaemon[173896]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 06 19:41:20 pmg-03 worker[156702]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 19:41:20 pmg-03 worker[171413]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 19:41:21 pmg-03 pmgdaemon[156702]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 06 19:41:21 pmg-03 pmgdaemon[171413]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 07 12:13:21 pmg-03 pmgdaemon[173896]: successful auth for user 'root@pam'
Feb 07 12:13:42 pmg-03 pmgdaemon[156702]: successful auth for user 'root@pam'
Feb 07 12:13:43 pmg-03 pmgdaemon[171413]: successful auth for user 'root@pam'
Feb 07 12:13:56 pmg-03 pmgdaemon[173896]: starting task UPID:pmg-03:0005C312:00B65C97:63E23274:aptupdate::root@pam:
Feb 07 12:13:57 pmg-03 pmgdaemon[377618]: update new package list: /var/lib/pmg/pkgupdates
Feb 07 12:14:00 pmg-03 pmgdaemon[173896]: end task UPID:pmg-03:0005C312:00B65C97:63E23274:aptupdate::root@pam: OK
Feb 07 12:15:01 pmg-03 pmgdaemon[173896]: successful auth for user 'root@pam'
Feb 07 12:20:20 pmg-03 pmgdaemon[171413]: starting task UPID:pmg-03:0005CA7A:00B6F27C:63E233F4:termproxy::root@pam:
Feb 07 12:20:20 pmg-03 pmgdaemon[379514]: starting termproxy UPID:pmg-03:0005CA7A:00B6F27C:63E233F4:termproxy::root@pam:
Feb 07 12:20:20 pmg-03 pmgdaemon[379514]: launch command: /usr/bin/termproxy 5900 --path /nodes/pmg-03 -- /bin/login -f root
Feb 07 12:20:20 pmg-03 pmgdaemon[156702]: successful auth for user 'root@pam'
Feb 07 12:20:20 pmg-03 login[379523]: pam_unix(login:session): session opened for user root(uid=0) by root(uid=0)
Feb 07 12:28:43 pmg-03 pmgdaemon[171413]: successful auth for user 'root@pam'
Feb 07 12:42:49 pmg-03 pmgdaemon[171413]: end task UPID:pmg-03:0005CA7A:00B6F27C:63E233F4:termproxy::root@pam: OK
Feb 07 12:43:43 pmg-03 pmgdaemon[171413]: successful auth for user 'root@pam'
Feb 07 12:58:44 pmg-03 pmgdaemon[171413]: successful auth for user 'root@pam'
Feb 07 13:05:55 pmg-03 pmgdaemon[156702]: successful auth for user 'root@pam'
Feb 07 13:07:29 pmg-03 pmgdaemon[156702]: starting task UPID:pmg-03:0005EB14:00BB43AB:63E23F01:termproxy::root@pam:
Feb 07 13:07:29 pmg-03 pmgdaemon[387860]: starting termproxy UPID:pmg-03:0005EB14:00BB43AB:63E23F01:termproxy::root@pam:
Feb 07 13:07:29 pmg-03 pmgdaemon[387860]: launch command: /usr/bin/termproxy 5900 --path /nodes/pmg-03 -- /bin/login -f root
Feb 07 13:07:29 pmg-03 pmgdaemon[173896]: successful auth for user 'root@pam'
Feb 07 13:07:29 pmg-03 login[387864]: pam_unix(login:session): session opened for user root(uid=0) by root(uid=0)
Feb 07 13:08:40 pmg-03 pmgdaemon[173896]: successful auth for user 'root@pam'
Feb 07 13:13:44 pmg-03 pmgdaemon[156702]: successful auth for user 'root@pam'
Feb 07 13:16:24 pmg-03 pmgdaemon[156702]: end task UPID:pmg-03:0005EB14:00BB43AB:63E23F01:termproxy::root@pam: OK
Feb 07 13:18:29 pmg-03 pmgdaemon[171413]: starting task UPID:pmg-03:0005F4A7:00BC4566:63E24195:termproxy::root@pam:
Feb 07 13:18:29 pmg-03 pmgdaemon[390311]: starting termproxy UPID:pmg-03:0005F4A7:00BC4566:63E24195:termproxy::root@pam:
Feb 07 13:18:29 pmg-03 pmgdaemon[390311]: launch command: /usr/bin/termproxy 5900 --path /nodes/pmg-03 -- /bin/login -f root
Feb 07 13:18:29 pmg-03 pmgdaemon[156702]: successful auth for user 'root@pam'
Feb 07 13:18:29 pmg-03 login[390348]: pam_unix(login:session): session opened for user root(uid=0) by root(uid=0)

