PVE as non-root fails

MaPf · Post by **MaPf** » Mar 26, 2025 10:27 am this post

Hi all,

I just installed 12.3.1 yesterday and had to try the new feature to use PVE without the root user.

Followed https://www.veeam.com/kb4701 and I can log on with that user on the host with SSH.

But when adding the host to Veeam B&R, it fails on the "Credentials" step with "The password request timeout has expired"

I didn't open a case yet, in case someone here has a quick answer

Best regards
Markus

Post by **mjr.epicfail** » Mar 26, 2025 11:11 am this post

is the user you are using, MFA protected?

Mar 26, 2025 11:52 am

Hi Markus,

Can you SSH to the PVE host from the VBR host (using PuTTY)?

MaPf · Post by **MaPf** » Mar 26, 2025 2:38 pm this post

Sorry for the delay.

mjr.epicfail wrote: ↑Mar 26, 2025 11:11 am is the user you are using, MFA protected?

No it's a normal user created on each host (6-node-cluster, forgot to mention that) like in the KB

Hi Markus,

Can you SSH to the PVE host from the VBR host (using PuTTY)?

Yes I can. it takes about a second to log in
Root login is almost instant

Mar 26, 2025 3:53 pm

Hello Markus,

To ensure clarity, your sudoers file should be identical to the one described in the knowledge base article: https://www.veeam.com/kb4701.
Is there any alteration, especially regarding the PASSWD part?

Аnd you did install sudo in PVE host, didn't you?

MaPf · Post by **MaPf** » Mar 26, 2025 4:22 pm this post

Aww, no it's not ... I didn't configure it myself ... will talk to my colleague tomorrow as I'm not that Linux guy
Thanks for the hint.

MaPf · Post by **MaPf** » Mar 27, 2025 8:18 am this post

Ok, the connection issue is sorted out after the sudo installation

But when I try to switch the credentials from "root" to the new user, a permission issue error pops up
"Make sure the specified user has sufficient permissions to execute dmidecode on the Proxmox VE server"

Do I have to remove and re-add all the hosts from B&R ?
What will that do with configured backup jobs?

Code: Select all

cat /etc/sudoers

veeamdep ALL=(root) PASSWD: /usr/sbin/dmidecode -s system-uuid
veeamdep ALL=(root) PASSWD: /usr/bin/kvm -S *
veeamdep ALL=(root) PASSWD: /usr/bin/qemu-img info *
veeamdep ALL=(root) PASSWD: /usr/bin/qemu-img create *
veeamdep ALL=(root) PASSWD: /usr/sbin/qm create *
veeamdep ALL=(root) PASSWD: /usr/sbin/qm ^showcmd [0-9]+ --pretty$
veeamdep ALL=(root) PASSWD: /usr/sbin/qm ^unlock [0-9]+$
veeamdep ALL=(root) PASSWD: /usr/bin/socat ^TCP-LISTEN:[0-9]+,bind=127\.0\.0\.1 UNIX-CONNECT:/[a-zA-Z0-9_./-]+$
veeamdep ALL=(root) PASSWD: /usr/bin/mkdir -p /var/lib/vz/snippets/
veeamdep ALL=(root) PASSWD: /usr/bin/pvenode cert info --output-format json
veeamdep ALL=(root) PASSWD: /usr/bin/pvesh ^get storage/([a-zA-Z0-9_-]+) --output json$
veeamdep ALL=(root) PASSWD: /usr/bin/pvesh ^set /nodes/([a-zA-Z0-9_-]+)/qemu/([0-9]+)/config --lock ([a-zA-Z]+)$
veeamdep ALL=(root) PASSWD: /usr/bin/pkill -9 -e -f -x socat *
veeamdep ALL=(root) PASSWD: /usr/sbin/lvchange -ay *
veeamdep ALL=(root) PASSWD: /usr/sbin/lvchange -an *
veeamdep ALL=(root) PASSWD: /usr/bin/rbd device map *
veeamdep ALL=(root) PASSWD: /usr/bin/mv ^-n /tmp/([a-zA-Z0-9_-]+\.config) /var/lib/vz/snippets/([a-zA-Z0-9_-]+\.config)$
veeamdep ALL=(root) PASSWD: /usr/bin/rm ^/[a-zA-Z0-9_/-]+/VeeamTmp[a-zA-Z0-9_.-]+$
veeamdep ALL=(root) PASSWD: /usr/bin/rm ^-f /[a-zA-Z0-9_/-]+/VeeamTmp[a-zA-Z0-9_.-]+$
veeamdep ALL=(root) PASSWD: /usr/bin/rm ^-f /var/lib/vz/snippets/[a-zA-Z0-9_-]+\.config$
veeamdep ALL=(root) PASSWD: /usr/bin/rm ^-f /var/lib/vz/template/iso/[a-zA-Z0-9_.-]+\.img$

Mar 27, 2025 10:45 am

Hi Markus,

Is your sudo privileges user indeed named veeamdep? I see that you copied the sudoers file directly from the KB.
Did you check the box for "Elevate account privileges automatically"?

Please check if you can run the following command as a sudo privileged user, directly via SSH login:

Code: Select all

/usr/sbin/dmidecode -s system-uuid

MaPf · Post by **MaPf** » Mar 27, 2025 12:32 pm this post

Yes the user is named the same as in the KB.
The mentioned box is checked, the other two below it are not.

Code: Select all

 /usr/sbin/dmidecode -s system-uuid
/sys/firmware/dmi/tables/smbios_entry_point: Permission denied
/dev/mem: Permission denied

By "as a sudo privileged user" you mean the veeamdep user?

Mar 27, 2025 1:53 pm

Hi Markus,

Yes as veeamdep and you should run and test command starting with sudo command:

Code: Select all

sudo /usr/sbin/dmidecode -s system-uuid

However, it's not efficient to keep troubleshooting a technical issue over forum posts.
Kindly do open a support case for further investigation and post the case ID here for reference.

MaPf · Mar 27, 2025 3:21 pm

Prefixed with "sudo" and entering the password after the execution the command output shows a uuid

I just created case #07651969 for further troubleshooting.

Thanks so far Rovshan

MaPf · Post by **MaPf** » Apr 26, 2025 8:41 am this post

It turned out there was a misconfiguration on the PVE hosts

R&D Forums

PVE as non-root fails

Re: PVE as non-root fails

Re: PVE as non-root fails

Re: PVE as non-root fails

Re: PVE as non-root fails

Re: PVE as non-root fails

Re: PVE as non-root fails

Re: PVE as non-root fails

Re: PVE as non-root fails

Re: PVE as non-root fails

Re: PVE as non-root fails

Re: PVE as non-root fails

Who is online