[SOLVED] Login failed. Please try again. Linix PAM auth

What services and files are required to authorize users using the PAM method? Can a firewall setting affect user authorization in any way? The last time I am configured the firewall.
No, the Firewall should not interfere here, you have access to the pveproxy on port 8006, so that should be fine. Anything else you changed recently? Did you install any custom scripts or the like?

I overlooked that you run not the latest PVE version, maybe try to upgrade to the latest stable version.
 
root@prox00 ~ # pveversion -v
proxmox-ve: 7.4-1 (running kernel: 5.15.107-2-pve)
pve-manager: 7.4-13 (running version: 7.4-13/46c37d9c)
pve-kernel-5.15: 7.4-3
pve-kernel-5.15.107-2-pve: 5.15.107-2
pve-kernel-5.15.39-2-pve: 5.15.39-2
ceph-fuse: 14.2.21-1
corosync: 3.1.7-pve1
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown: residual config
ifupdown2: 3.1.0-1+pmx4
libjs-extjs: 7.0.0-1
libknet1: 1.24-pve2
libproxmox-acme-perl: 1.4.4
libproxmox-backup-qemu0: 1.3.1-1
libproxmox-rs-perl: 0.2.1
libpve-access-control: 7.4.1
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.4-1
libpve-guest-common-perl: 4.2-4
libpve-http-server-perl: 4.2-3
libpve-rs-perl: 0.7.7
libpve-storage-perl: 7.4-3
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 5.0.2-2
lxcfs: 5.0.3-pve1
novnc-pve: 1.4.0-1
proxmox-backup-client: 2.4.2-1
proxmox-backup-file-restore: 2.4.2-1
proxmox-kernel-helper: 7.4-1
proxmox-mail-forward: 0.1.1-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.7.2
pve-cluster: 7.3-3
pve-container: 4.4-4
pve-docs: 7.4-2
pve-edk2-firmware: 3.20230228-4~bpo11+1
pve-firewall: 4.3-4
pve-firmware: 3.6-5
pve-ha-manager: 3.6.1
pve-i18n: 2.12-1
pve-qemu-kvm: 7.2.0-8
pve-xtermjs: 4.16.0-2
qemu-server: 7.4-3
smartmontools: 7.2-pve3
spiceterm: 3.2-2
swtpm: 0.8.0~bpo11+3
 
A strange problem has appeared: there is no Internet access on the prox00 host o_O. I probably messed something up.
Code:
root@prox00 ~ # ip a
2: enp41s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether a8:a1:59:c0:ba:86 brd ff:ff:ff:ff:ff:ff
    inet xxx.xxx.xxx.198/27 scope global enp41s0
       valid_lft forever preferred_lft forever

root@prox00 ~ # ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
^C
--- 1.1.1.1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4098ms

root@prox00 ~ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4094ms

root@prox00 ~ # netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0           xxx.xxx.xxx.193   0.0.0.0         UG        0 0          0 enp41s0
xxx.xxx.xxx.192   0.0.0.0           255.255.255.224 U         0 0          0 enp41s0
192.168.50.0      0.0.0.0           255.255.255.0   U         0 0          0 vmbr1

but, from VM100 Internet access is available:

Code:
08:57:15 [root@p550003:~]$ ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 10000
    link/ether 06:47:d1:8a:9a:eb brd ff:ff:ff:ff:ff:ff
    inet 192.168.50.102/24 brd 192.168.50.255 scope global eth0

08:57:25 [root@p550003:~]$ netstat -rn
192.168.50.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0
0.0.0.0         192.168.50.1    0.0.0.0         UG        0 0          0 eth0

08:57:35 [root@p550003:~]$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=57 time=5.33 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=57 time=5.29 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=57 time=5.28 ms
^C
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2221ms
rtt min/avg/max/mdev = 5.289/5.305/5.333/0.086 ms

08:57:38 [root@p550003:~]$ ping google.com
PING google.com (142.250.186.142) 56(84) bytes of data.
64 bytes from fra24s07-in-f14.1e100.net (142.250.186.142): icmp_seq=1 ttl=117 time=5.05 ms
64 bytes from fra24s07-in-f14.1e100.net (142.250.186.142): icmp_seq=2 ttl=117 time=5.06 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1861ms
rtt min/avg/max/mdev = 5.054/5.060/5.066/0.006 ms

Please, help me
 
No, the Firewall should not interfere here, you have access to the pveproxy on port 8006, so that should be fine. Anything else you changed recently? Did you install any custom scripts or the like?

I overlooked that you run not the latest PVE version, maybe try to upgrade to the latest stable version.
Do you can halp me, please?
 
I did it. I solved it.
The problem was with iptables. in the INPUT chain. in the DROP policy without additionally configured permissions.
Code:
Chain INPUT (policy DROP 50566 packets, 3169K bytes)
pkts bytes target     prot opt in     out     source               destination
45857 3356K ACCEPT     tcp  --  *      *       xxx.xxx.xxx.xxx      0.0.0.0/0            multiport dports 2233,8006
  375 19480 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 2233,8006

solution (something like this)
Code:
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
 
Thank you alexander, I had the same problem. Just wanted to add that I needed to add
iptables -A OUTPUT -o lo -j ACCEPT
also.

Then I could
telnet localhost 8006
Again and I could login
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!