pmg-04:

Feb 06 14:56:44 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 06 14:59:11 pmg-04 pmgdaemon[175867]: worker exit
Feb 06 14:59:11 pmg-04 pmgdaemon[1416]: worker 175867 finished
Feb 06 14:59:11 pmg-04 pmgdaemon[1416]: starting 1 worker(s)
Feb 06 14:59:11 pmg-04 pmgdaemon[1416]: worker 199192 started
Feb 06 15:00:26 pmg-04 pmgdaemon[177154]: worker exit
Feb 06 15:00:26 pmg-04 pmgdaemon[1416]: worker 177154 finished
Feb 06 15:00:26 pmg-04 pmgdaemon[1416]: starting 1 worker(s)
Feb 06 15:00:26 pmg-04 pmgdaemon[1416]: worker 199700 started
Feb 06 15:11:04 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 06 15:11:44 pmg-04 pmgdaemon[199192]: successful auth for user 'root@pam'
Feb 06 15:26:05 pmg-04 pmgdaemon[199700]: successful auth for user 'root@pam'
Feb 06 15:26:45 pmg-04 pmgdaemon[199700]: successful auth for user 'root@pam'
Feb 06 15:41:05 pmg-04 pmgdaemon[199700]: successful auth for user 'root@pam'
Feb 06 15:41:46 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 07 12:13:26 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 07 12:13:37 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 07 12:13:37 pmg-04 pmgdaemon[199192]: successful auth for user 'root@pam'
Feb 07 12:14:11 pmg-04 pmgdaemon[195735]: starting task UPID:pmg-04:0005DB26:00B66475:63E23283:aptupdate::root@pam:
Feb 07 12:14:12 pmg-04 pmgdaemon[383782]: update new package list: /var/lib/pmg/pkgupdates
Feb 07 12:14:15 pmg-04 pmgdaemon[195735]: end task UPID:pmg-04:0005DB26:00B66475:63E23283:aptupdate::root@pam: OK
Feb 07 12:15:01 pmg-04 pmgdaemon[199700]: starting task UPID:pmg-04:0005DE1B:00B6781B:63E232B5:clusterjoin::root@pam:
Feb 07 12:15:04 pmg-04 pmgdaemon[384539]: 401 permission denied - invalid PMG ticket
Feb 07 12:15:04 pmg-04 pmgdaemon[199700]: end task UPID:pmg-04:0005DE1B:00B6781B:63E232B5:clusterjoin::root@pam: 401 permission denied - invalid PMG ticket
Feb 07 12:20:28 pmg-04 pmgdaemon[199700]: starting task UPID:pmg-04:0005E5D8:00B6F7B5:63E233FC:termproxy::root@pam:
Feb 07 12:20:28 pmg-04 pmgdaemon[386520]: starting termproxy UPID:pmg-04:0005E5D8:00B6F7B5:63E233FC:termproxy::root@pam:
Feb 07 12:20:28 pmg-04 pmgdaemon[386520]: launch command: /usr/bin/termproxy 5900 --path /nodes/pmg-04 -- /bin/login -f root
Feb 07 12:20:29 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 07 12:20:29 pmg-04 login[386525]: pam_unix(login:session): session opened for user root(uid=0) by (uid=0)
Feb 07 12:28:38 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 07 12:42:50 pmg-04 pmgdaemon[199700]: end task UPID:pmg-04:0005E5D8:00B6F7B5:63E233FC:termproxy::root@pam: OK
Feb 07 12:43:39 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 07 12:58:36 pmg-04 pmgdaemon[195735]: worker exit
