[SOLVED] After syncing to a new datastore: backup owner check failed (pve-user@pbs != backup@pam)

Cookiefamily

Active Member
Jan 29, 2020
108
28
28
Hi,

I wanted to switch to a new datastore (store02) (on different disks) so did the following:
  1. Add a second datastore to the pbs server (store02)
  2. Added a remote with localhost and the store02 datastore
  3. Ran a sync from store01 to the "remote" localhost:store02
  4. Removed store01
  5. Modified the Permissions for the pve-user@pbs to allow access to store02
  6. In PVE removed the store01 datastore
  7. In PVE added a new datastore for store02
  8. Modified Backup Task to point to the new datastore.
Now I no longer see any backups in PVE in the "Content" tab of the datastore. When I try to run backups, I recieve the following:
VM 100 qmp command 'backup' failed - backup connect failed: command error: backup owner check failed (pve-user@pbs != backup@pam)
I kept the user at the pbs-side the same, what exactly is happening here? Shouldn't the permissions be carried over?
 

oversite

Active Member
Jul 13, 2011
116
17
38
Hi,

I wanted to switch to a new datastore (store02) (on different disks) so did the following:
  1. Add a second datastore to the pbs server (store02)
  2. Added a remote with localhost and the store02 datastore
  3. Ran a sync from store01 to the "remote" localhost:store02
  4. Removed store01
  5. Modified the Permissions for the pve-user@pbs to allow access to store02
  6. In PVE removed the store01 datastore
  7. In PVE added a new datastore for store02
  8. Modified Backup Task to point to the new datastore.
Now I no longer see any backups in PVE in the "Content" tab of the datastore. When I try to run backups, I recieve the following:
VM 100 qmp command 'backup' failed - backup connect failed: command error: backup owner check failed (pve-user@pbs != backup@pam)
I kept the user at the pbs-side the same, what exactly is happening here? Shouldn't the permissions be carried over?
perhaps a quick search on the forum? there are plenty of info about this problem:
https://forum.proxmox.com/threads/backups-multi-pbs-replications.76514/#post-340732

The problem is that sync does not use the same user as the backups.
 

fabian

Proxmox Staff Member
Staff member
Jan 7, 2016
5,571
925
163
you can use 'proxmox-backup-client change-owner' to change the owner, the option to set this on pull/sync jobs is in the works.
 

Robstarusa

Active Member
Feb 19, 2009
64
1
28
you can use 'proxmox-backup-client change-owner' to change the owner, the option to set this on pull/sync jobs is in the works.
For those of you who are confused a bit on this as I was, here is an example:

root@pbs:/# proxmox-backup-client change-owner vm/104 <youruser>@pbs --repository <yourrepository>

the "group" can be seen in the gui under your datastore. My "backup groups" were "vm/104", "vm/105" etc...
My repository name was "002"
 
Last edited:
  • Like
Reactions: Cookiefamily

Cookiefamily

Active Member
Jan 29, 2020
108
28
28
For those of you who are confused a bit on this as I was, here is an example:

root@pbs:/# proxmox-backup-client change-owner vm/104 <youruser>@pbs --repository <yourrepository>

the "group" can be seen in the gui under your datastore. My "backup groups" were "vm/104", "vm/105" etc...
My repository name was "002"
Thank you for that example, I‘ll stick to the „hacky“ way suggested by oversite as I can easily change owners for all Backups at once. But good to have nonetheless!
 

djdonnerwolke

New Member
Sep 26, 2020
11
0
1
31
For those of you who are confused a bit on this as I was, here is an example:

root@pbs:/# proxmox-backup-client change-owner vm/104 <youruser>@pbs --repository <yourrepository>

the "group" can be seen in the gui under your datastore. My "backup groups" were "vm/104", "vm/105" etc...
My repository name was "002"
How can I find out the repository? I entered the command on the pbs but only got back error. For me, the background is that I have switched to 2fa. Of course, I created an API token on the pbs and this one has retained the permissions. In the meantime, I deleted all backups because I believed that these backups were built on the old backups. However, I get the error described above. What can I do?

Thank you.
 

Attachments

  • Screenshot_20210606-231330.png
    Screenshot_20210606-231330.png
    295 KB · Views: 5

fabian

Proxmox Staff Member
Staff member
Jan 7, 2016
5,571
925
163
repository is the combination of user/token ID, PBS host and datastore:
USER@REALM@HOST:DATASTORE, e.g. root@pam!sv22-backup01@pbs.example.com:mydatastore. you should find all that information on the PVE side in your storage config entry ;)
 

djdonnerwolke

New Member
Sep 26, 2020
11
0
1
31
repository is the combination of user/token ID, PBS host and datastore:
USER@REALM@HOST:DATASTORE, e.g. root@pam!sv22-backup01@pbs.example.com:mydatastore. you should find all that information on the PVE side in your storage config entry ;)
Do you mean the entries in "/etc/pve/storage.cfg"?

Then by "mydatastore" you mean "backup1" in my case?
I will try it out.
 

Attachments

  • 2021-06-07 20_22_39-vhost01 - Proxmox Virtual Environment.png
    2021-06-07 20_22_39-vhost01 - Proxmox Virtual Environment.png
    6.9 KB · Views: 3

oversite

Active Member
Jul 13, 2011
116
17
38
Do you mean the entries in "/etc/pve/storage.cfg"?

Then by "mydatastore" you mean "backup1" in my case?
I will try it out.
The PBS entries in /etc/pve/storage.cfg yes, they are the same you see in the PVE GUI under datacenter/storage. Not the ones you show in the attachment as storage under one node.
 
  • Like
Reactions: djdonnerwolke

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!