cluster join failed: 401 permission denied - invalid PMG ticket

W

workpush

New Member
Feb 6, 2023
14
1
3
Hello!

I just did a setup for 2 fresh pmg (hostname: pmg-03(master) and pmg-04(slave)) on my VPS and want to join them in a cluster.

On the master I did:
Code: 
root@pmg-03:~# pmgcm create
stop all services accessing the database
save new cluster configuration
update quarantine database
update statistic database
update greylist database
update localstat database
cluster master successfully created

To join I get the following information:
Code: 
root@pmg-03:~# pmgcm join-cmd
pmgcm join 45.132.XXX.XXX --fingerprint CF:3A:48:08:6F:55:6C:1E:EC:91:C2:A7:5E:7F:42:C5:31:6E:88:FF:E7:B8:AF:CA:FD:BC:69:25:BD:1C:9A:5D

When I want to join the cluster, I get the following erros:
Code: 
root@pmg-04:~# pmgcm join 45.132.XXX.XXX --fingerprint CF:3A:48:08:6F:55:6C:1E:EC:91:C2:A7:5E:7F:42:C5:31:6E:88:FF:E7:B8:AF:CA:FD:BC:69:25:BD:1C:9A:5D
cluster join failed: 401 permission denied - invalid PMG ticket

Both have the same software versions:
Code: 
root@pmg-03:~# pmgversion -v
proxmox-mailgateway: 7.2-1 (API: 7.2-4/532fc47f, running kernel: 5.15.83-1-pve)
pmg-api: 7.2-4
pmg-gui: 3.2-2
pve-kernel-helper: 7.3-3
pve-kernel-5.15: 7.3-1
pve-kernel-5.15.83-1-pve: 5.15.83-1
pve-kernel-5.15.74-1-pve: 5.15.74-1
clamav-daemon: 0.103.7+dfsg-0+deb11u1
ifupdown2: 3.1.0-1+pmx3
libarchive-perl: 3.4.0-1
libjs-extjs: 7.0.0-1
libjs-framework7: 4.4.7-1
libproxmox-acme-perl: 1.4.3
libproxmox-acme-plugins: 1.4.3
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.3-2
libpve-http-server-perl: 4.1-5
libxdgmime-perl: 1.0-1
lvm2: 2.03.11-2.1
pmg-docs: 7.2-1
pmg-i18n: 2.8-2
pmg-log-tracker: 2.3.2-1
postgresql-13: 13.9-0+deb11u1
proxmox-mini-journalreader: 1.3-1
proxmox-spamassassin: 3.4.6-5
proxmox-widget-toolkit: 3.5.3
pve-firmware: 3.6-3
pve-xtermjs: 4.16.0-1
zfsutils-linux: 2.1.9-pve1

I disabled 2FA for pmg-03 and pmg-04. So 1 thing what is missing, is probably the NTP. I checked the syslog, which is giving me:

Code: 
Feb 06 03:21:50 pmg-04 pmgdaemon[1417]: starting task UPID:pmg-04:00003BBA:0001D1A7:63E0643E:clusterjoin::root@pam:
Feb 06 03:21:54 pmg-04 pmgdaemon[15290]: 401 permission denied - invalid PMG ticket
Feb 06 03:21:54 pmg-04 pmgdaemon[1417]: end task UPID:pmg-04:00003BBA:0001D1A7:63E0643E:clusterjoin::root@pam: 401 permission denied - invalid PMG ticket
Feb 06 03:22:17 pmg-04 pmg-smtp-filter[1398]: ERROR: RRD error: rrdcached@unix:/var/run/rrdcached.sock: illegal attempt to update using time 1675650137.000000 when last update time is 1675684156.000000 (minimum one second step)
Feb 06 03:22:47 pmg-04 pmg-smtp-filter[1398]: ERROR: RRD error: rrdcached@unix:/var/run/rrdcached.sock: illegal attempt to update using time 1675650167.000000 when last update time is 1675684156.000000 (minimum one second step)

I tried different things like adding another chrony NTP server
`/etc/chrony/sources.d/ntp.sources`

Code: 
server 3.de.pool.ntp.org iburst
followed by `chronyc reload sources`,
but it always ends up in `invalid PMG ticket` and that `ERROR: RRD error`

Do have any idea what I could try?

Thank you!!
 
Last edited:
make sure the 2 hosts really do have the same time!
did you maybe use a wrong password for joining (you need to use the root password for the master node)

Seems the clock was ahead 9 h at some point - try after one day again ....
 
