[SOLVED] 401 Unauthorized - Trying to connect PBS to proxmox node

P

patcas

New Member
Feb 22, 2020
10
4
3
34
Hello there,
We are trying to connect our PBS to a single proxmox node. We followed the following manual: https://pbs.proxmox.com/docs/pve-integration.html
When entering the following command on the proxmox node:
Bash: 
pvesm add pbs backups --server 10.*.*.*8 --datastore backups --username node2_usr@pbs --password ************ --fingerprint 94:04:08********2f:8e

We get the following result:
Code: 
create storage failed: error during cfs-locked 'file-storage_cfg' operation: backups: error fetching datastores - 401 Unauthorized

With the following command:
Bash: 
proxmox-backup-client list --repository 'node2_usr@pbs!node2_access@****:8007:backups'
returns:
Code: 
Error: permission check failed

When running on the PBS the following command:
Bash: 
proxmox-backup-manager user permissions node2_usr@pbs --path /datastore/backups
It returns:
Code: 
Privileges with (*) have the propagate flag set

Path: /datastore/backups
- Datastore.Allocate (*)
- Datastore.Audit (*)
- Datastore.Backup (*)
- Datastore.Modify (*)
- Datastore.Prune (*)
- Datastore.Read (*)
- Datastore.Verify (*)
- Permissions.Modify (*)
- Remote.Audit (*)
- Remote.Modify (*)
- Remote.Read (*)
- Sys.Audit (*)
- Sys.Console (*)
- Sys.Modify (*)
- Sys.PowerManagement (*)
Since we have given the node2_usr@pbs user full admin rights for testing. Also we tried the same with the local root user of the PBS with the same results.

Node2 as well as the PBS are up-to-date.

Any ideas?

Thank you very much!
 
Hi,

what Proxmox Backup Server version is in use?

Also, did you setup TFA for that user? As then, you need to use API tokens for accessing the storage via the client.
 
Hi,

I am using Backup Server 1.0-8.
TFA is not activated...

Thank you for your help.
 
patcas said:
proxmox-backup-client list --repository 'node2_usr@pbs!node2_access@****:8007:backups'
Click to expand...
This uses a token.

patcas said:
proxmox-backup-manager user permissions node2_usr@pbs --path /datastore/backups
Click to expand...
This checks the user.

Tokens do not inherit privileges automatically from the user, that's by design.
Add explicit permissions for that token, if you want that it has the same as the user then a shortcut is giving that Token Admin on / - that's safe as tokens can never have more permissions than the user they base off.
 
  • Like
Reactions: lxiosjao
Hi,
You are right, the token permission list does look quite empty. But that should not be a problem if I try to connect using a user and password like in the first command above:
Bash: 
pvesm add pbs backups --server 10.*.*.*8 --datastore backups --username node2_usr@pbs --password ************ --fingerprint 94:04:08********2f:8e

Are there any commands I could use for debugging this issue and provide you with further information?

Thank you very much for your repsonse!

Best
patcas
 
For me I had to add the DataBackup permissions to the pbs server and then also use that root@pam for the username in the backup. I get why this was designed like this but you need to make it WAY more obvious in the gui... this info doesn't seem to be in the quick start or any decent tut I've watched on setting up.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom