Error 401 no ticket proxmox

Connection error 401: No ticket — Nginx Reverse Proxy

ebiscaia

New Member

I’m trying to use proxmox out of my network with nginx proxy. However I always get the message in the title. If I try using port forwarding I have no issues at all.
My proxmox.conf file:

Thanks for all the help,

fabian

Proxmox Staff Member

Best regards,
Fabian

Do you already have a Commercial Support Subscription? — If not, Buy now and read the documentation

fabian

Proxmox Staff Member

Best regards,
Fabian

Do you already have a Commercial Support Subscription? — If not, Buy now and read the documentation

ebiscaia

New Member

Thanks for reaching out. I forgot to mention that my reverse proxy is running in a VM not in the host. Therefore, I am not sure if that page applies to my situation.

fabian

Proxmox Staff Member

Best regards,
Fabian

Do you already have a Commercial Support Subscription? — If not, Buy now and read the documentation

ebiscaia

New Member

I was a little bit empirical but managed to work. Here is my final config:

Источник

[SOLVED] Error : 401 401 authentication failure when join a cluster

team-rcv

New Member

I created a cluster with proxmox and when I run the command : pvecm add 192.168.0.25

on the node wich will join the cluster

I have this output on the command line :

I have verified the time synchronisation, the same version.
And there is the same error with GUI interface.

Can you help me ?
Thanks for your future help

Moayad

Proxmox Staff Member

Please delete know hosts rm

/.ssh/known_hosts then try again.

Best regards,
Moayad

Do you already have a Commercial Support Subscription? — If not, Buy now and read the documentation

kwinz

Member

I have the same problem. Freshly installed Proxmox 6.2-6 machines.
Subscription + fully updated.

Joining second machine to first machine’s cluster via GUI gives error message:

Establishing API connection with host ‘192.168.194.11’
TASK ERROR: 401 401 authentication failure

I double checked the join information string. Removing known_hosts did not help as it does not exist on either pve1 or pve2 @Moayad

/.ssh/known_hosts
rm: cannot remove ‘/root/.ssh/known_hosts’: No such file or directory
root@pve2:

# ls -la /root/.ssh/
total 20
drwxr-xr-x 2 root root 4096 Jun 22 14:09 .
drwx—— 4 root root 4096 Jun 22 15:53 ..
lrwxrwxrwx 1 root root 29 Jun 22 14:09 authorized_keys -> /etc/pve/priv/authorized_keys
-rw-r—— 1 root root 117 Jun 22 14:09 config
-rw——- 1 root root 1811 Jun 22 14:09 id_rsa
-rw-r—r— 1 root root 391 Jun 22 14:09 id_rsa.pub

The relevant section in the logfile is just:

Источник

[SOLVED] Working with API, getting 401 No Ticket

WhiteStarEOF

Active Member

tl;dr
I’m trying to create a new storage object on a single node Proxmox box using Python 3 and the Proxmox API. When I try, it gives me a 401 No Ticket error. I am grabbing the CSRFPreventionToken, and the Ticket. I have tried passing them through to the API via the data section and via the headers section. It doesn’t seem to like either of those. So I’m wondering if the token and ticket need to be passed some other way.
/tl;dr

I am working with the Proxmox API on Proxmox 6.2-10, and am using Python 3 with the requests module. I’ve got my get commands working as expected. Then, as I understand it, when doing a post, put, or delete, I need to use the CSRFPreventionToken and the Ticket that I got when authenticating with the API.

Here’s the start:

A little ugly, but that’s the result of a bunch of troubleshooting I had done. I’ll get that cleaned up. But for now, it works. If I jump into pdb3 and print self.debug.content, I get this.

Okay, so we see the CSRFPrevention token and the ticket. Great. Now let’s jump ahead to the usage. Here’s the work in pdb3.