Stoiko Ivanov said:
make sure the 2 hosts really do have the same time!
did you maybe use a wrong password for joining (you need to use the root password for the master node)

Seems the clock was ahead 9 h at some point - try after one day again ....
Click to expand...
Yes, I entered the root password of pmg-03!

Can you tell me what is the time tolerance which is acceptable? Both show the more or less the same time, if I check one after the other. How can I check that they really have the exact same time? (I mean like in the unit of ms)? For that I have to find a way to trigger the time command on both servers at the same moment?
pmg-03:
Code: 
root@pmg-03:~# date && timedatectl && hwclock
Tue 07 Feb 2023 12:32:22 PM CET
               Local time: Tue 2023-02-07 12:32:22 CET
           Universal time: Tue 2023-02-07 11:32:22 UTC
                 RTC time: Tue 2023-02-07 11:32:22
                Time zone: Europe/Berlin (CET, +0100)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
2023-02-07 12:32:22.349064+01:00
pmg-04:
Code: 
root@pmg-04:~# date && timedatectl && hwclock
Tue 07 Feb 2023 12:32:23 PM CET
               Local time: Tue 2023-02-07 12:32:23 CET
           Universal time: Tue 2023-02-07 11:32:23 UTC
                 RTC time: Tue 2023-02-07 11:32:23
                Time zone: Europe/Berlin (CET, +0100)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
2023-02-07 12:32:23.439245+01:00

Just tested again a join. The time errors are gone, but still receive:
Code: 
Feb 07 12:15:01 pgm-04 pmgdaemon[199700]: starting task UPID:pgm-04:0005DE1B:00B6781B:63E232B5:clusterjoin::root@pam:
Feb 07 12:15:04 pgm-04 pmgdaemon[384539]: 401 permission denied - invalid PMG ticket
Feb 07 12:15:04 pgm-04 pmgdaemon[199700]: end task UPID:pgm-04:0005DE1B:00B6781B:63E232B5:clusterjoin::root@pam: 401 permission denied - invalid PMG ticket

Which time is taken for the synchronization? They are 2 netcup VPS servers. Can it have something to do with that? Like the internal HWclock?
Is there a way to get a more verbose output with the join command? Couldn't find anything in the man page about that.
 
Last edited:
Tickets are valid for 2 hours by default - however with a 9h offset it might just be that the ticket is considered invalid (because it was created in the future)

timedifference of a few seconds should not matter

can you maybe share the complete journal when you try to join?
 
Stoiko Ivanov said:
Tickets are valid for 2 hours by default - however with a 9h offset it might just be that the ticket is considered invalid (because it was created in the future)

timedifference of a few seconds should not matter

can you maybe share the complete journal when you try to join?
Click to expand...

There are just these 3 entries on pmg-04 in that time. Else just many incoming ssh connections from foreign IPs.
I just restarted again at 13:08:40 a join try:
Code: 
Feb 07 13:08:40 pmg-04 pmgdaemon[395016]: starting task UPID:kreator-04:00061333:00BB615C:63E23F48:clusterjoin::root@pam:
Feb 07 13:08:43 pmg-04 pmgdaemon[398131]: 401 permission denied - invalid PMG ticket
Feb 07 13:08:43 pmg-04 pmgdaemon[395016]: end task UPID:pmg-04:00061333:00BB615C:63E23F48:clusterjoin::root@pam: 401 permission denied - invalid PMG ticket

on pmg-03 in the whole time I get:
Code: 
Feb 07 13:08:40 pmg-03 pmgdaemon[173896]: successful auth for user 'root@pam'
Feb 07 13:08:45 pmg-03 pmgpolicy[33483]: starting policy database maintenance (greylist, rbl)
Feb 07 13:08:45 pmg-03 pmgpolicy[33483]: end policy database maintenance (14 ms, 1 ms)

At least the root-authentication seems to work.

