"Forbidden" error connecting to lxd server

Hello folks,

I have an lxd server I’ve created, and I was able to auth a client to the server and copy a couple of images there. Now, on a second client, I am trying to add the remote so I can pull down images. However, each time I try to add the remote I get
Error: Get "": Forbidden
immediately upon executing.

The network is a flat, with client-1 on and client-2 on

From client-2, nc -v 8443 succeeds, and I can see 8443 listening on the server when I run ss -plant. Neither host has the firewall running, ufw status shows Inactive (plus nc is connecting, so I’ve ruled out a network issue).

My current server config is

  core.trust_password: true

However I have also tried, 8443 and :8443 for the core.https_address, making sure I run systemctl reload snap.lxd.daemon.service after each config change.

lxc config trust show shows client-1 in the list, so I know the server was (still is?) working. In fact, I’m able to list images on the remote with lxc image list server:ubuntu as well as lxc copy images across to there.

Client-2, however, gets the “Forbidden” error in each instance. I’ve tried-

  1. lxc remote add
  2. lxc remote add
  3. lxc remote add --protocol=simplestreams
    (3 failed with Error: Failed parsing streams: Get "": Service Unavailable"
  4. From the server side- lxc config trust add with ubuntu@client-2 for the client name. Then from the client-2 side, I ran lxc remote add server <token-from-server>, which fails with the error All server addresses are unavailable, Please provide an alternate server address (empty to abort):- I’ve tried and for this but neither has worked so far.

My understanding of the core.trust_password option was that this would prompt the client for a password configured on the server, and when the password was give the client could input a password and have their client certificate added to the trust store, but at the moment none of my clients are getting even the prompt for a password- aside from client-2 I have client-3 and client-4 that have the same “Forbidden” issue. Is there something I’ve configured incorrectly?

That said, you probably want to run with --debug to get a better idea of exactly what’s returning that error.

1 Like

Thank you @stgraber , I’ll give the --debug option a try, and head over to Canonical forums to repost my query there.

Also, wow that’s a quick response time! Thank you for that