What I’m not sure about is if I’m putting the token and ticket in the right spot. I’ve tried putting it in the headers section, because that works for get commands where just the token is needed. I’ve also tried adding the token and ticket to the data section. I have also tried adding the username to the headers and data sections, but to no avail. Everything I do results in 401 No Ticket.

Not sure if I’m using the API wrong, or just can’t Python.

Источник

Connection error 401: permission denied — invalid PVE ticket

Active Member

HI,
since a couple of hours I do get this message at the proxmox gui on cluster host 1
but on cluster host 5 everything is fine.

What could be the reason and which steps have to be done to narrow it down

I looked into pveproxy where I guess are the pve tickets from and saw some

Nov 11 13:15:51 prox01 pveproxy[18082]: got inotify poll request in wrong process — disabling inotify

and a few
Nov 11 13:20:39 prox01 pveproxy[8722]: 2020-11-11 13:20:39.497791 +0100 error AnyEvent::Util: Runtime error in AnyEvent::guard callback: Can’t call method «_put_session» on an undefined value at /usr/lib/x86_64-linux-gnu/perl5/5.28/AnyEvent/Handle.pm line 2259 during global destruction.

Active Member

dcsapak

Proxmox Staff Member

Best regards,
Dominik

Do you already have a Commercial Support Subscription? — If not, Buy now and read the documentation

Active Member

# timedatectl timesync-status
Server: ntp1
Poll interval: 34min 8s (min: 32s; max 34min 8s)
Leap: normal
Version: 4
Stratum: 1
Reference: PPS
Precision: 2us (-19)
Root distance: 442us (max: 5s)
Offset: +1.527ms
Delay: 3.383ms
Jitter: 3.488ms
Packet count: 5068
Frequency: +20,113ppm

root@prox01:/var/log# timedatectl timesync-status
Server: ntp1
Poll interval: 34min 8s (min: 32s; max 34min 8s)
Leap: normal
Version: 4
Stratum: 1
Reference: PPS
Precision: 2us (-19)
Root distance: 411us (max: 5s)
Offset: +39us
Delay: 5.539ms
Jitter: 2.028ms
Packet count: 5070
Frequency: +2,812ppm

dcsapak

Proxmox Staff Member

also the time of the client (browser)?

anything else in the syslog?

Best regards,
Dominik

Do you already have a Commercial Support Subscription? — If not, Buy now and read the documentation

4ps4all

New Member

I’m getting same problem since today, I can’t login through proxmox gui in a single proxmox node (ssh works).
I used lastly pve-promox-backup.iso in another proxmox node, but the two nodes are not in a cluster.
The single node I can’t login through proxmox gui should have done vm and ct backups in the other node, I hope so.

pve version:
pve-manager/6.2-15/48bd51b6 (running kernel: 5.4.65-1-pve)

Источник

3 Node cluster «permission denied — invalid PVE ticket (401)»

BugProgrammer

New Member

Tried to create a 3 node cluster with a fresh proxmox ve 6.0-4 install.
Cluster creation works and adding a second node works aswell, but after i added the 3rd node i get «permission denied — invalid PVE ticket (401)» (only for the third the other 2 are still working).

In the webinterface i can access Node 1 and 2, but 3 aborts with this message. Node 3 can’t access any node.

Dominic

Proxmox Retired Staff

Best regards,
Dominic

Do you already have a Commercial Support Subscription? — If not, Buy now and read the documentation

BugProgrammer

New Member

What i tried until now:
-use another browser/workstation to access
-separate the 3rd node and use delnode on the other clients then readd
-tried the above and before readd i cleared all reverences i could find on the 2 working nodes
-checked timedatectl and synced the time and timezone between all nodes
-reinstalled node 3 & synced the time and added it to the cluster again (before i cleared all references from the other nodes)

Nothing of this worked. After «pvecm add ip-of-the-first-node» it says successful and the webpanel shows the node in the cluster with it’s local and local lvm. When i expand it i get «permission denied — invalid PVE ticket (401)».

No idea what i should try next.