PS: here is some pmgdaemon journal:
Code: 
Feb 06 18:02:59 pmg-03 pmgdaemon[171413]: authentication failure; rhost=::ffff:5.42.197.50 user=root@pam msg=auth failed: Authentication failure
Feb 06 18:05:39 pmg-03 worker[156702]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 18:05:41 pmg-03 pmgdaemon[156702]: authentication failure; rhost=::ffff:5.42.197.50 user=root@pam msg=auth failed: Authentication failure
Feb 06 18:08:21 pmg-03 worker[173896]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 18:08:23 pmg-03 pmgdaemon[173896]: authentication failure; rhost=::ffff:5.42.197.50 user=root@pam msg=auth failed: Authentication failure
Feb 06 18:11:03 pmg-03 worker[173896]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 18:11:05 pmg-03 pmgdaemon[173896]: authentication failure; rhost=::ffff:5.42.197.50 user=root@pam msg=auth failed: Authentication failure
Feb 06 18:13:44 pmg-03 worker[156702]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 18:13:45 pmg-03 pmgdaemon[156702]: authentication failure; rhost=::ffff:5.42.197.50 user=root@pam msg=auth failed: Authentication failure
Feb 06 18:56:20 pmg-03 worker[173896]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 18:56:20 pmg-03 worker[171413]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 18:56:21 pmg-03 pmgdaemon[173896]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 06 18:56:21 pmg-03 pmgdaemon[171413]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 06 19:11:20 pmg-03 worker[156702]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 19:11:20 pmg-03 worker[171413]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 19:11:21 pmg-03 pmgdaemon[156702]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Au110.84thentication failure
Feb 06 19:11:21 pmg-03 pmgdaemon[171413]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 06 19:26:20 pmg-03 worker[156702]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 19:26:20 pmg-03 worker[173896]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 19:26:22 pmg-03 pmgdaemon[156702]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 06 19:26:22 pmg-03 pmgdaemon[173896]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 06 19:41:20 pmg-03 worker[156702]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 19:41:20 pmg-03 worker[171413]: pam_unix(common-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Feb 06 19:41:21 pmg-03 pmgdaemon[156702]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 06 19:41:21 pmg-03 pmgdaemon[171413]: authentication failure; rhost=::ffff:46.110.84.121 user=root@pam msg=auth failed: Authentication failure
Feb 07 12:13:21 pmg-03 pmgdaemon[173896]: successful auth for user 'root@pam'
Feb 07 12:13:42 pmg-03 pmgdaemon[156702]: successful auth for user 'root@pam'
Feb 07 12:13:43 pmg-03 pmgdaemon[171413]: successful auth for user 'root@pam'
Feb 07 12:13:56 pmg-03 pmgdaemon[173896]: starting task UPID:pmg-03:0005C312:00B65C97:63E23274:aptupdate::root@pam:
Feb 07 12:13:57 pmg-03 pmgdaemon[377618]: update new package list: /var/lib/pmg/pkgupdates
Feb 07 12:14:00 pmg-03 pmgdaemon[173896]: end task UPID:pmg-03:0005C312:00B65C97:63E23274:aptupdate::root@pam: OK
Feb 07 12:15:01 pmg-03 pmgdaemon[173896]: successful auth for user 'root@pam'
Feb 07 12:20:20 pmg-03 pmgdaemon[171413]: starting task UPID:pmg-03:0005CA7A:00B6F27C:63E233F4:termproxy::root@pam:
Feb 07 12:20:20 pmg-03 pmgdaemon[379514]: starting termproxy UPID:pmg-03:0005CA7A:00B6F27C:63E233F4:termproxy::root@pam:
Feb 07 12:20:20 pmg-03 pmgdaemon[379514]: launch command: /usr/bin/termproxy 5900 --path /nodes/pmg-03 -- /bin/login -f root
Feb 07 12:20:20 pmg-03 pmgdaemon[156702]: successful auth for user 'root@pam'
Feb 07 12:20:20 pmg-03 login[379523]: pam_unix(login:session): session opened for user root(uid=0) by root(uid=0)
Feb 07 12:28:43 pmg-03 pmgdaemon[171413]: successful auth for user 'root@pam'
Feb 07 12:42:49 pmg-03 pmgdaemon[171413]: end task UPID:pmg-03:0005CA7A:00B6F27C:63E233F4:termproxy::root@pam: OK
Feb 07 12:43:43 pmg-03 pmgdaemon[171413]: successful auth for user 'root@pam'
Feb 07 12:58:44 pmg-03 pmgdaemon[171413]: successful auth for user 'root@pam'
Feb 07 13:05:55 pmg-03 pmgdaemon[156702]: successful auth for user 'root@pam'
Feb 07 13:07:29 pmg-03 pmgdaemon[156702]: starting task UPID:pmg-03:0005EB14:00BB43AB:63E23F01:termproxy::root@pam:
Feb 07 13:07:29 pmg-03 pmgdaemon[387860]: starting termproxy UPID:pmg-03:0005EB14:00BB43AB:63E23F01:termproxy::root@pam:
Feb 07 13:07:29 pmg-03 pmgdaemon[387860]: launch command: /usr/bin/termproxy 5900 --path /nodes/pmg-03 -- /bin/login -f root
Feb 07 13:07:29 pmg-03 pmgdaemon[173896]: successful auth for user 'root@pam'
Feb 07 13:07:29 pmg-03 login[387864]: pam_unix(login:session): session opened for user root(uid=0) by root(uid=0)
Feb 07 13:08:40 pmg-03 pmgdaemon[173896]: successful auth for user 'root@pam'
Feb 07 13:13:44 pmg-03 pmgdaemon[156702]: successful auth for user 'root@pam'
Feb 07 13:16:24 pmg-03 pmgdaemon[156702]: end task UPID:pmg-03:0005EB14:00BB43AB:63E23F01:termproxy::root@pam: OK
Feb 07 13:18:29 pmg-03 pmgdaemon[171413]: starting task UPID:pmg-03:0005F4A7:00BC4566:63E24195:termproxy::root@pam:
Feb 07 13:18:29 pmg-03 pmgdaemon[390311]: starting termproxy UPID:pmg-03:0005F4A7:00BC4566:63E24195:termproxy::root@pam:
Feb 07 13:18:29 pmg-03 pmgdaemon[390311]: launch command: /usr/bin/termproxy 5900 --path /nodes/pmg-03 -- /bin/login -f root
Feb 07 13:18:29 pmg-03 pmgdaemon[156702]: successful auth for user 'root@pam'
Feb 07 13:18:29 pmg-03 login[390348]: pam_unix(login:session): session opened for user root(uid=0) by root(uid=0)

