2FA TOTP and Proxmox cluster

S

scelles

New Member
Sep 16, 2024
8
0
1
Hello,

I enabled 2FA with TOTP (with 2FAS) on a Proxmox cluster and noticed a very strange behavior.

(When I created Proxmox cluster I disabled 2FA and enable 2FA after cluster creation)

When my cluster is complete (my 2 nodes... it's just a small homelab) I can log in with root@pam, its password and 2FA code.
But when one of my node is unavailable I can't log with 2FA on a node. login/password is fine but 2FA code is not considered as good

I don't understand what is going on.

As an intermediate solution I disabled 2FA... but that not a solution.

Kind regards
 
Sorry but I "broke" my first experimental Proxmox cluster so I won't be able to try this. Anyway if the first cluster node was out of order I won't have been able to log.
 
  • Like
Reactions: scelles
Thanks @mariol. Is enabling TFA on each node separately (ie before creating the cluster) and after that create the cluster a better option to avoid this kind of problem?
 
scelles said:
Thanks @mariol. Is enabling TFA on each node separately (ie before creating the cluster) and after that create the cluster a better option to avoid this kind of problem?
Click to expand...
This cannot be avoided, as the TFA is stored in pmxcfs. If the cluster does not always have quorum (is running), a better solution might be to separate the nodes, so that you have two separate pmxcfs and always have access to everything.

Location: /etc/pve/priv/tfa.cfg

Edit: As workaround you can add a qdevice to your cluster [1]

[1] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_qdevice_technical_overview
 
Last edited:
  • Like
Reactions: scelles
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back