BugProgrammer

New Member

hibouambigu

Member

Same thing is happening to me too. Fourth cluster I’ve built, but first time using the GUI and separate corosync network to do so (now with 6.0.4)

Hosts can all ping one-another on corosync network, and all went fine until joining node #2 and #3 via GUI.

Is the corosync cluster network supposed to be able to reach the NTP server directly from that separate network?

EDIT: more detail:

2/3 nodes seem to be ok. The 3rd node has joined the cluster and is visible in the other 2 nodes management windows via web UI.

Node 3 asks for login each time it is visited. Nothing works from this node’s web UI, but it does believe it is joined to the cluster (node 1 and 2 are visible, but clicking anything throws errors. 401: no ticket in shell, and «NaN» repeatedly in other fields within the cluster management).

hibouambigu

Member

Same thing is happening to me too. Fourth cluster I’ve built, but first time using the GUI and separate corosync network to do so (now with 6.0.4)

Hosts can all ping one-another on corosync network, and all went fine until joining node #2 and #3 via GUI.

Is the corosync cluster network supposed to be able to reach the NTP server directly from that separate network?

EDIT: more detail:

2/3 nodes seem to be ok. The 3rd node has joined the cluster and is visible in the other 2 nodes management windows via web UI.

Node 3 asks for login each time it is visited. Nothing works from this node’s web UI, but it does believe it is joined to the cluster (node 1 and 2 are visible, but clicking anything throws errors. 401: no ticket in shell, and «NaN» repeatedly in other fields within the cluster management).

For anyone else knocking about with this.
Seem to have solved it for now. Still not sure why the error happened during cluster creation!

2.) restarted nodes.
3.) cleared browser cookies for all three nodes.

..still had the errors, until the web browser itself was purged of cache, closed and restarted.

Источник

Hi

i have proble with ticket and cookie system

<?php

/*
For the first you need:
1. Create User group "VNC" –> Datacenter / Permissions / Group
2. Create new user -> Datacenter / Permissions / Users - select Group: "VNC", Realm: pve
3. Create new Role -> Datacenter / Permissions / Roles - select Name: "VNC", Privilegies: VM.Console (only)
3. Add permision to access VM -> Datacenter / Node / VM / Permissions / Add Group Permissions - select Group: "VNC", Role: "VNC"
*/

require_once 'vendor/autoload.php';
use ProxmoxVEProxmox;



$host = 'X.x.x.x';
$node = 'node';
$vmid = '102';

$credentials = [
    'hostname'  => $host,
    'username'  => 'root',
    'password'  => 'XXXX'
];

$proxmox = new Proxmox($credentials);

if($login = $proxmox->login()) {
    // Get and save ticket
    $ticket = $login->getTicket();
    $config = $proxmox->create('/nodes/'.$node.'/qemu/'.$vmid.'/vncproxy', [
        'websocket' => 1 // Start websocket
    ]);
    $websock = $proxmox->get('/nodes/'.$node.'/qemu/'.$vmid.'/vncwebsocket', [
        'vncticket' => $ticket,
        'port'      => $config['data']['port'],

    ]);
    // Set Cookies (domain must be in same space that pve. Example: pve – pve1.your.com, host – auth.your.com, Set cookies to your.com)
    setcookie('PVEAuthCookie', $ticket , 0, '/', 'localhost:4000', false);

    $src_href = 'https://'.$host.':8006/?console=kvm&novnc=1&node='.$node.'&resize=1&vmid='.$vmid.'&path=api2/json/nodes/'.$node.'/qemu/'.$vmid.'/vncwebsocket/port/'.$config['data']['port'].'/vncticket/'.$ticket;
    echo '<iframe src="'.$src_href.'" frameborder="0" scrolling="no" width="800px" height="600px"></iframe>';
}

?>

i got 401 error i think this happend because i used spicial port 4000 but i dont know how fix it

Skip to content

journalctl -u pvedaemon