pmg-04:
Code: 
Feb 06 14:56:44 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 06 14:59:11 pmg-04 pmgdaemon[175867]: worker exit
Feb 06 14:59:11 pmg-04 pmgdaemon[1416]: worker 175867 finished
Feb 06 14:59:11 pmg-04 pmgdaemon[1416]: starting 1 worker(s)
Feb 06 14:59:11 pmg-04 pmgdaemon[1416]: worker 199192 started
Feb 06 15:00:26 pmg-04 pmgdaemon[177154]: worker exit
Feb 06 15:00:26 pmg-04 pmgdaemon[1416]: worker 177154 finished
Feb 06 15:00:26 pmg-04 pmgdaemon[1416]: starting 1 worker(s)
Feb 06 15:00:26 pmg-04 pmgdaemon[1416]: worker 199700 started
Feb 06 15:11:04 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 06 15:11:44 pmg-04 pmgdaemon[199192]: successful auth for user 'root@pam'
Feb 06 15:26:05 pmg-04 pmgdaemon[199700]: successful auth for user 'root@pam'
Feb 06 15:26:45 pmg-04 pmgdaemon[199700]: successful auth for user 'root@pam'
Feb 06 15:41:05 pmg-04 pmgdaemon[199700]: successful auth for user 'root@pam'
Feb 06 15:41:46 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 07 12:13:26 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 07 12:13:37 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 07 12:13:37 pmg-04 pmgdaemon[199192]: successful auth for user 'root@pam'
Feb 07 12:14:11 pmg-04 pmgdaemon[195735]: starting task UPID:pmg-04:0005DB26:00B66475:63E23283:aptupdate::root@pam:
Feb 07 12:14:12 pmg-04 pmgdaemon[383782]: update new package list: /var/lib/pmg/pkgupdates
Feb 07 12:14:15 pmg-04 pmgdaemon[195735]: end task UPID:pmg-04:0005DB26:00B66475:63E23283:aptupdate::root@pam: OK
Feb 07 12:15:01 pmg-04 pmgdaemon[199700]: starting task UPID:pmg-04:0005DE1B:00B6781B:63E232B5:clusterjoin::root@pam:
Feb 07 12:15:04 pmg-04 pmgdaemon[384539]: 401 permission denied - invalid PMG ticket
Feb 07 12:15:04 pmg-04 pmgdaemon[199700]: end task UPID:pmg-04:0005DE1B:00B6781B:63E232B5:clusterjoin::root@pam: 401 permission denied - invalid PMG ticket
Feb 07 12:20:28 pmg-04 pmgdaemon[199700]: starting task UPID:pmg-04:0005E5D8:00B6F7B5:63E233FC:termproxy::root@pam:
Feb 07 12:20:28 pmg-04 pmgdaemon[386520]: starting termproxy UPID:pmg-04:0005E5D8:00B6F7B5:63E233FC:termproxy::root@pam:
Feb 07 12:20:28 pmg-04 pmgdaemon[386520]: launch command: /usr/bin/termproxy 5900 --path /nodes/pmg-04 -- /bin/login -f root
Feb 07 12:20:29 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 07 12:20:29 pmg-04 login[386525]: pam_unix(login:session): session opened for user root(uid=0) by (uid=0)
Feb 07 12:28:38 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 07 12:42:50 pmg-04 pmgdaemon[199700]: end task UPID:pmg-04:0005E5D8:00B6F7B5:63E233FC:termproxy::root@pam: OK
Feb 07 12:43:39 pmg-04 pmgdaemon[195735]: successful auth for user 'root@pam'
Feb 07 12:58:36 pmg-04 pmgdaemon[195735]: worker exit
Feb 07 12:58:36 pmg-04 pmgdaemon[1416]: worker 195735 finished
Feb 07 12:58:36 pmg-04 pmgdaemon[1416]: starting 1 worker(s)
Feb 07 12:58:36 pmg-04 pmgdaemon[1416]: worker 395016 started
Feb 07 12:58:38 pmg-04 pmgdaemon[199700]: successful auth for user 'root@pam'
Feb 07 13:03:49 pmg-04 pmgdaemon[199700]: starting task UPID:pmg-04:00060E78:00BAEFD6:63E23E25:termproxy::root@pam:
Feb 07 13:03:49 pmg-04 pmgdaemon[396920]: starting termproxy UPID:pmg-04:00060E78:00BAEFD6:63E23E25:termproxy::root@pam:
Feb 07 13:03:49 pmg-04 pmgdaemon[396920]: launch command: /usr/bin/termproxy 5900 --path /nodes/pmg-04 -- /bin/login -f root
Feb 07 13:03:50 pmg-04 pmgdaemon[199192]: successful auth for user 'root@pam'
Feb 07 13:03:50 pmg-04 login[396925]: pam_unix(login:session): session opened for user root(uid=0) by root(uid=0)
Feb 07 13:05:55 pmg-04 pmgdaemon[199192]: starting task UPID:pmg-04:000610AF:00BB210F:63E23EA3:clusterjoin::root@pam:
Feb 07 13:05:58 pmg-04 pmgdaemon[397487]: 401 permission denied - invalid PMG ticket
Feb 07 13:05:58 pmg-04 pmgdaemon[199192]: end task UPID:pmg-04:000610AF:00BB210F:63E23EA3:clusterjoin::root@pam: 401 permission denied - invalid PMG ticket
Feb 07 13:08:40 pmg-04 pmgdaemon[395016]: starting task UPID:pmg-04:00061333:00BB615C:63E23F48:clusterjoin::root@pam:
Feb 07 13:08:43 pmg-04 pmgdaemon[398131]: 401 permission denied - invalid PMG ticket
Feb 07 13:08:43 pmg-04 pmgdaemon[395016]: end task UPID:pmg-04:00061333:00BB615C:63E23F48:clusterjoin::root@pam: 401 permission denied - invalid PMG ticket
Feb 07 13:13:38 pmg-04 pmgdaemon[395016]: successful auth for user 'root@pam'
Feb 07 13:16:20 pmg-04 pmgdaemon[199700]: end task UPID:pmg-04:00060E78:00BAEFD6:63E23E25:termproxy::root@pam: OK
Feb 07 13:21:57 pmg-04 pmgdaemon[199700]: starting task UPID:pmg-04:00061F8A:00BC98E5:63E24265:termproxy::root@pam:
Feb 07 13:21:57 pmg-04 pmgdaemon[401290]: starting termproxy UPID:pmg-04:00061F8A:00BC98E5:63E24265:termproxy::root@pam:
Feb 07 13:21:57 pmg-04 pmgdaemon[401290]: launch command: /usr/bin/termproxy 5900 --path /nodes/pmg-04 -- /bin/login -f root
Feb 07 13:21:58 pmg-04 pmgdaemon[199192]: successful auth for user 'root@pam'
Feb 07 13:21:58 pmg-04 login[401330]: pam_unix(login:session): session opened for user root(uid=0) by root(uid=0)
 