Feb 07 12:58:36 pmg-04 pmgdaemon[1416]: worker 195735 finished
Feb 07 12:58:36 pmg-04 pmgdaemon[1416]: starting 1 worker(s)
Feb 07 12:58:36 pmg-04 pmgdaemon[1416]: worker 395016 started
Feb 07 12:58:38 pmg-04 pmgdaemon[199700]: successful auth for user 'root@pam'
Feb 07 13:03:49 pmg-04 pmgdaemon[199700]: starting task UPID:pmg-04:00060E78:00BAEFD6:63E23E25:termproxy::root@pam:
Feb 07 13:03:49 pmg-04 pmgdaemon[396920]: starting termproxy UPID:pmg-04:00060E78:00BAEFD6:63E23E25:termproxy::root@pam:
Feb 07 13:03:49 pmg-04 pmgdaemon[396920]: launch command: /usr/bin/termproxy 5900 --path /nodes/pmg-04 -- /bin/login -f root
Feb 07 13:03:50 pmg-04 pmgdaemon[199192]: successful auth for user 'root@pam'
Feb 07 13:03:50 pmg-04 login[396925]: pam_unix(login:session): session opened for user root(uid=0) by root(uid=0)
Feb 07 13:05:55 pmg-04 pmgdaemon[199192]: starting task UPID:pmg-04:000610AF:00BB210F:63E23EA3:clusterjoin::root@pam:
Feb 07 13:05:58 pmg-04 pmgdaemon[397487]: 401 permission denied - invalid PMG ticket
Feb 07 13:05:58 pmg-04 pmgdaemon[199192]: end task UPID:pmg-04:000610AF:00BB210F:63E23EA3:clusterjoin::root@pam: 401 permission denied - invalid PMG ticket
Feb 07 13:08:40 pmg-04 pmgdaemon[395016]: starting task UPID:pmg-04:00061333:00BB615C:63E23F48:clusterjoin::root@pam:
Feb 07 13:08:43 pmg-04 pmgdaemon[398131]: 401 permission denied - invalid PMG ticket
Feb 07 13:08:43 pmg-04 pmgdaemon[395016]: end task UPID:pmg-04:00061333:00BB615C:63E23F48:clusterjoin::root@pam: 401 permission denied - invalid PMG ticket
Feb 07 13:13:38 pmg-04 pmgdaemon[395016]: successful auth for user 'root@pam'
Feb 07 13:16:20 pmg-04 pmgdaemon[199700]: end task UPID:pmg-04:00060E78:00BAEFD6:63E23E25:termproxy::root@pam: OK
Feb 07 13:21:57 pmg-04 pmgdaemon[199700]: starting task UPID:pmg-04:00061F8A:00BC98E5:63E24265:termproxy::root@pam:
Feb 07 13:21:57 pmg-04 pmgdaemon[401290]: starting termproxy UPID:pmg-04:00061F8A:00BC98E5:63E24265:termproxy::root@pam:
Feb 07 13:21:57 pmg-04 pmgdaemon[401290]: launch command: /usr/bin/termproxy 5900 --path /nodes/pmg-04 -- /bin/login -f root
Feb 07 13:21:58 pmg-04 pmgdaemon[199192]: successful auth for user 'root@pam'
Feb 07 13:21:58 pmg-04 login[401330]: pam_unix(login:session): session opened for user root(uid=0) by root(uid=0)

 

[workpush]

- Just wanted to add a new user with a password > 32characters and it gave me an error. For 'root' my password is also longer then 32 characters. Might that be a problem?
- I disabled TOTP but left my recovery key active. could that also be a problem?
- I just checked that chrony-service is in state dead - is that normal?

