Search results

This become less useful that way. I may opt for that anyway, not sure yet. I know this is still an 1.0 release, it's expected things are not perfect on first release but I hope your mind changes and there is some security upgrade one day because PDM have great potential but security should be...

Not necessary. You are right if the administrator credentials are stolen, you are done. 2FA can help here while not perfect But PDM server could be hacked without the use of an administrator credential. The high privilege token could be stolen and used against all proxmox ressources wihtout...

Best would be the use of both I guess. A low privilege service account for PDM, I understand it would just need readonly access. Plus the privilege token of the administrator that allow the admin to do everything he need. I'm currently evaluating PDM and this security model makes me...

Hi, I think there is something wrong with the PDM security model. Instead of using a generic token with full permission on PVE side, PDM should forward the user authentication to PVE (retreive some kind of temporary token with user's permissions). Each user would need an access at PVE level...

Hello, I have a rule that's removing attachment when it's detected as "dangerous". The rule trigger on "what objects" with various content type filters, archive filters and match filename. When an attachment is removed this log something like that: Dec 2 23:32:33 mailgw...

Hello, I'm currently looking to buy new PVE nodes. For networking adapters, is there a better one? Is there one with better linux/pve support? Broadcom 57416 Dual Port 10Gbe Base-T Intel X710-T2L Dual Port 10Gbe Base-T I did find some issues about broadcom cards in the forum. Is it just...

Hi, A little friendly bump! ;) Is it right to configure theses CPU flags so the VM is not affected by theses cpu security vulnerabilities? Are they really fixed by doing that like the script spectre-meltdown-checker says? Is it right to configure them as custom cpu so I can use more easily...

Hello, Am I wrong to define a custom x86-64-v2-AES like that? in /etc/pve/virtual-guest/cpu-models.conf: cpu-model: my-x86-64-v2-AES flags +aes;+popcnt;+pni;+sse4.1;+sse4.2;+ssse3;+md-clear;+pcid;+spec-ctrl;+ssbd;+pdpe1gb reported-model qemu64 hidden 0 Goal is to...

This is not great that a breaking change like that occurs without warning when doing a minor update. This is the first time I see that on a Linux distribution.

Hello, Yesterday, we did a regular PVE8 software upgrade (no major upgrade). Theses are the packages that were updated: Install: proxmox-kernel-6.8.12-13-pve-signed:amd64 (6.8.12-13, automatic) Upgrade: pve-docs:amd64 (8.4.0, 8.4.1), pve-edk2-firmware-ovmf:amd64 (4.2025.02-3...

Haha, it's funny this kaputtautomatisiert thing but I would not stop automating, the balance is far way more positive than negative ;)

Thanks, probably something on our end I guess. We use central ansible management and we usually use ubuntu instead of debian. Probably something different caused that issue. I'll have to investigate :)

Hello, I wonder if there is something we do wrong somewhere in our configuration or if this is a proxmox issue. It seem like ours PVE and PBS servers stopped log rotating /var/log/daemon.log and /var/log/messages in may/june 2024. I just found out when looking up why a FS was full. Is it a...

Thanks for the details! I guess it's just another reason to not delay the DC updates :)

Hello, I upgraded my first PBS server to 3.1 today. LDAP authentication is failing with that error : The LDAP backend is Samba on Ubuntu 16.04 ESM (yeah, I know, it needs upgrade!). Samba is logging: "A TLS fatal alert has been received". I wonder if PBS 3.x now requires TLSv1.3. Is there a...

The local owner is already root@pam and I'm trying to edit as an ldap user account. Because there is no group support I could set as owner of the job, I suppose there is no way to give access to more than one user w/o giving the datastore modify privileges?

Hello, I pasted the ACL in my previous post. It seem similar to what you tested. The only difference I see is I don't set permission for a specific remote or datastore url but I set the permission on /datastore and /remote with the propagate flag. Here a screenshot: When trying to edit (same...

How I do what? :)

Hello, I'm trying to find a way to automate the backup monitoring with Zabbix. I added a backup script hook in PVE so every time a VM is backed up, the zabbix server is notified. This allow me to configure a trigger based on last backup date so there is an alert if a VM is not backed up for...

Hello, So should I understand there is actually no way to allow to launch or edit a sync job without giving access to deleting backup in the datastore?