Last edited:
- Just wanted to add a new user with a password > 32characters and it gave me an error. For 'root' my password is also longer then 32 characters. Might that be a problem?
- I disabled TOTP but left my recovery key active. could that also be a problem?
- I just checked that chrony-service is in state dead - is that normal?
Code: 
Feb 06 03:30:45 pmg-03 systemd[1]: Starting chrony, an NTP client/server...
Feb 06 03:30:45 pmg-03 chronyd[15584]: chronyd version 4.0 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG)
Feb 06 03:30:45 pmg-03 chronyd[15584]: Frequency -3.137 +/- 0.078 ppm read from /var/lib/chrony/chrony.drift
Feb 06 03:30:45 pmg-03 chronyd[15584]: Using right/UTC timezone to obtain leap second data
Feb 06 03:30:45 pmg-03 chronyd[15584]: Loaded seccomp filter
Feb 06 03:30:45 pmg-03 systemd[1]: Started chrony, an NTP client/server.
Feb 06 03:30:51 pmg-03 chronyd[15584]: Selected source 162.159.200.1 (2.debian.pool.ntp.org)
Feb 06 03:30:51 pmg-03 chronyd[15584]: System clock TAI offset set to 37 seconds
Feb 06 03:31:57 pmg-03 chronyd[15584]: Selected source 144.76.76.107 (3.de.pool.ntp.org)
Feb 06 03:47:01 pmg-03 chronyd[15584]: Selected source 162.159.200.1 (2.debian.pool.ntp.org)
Feb 06 05:07:50 pmg-03 chronyd[15584]: Selected source 185.207.105.38 (2.debian.pool.ntp.org)
Feb 06 05:32:52 pmg-03 chronyd[15584]: Selected source 162.159.200.1 (2.debian.pool.ntp.org)
Feb 06 06:00:37 pmg-03 chronyd[15584]: Selected source 185.207.105.38 (2.debian.pool.ntp.org)
Feb 06 06:07:04 pmg-03 chronyd[15584]: Selected source 144.76.76.107 (3.de.pool.ntp.org)
Feb 06 07:33:05 pmg-03 chronyd[15584]: Selected source 162.159.200.1 (2.debian.pool.ntp.org)
Feb 07 16:01:15 pmg-03 systemd[1]: Stopping chrony, an NTP client/server...
Feb 07 16:01:15 pmg-03 chronyd[15584]: chronyd exiting
Feb 07 16:01:15 pmg-03 systemd[1]: chrony.service: Succeeded.
Feb 07 16:01:15 pmg-03 systemd[1]: Stopped chrony, an NTP client/server.
 
