Can't log in to the child node after joining the cluster

M

mxscbv

Member
Jan 25, 2022
37
0
6
38
Hello

I've created a cluster with 2 nodes: Node A and Node B. Node A is the 'main' node and Node B joined the cluster.

After creating the cluster, I can no longer log in to the Node B and I get an SSL certificate error. I can log in using the address associated with the Node A and can see the whole cluster, configure Node B, and do everything else, but when I go to the Node B's 'main' IP address:8006 and enter my root credentials, I get the login error:

"Login failed. Please try again"

I was able to log in to the Node B using its IP address before this node was joined to the cluster.

Is that behavior by design that I can only manage the cluster using the 'main' node IP or am I doing something wrong?

If not, can anybody assist me in fixing these 2 issues?

Thanks for your help!

Max
 
does the node b have a different root password? note that the users in the '@pam' realm are using the node local password where you login
if not, can you post the journal from the node b while you were trying to login ?
mxscbv said:
Is that behavior by design that I can only manage the cluster using the 'main' node IP or am I doing something wrong?
Click to expand...
you can manage both from the first node, but you should be able to login to all nodes
 
After resetting the password at Node B and resetting 2FA it started working and now I can log in. But I'm 100% sure it worked with the old password before Node B joined the cluster. Also, there were no SSL cert errors before.

Does root password/SSL changes somehow when a node joins a cluster?

Thank you.
 
mxscbv said:
Sorted, thanks for your help.
Click to expand...
thats great.

would you mind telling us what the problem was? maybe someone else in the future can profit from the answer :)
 
The problem logging in to Node B was the second factor (OTP). When I created the TOTP on Node B, I used the same 'Description' and 'Issuer name' and it apparently overwrote the TOTP I created before on Node A.

It seems like when creating a TOTP, the options should be unique for each node across the 'Datacenter'.

Could you please confirm which of the options in TOTP should be unique across the 'Datacenter'?
 
we only save totp/second factor information once per cluster. so it's always the same for the whole cluster
also the remaining users are cluster-wide, the only thing local with uses are the @pam users since there we do password verification via pam on the node where you login
if you use '@pve' users, their password is synced across the cluster
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom