User management

L

lukasz.matys

Member
Dec 10, 2015
34
3
8
Hello.
I have built proxmox cluster with 4 nodes. I can log in to the cluster using any of the nodes with root account.
Next I have created the new user test at each node:

shell > useradd test

and then created the user on the first node using web gui.

The problem is that i can log in to the cluster using web interface(with user test) on the first node. But I can not log in to the cluster using other nodes (with user test).

If I logged in for example to the node2 using root account, and then changed a password for test user, then user test can log to the web cluster but only at node2 - not others.

Is that normal?
Regards.
 
lukasz.matys said:
[...]
If I logged in for example to the node2 using root account, and then changed a password for test user, then user test can log to the web cluster but only at node2 - not others.

Is that normal?
Regards.
Click to expand...

afaik yes. If you create a user in the "Linux Pam Standard Authetification" realm, that that is a node-wide user.
If you create it in the real "Proxmox VE authentification server" or in any other Userbackend you plug into proxmox (like LDAP) that that is cluster-wide. Compare
https://pve.proxmox.com/wiki/User_Management

Tl;Dr: Use Proxmox VE authentication server and configure groups / permissions / users via the gui.
 
Its build into Proxmox.

Go to the Gui and then add in this order:
Datacenter -> Authetification
Datacenter -> Groups -> Admin / User / VNC-User / Whatever
Datacenter -> Users -> Username + PVE Authetication + Group
Datacenter -> Permissions -> Add -> Group -> Path + Group-Name + <Role the group shall have access to>

if you need help with those have a look at
https://pve.proxmox.com/wiki/User_Management#Terms_and_Definitions
and start with point 3 and point 5





for path have a look at
https://pve.proxmox.com/wiki/User_Management#Objects_and_Paths
think
--> Datacenter
--> Node
--> VM
+ more
a Path can be e.g.
 
Last edited:
Now I understand. It's built in method.
So why to use unix pam auth method if it was not clustered?!?

Of course Proxmox VE auth is much better.

Regards.
 
Not sure why you are using it. Any chance you stumbled upon youtube's Hadi Alnabris video tutorials ? :p

We use PVE auth for development and LDAP for Production. I have no earthly idea why anyone would prefer to use PAM beyond the initial root-user.
 
Having a similar error, my goal is to create a user that has read only access to everything, especially CEPH storage. I've tried all the roles listed below and can finally see the CEPH tab but I get the following error...

Permission check failed (user != root@pam) (403)

USER: user@pve
ROLES: PVEAuditor, PVEAdmin, PVEDatastoreAdmin, PVEDatastoreUser (no good), I also created a role using ( pveum roleadd *** -privs "Sys.Console Sys.Syslog Sys.Audit VM.Console VM.Monitor VM.Audit Datastore.Audit"

I wasn't sure I could limit the permission using a PAM account and at this point I'm just stuck.
 
You can create your own Custom Group names with custom group settings.

As for ceph, Storage (defined via Datacenter > Storage) works, the Ceph Tab afaik only works via the "initial root" user.

I have done this once on a personal project wth Proxmox 3.4, Not really 100% anymore how it did it, but it involved the command line and the Proxmox API to get the field-names. Afaik most of it was on the Proxmox wiki.
 
I have attempted to do this three different ways...

PAM:

root@fph-in-vh3:~# useradd
root@fph-in-vh3:~# passwd test
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@fph-in-vh3:~# adduser test root
Adding user `test' to group `root' ...
Adding user test to group root
Done.

Results: I can login but I get this error when trying to view the CEPH tab

PAM PERMISSION ERROR.PNG

PVE: Created user, add to group, gave the group the Administrator role again I get the same error.

PVEADS: Added active directory, tested with AD account and I still get the same error

This is the article I have been referencing https://pve.proxmox.com/wiki/User_Management

Any help would be appreciated!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back