workpush said:
Just wanted to add a new user with a password > 32characters and it gave me an error. For 'root' my password is also longer then 32 characters. Might that be a problem?
Click to expand...
the length restriction on passwords is 64 bytes not 32 (I just tested with a 50 character password...)

workpush said:
- I just checked that chrony-service is in state dead - is that normal?
Click to expand...
no that should not be the case ...

workpush said:
I disabled TOTP but left my recovery key active. could that also be a problem?
Click to expand...
try removing them as well - see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#user_tfa_auth
 
  • Like
Reactions: workpush
Stoiko Ivanov said:
the length restriction on passwords is 64 bytes not 32 (I just tested with a 50 character password...)
Click to expand...
I created again a new user, and this poped up: (I created it over the webinterface)
Screenshot 2023-02-07 at 21-55-56 kreator-04 - Proxmox Mail Gateway.png
Stoiko Ivanov said:
no that should not be the case ...


try removing them as well - see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#user_tfa_auth
Click to expand...
A man thank you - I tought it would be just the recovery key, once I can't use TOTP anymore. It worked now - after I received this errors:
Code: 
Feb 07 21:57:27 pmg-04 systemd[1]: Started Proxmox Mail Gateway Policy Daemon.
Feb 07 21:57:27 pmg-04 pmgdaemon[33999]: syncing master configuration from '45.132.XXX.XXX' failed: rsync error: unexplained error (code 255) at io.c(228) [Receiver=3.2.3]
Feb 07 21:57:27 pmg-04 pmgdaemon[1444]: end task UPID:pmg-04:000084CF:0020809D:63E2BB34:clusterjoin::root@pam: syncing masterconfiguration from '45.132.XXX.XXX' failed: rsync error: unexplained error (code 255) at io.c(228) [Receiver=3.2.3]

I had to undo my changes in the `/etc/ssh/sshd_config`. Before I did the following changes:
Code: 
Port 222
PasswordAuthentication no
UsePAM no
PermitRootLogin prohibit-password
Can you tell me which of them are needed for the cluster join process and which of them can I modify now, after joining?
In https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#firewall_settings did not tell me that the cluster needs rsync.

Thank you!!
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back