Feb 06 03:30:45 pmg-03 systemd[1]: Starting chrony, an NTP client/server...
Feb 06 03:30:45 pmg-03 chronyd[15584]: chronyd version 4.0 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG)
Feb 06 03:30:45 pmg-03 chronyd[15584]: Frequency -3.137 +/- 0.078 ppm read from /var/lib/chrony/chrony.drift
Feb 06 03:30:45 pmg-03 chronyd[15584]: Using right/UTC timezone to obtain leap second data
Feb 06 03:30:45 pmg-03 chronyd[15584]: Loaded seccomp filter
Feb 06 03:30:45 pmg-03 systemd[1]: Started chrony, an NTP client/server.
Feb 06 03:30:51 pmg-03 chronyd[15584]: Selected source 162.159.200.1 (2.debian.pool.ntp.org)
Feb 06 03:30:51 pmg-03 chronyd[15584]: System clock TAI offset set to 37 seconds
Feb 06 03:31:57 pmg-03 chronyd[15584]: Selected source 144.76.76.107 (3.de.pool.ntp.org)
Feb 06 03:47:01 pmg-03 chronyd[15584]: Selected source 162.159.200.1 (2.debian.pool.ntp.org)
Feb 06 05:07:50 pmg-03 chronyd[15584]: Selected source 185.207.105.38 (2.debian.pool.ntp.org)
Feb 06 05:32:52 pmg-03 chronyd[15584]: Selected source 162.159.200.1 (2.debian.pool.ntp.org)
Feb 06 06:00:37 pmg-03 chronyd[15584]: Selected source 185.207.105.38 (2.debian.pool.ntp.org)
Feb 06 06:07:04 pmg-03 chronyd[15584]: Selected source 144.76.76.107 (3.de.pool.ntp.org)
Feb 06 07:33:05 pmg-03 chronyd[15584]: Selected source 162.159.200.1 (2.debian.pool.ntp.org)
Feb 07 16:01:15 pmg-03 systemd[1]: Stopping chrony, an NTP client/server...
Feb 07 16:01:15 pmg-03 chronyd[15584]: chronyd exiting
Feb 07 16:01:15 pmg-03 systemd[1]: chrony.service: Succeeded.
Feb 07 16:01:15 pmg-03 systemd[1]: Stopped chrony, an NTP client/server.

 

[Stoiko Ivanov]

Just wanted to add a new user with a password > 32characters and it gave me an error. For 'root' my password is also longer then 32 characters. Might that be a problem?

the length restriction on passwords is 64 bytes not 32 (I just tested with a 50 character password...)

- I just checked that chrony-service is in state dead - is that normal?

no that should not be the case ...

I disabled TOTP but left my recovery key active. could that also be a problem?

try removing them as well - see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#user_tfa_auth

 

[workpush]

the length restriction on passwords is 64 bytes not 32 (I just tested with a 50 character password...)

I created again a new user, and this poped up: (I created it over the webinterface)

no that should not be the case ...


try removing them as well - see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#user_tfa_auth

A man thank you - I tought it would be just the recovery key, once I can't use TOTP anymore. It worked now - after I received this errors:

Feb 07 21:57:27 pmg-04 systemd[1]: Started Proxmox Mail Gateway Policy Daemon.
Feb 07 21:57:27 pmg-04 pmgdaemon[33999]: syncing master configuration from '45.132.XXX.XXX' failed: rsync error: unexplained error (code 255) at io.c(228) [Receiver=3.2.3]
Feb 07 21:57:27 pmg-04 pmgdaemon[1444]: end task UPID:pmg-04:000084CF:0020809D:63E2BB34:clusterjoin::root@pam: syncing masterconfiguration from '45.132.XXX.XXX' failed: rsync error: unexplained error (code 255) at io.c(228) [Receiver=3.2.3]

I had to undo my changes in the `/etc/ssh/sshd_config`. Before I did the following changes:

Port 222
PasswordAuthentication no
UsePAM no
PermitRootLogin prohibit-password

Can you tell me which of them are needed for the cluster join process and which of them can I modify now, after joining?
In https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#firewall_settings did not tell me that the cluster needs rsync.

Thank you!!