Lxc remote add fails with "error: not authorized"

LXC remote add fails with “error: not authorized”

Debug logs below, any help will be appreciated.

    useracc@my-lxd-host-1:~$ lxc remote add my-lxd-host-3my-lxd-host-3 <ip_address_host_3> --password=<password> --debug --accept-certificate
DBUG[07-26|11:11:23] Connecting to a remote LXD over HTTPs
DBUG[07-26|11:11:23] Sending request to LXD                   etag= method=GET url=https://<ip_address_host_3>:8443/1.0
DBUG[07-26|11:11:23] Connecting to a remote LXD over HTTPs
DBUG[07-26|11:11:23] Sending request to LXD                   etag= method=GET url=https://<ip_address_host_3>:8443/1.0
DBUG[07-26|11:11:23] Got response struct from LXD
DBUG[07-26|11:11:23]
	{
		"config": null,
		"api_extensions": [
			"storage_zfs_remove_snapshots",
			"container_host_shutdown_timeout",
			"container_stop_priority",
			"container_syscall_filtering",
			"auth_pki",
			"container_last_used_at",
			"etag",
			"patch",
			"usb_devices",
			"https_allowed_credentials",
			"image_compression_algorithm",
			"directory_manipulation",
			"container_cpu_time",
			"storage_zfs_use_refquota",
			"storage_lvm_mount_options",
			"network",
			"profile_usedby",
			"container_push",
			"container_exec_recording",
			"certificate_update",
			"container_exec_signal_handling",
			"gpu_devices",
			"container_image_properties",
			"migration_progress",
			"id_map",
			"network_firewall_filtering",
			"network_routes",
			"storage",
			"file_delete",
			"file_append",
			"network_dhcp_expiry",
			"storage_lvm_vg_rename",
			"storage_lvm_thinpool_rename",
			"network_vlan",
			"image_create_aliases",
			"container_stateless_copy",
			"container_only_migration",
			"storage_zfs_clone_copy",
			"unix_device_rename",
			"storage_lvm_use_thinpool",
			"storage_rsync_bwlimit",
			"network_vxlan_interface",
			"storage_btrfs_mount_options",
			"entity_description",
			"image_force_refresh",
			"storage_lvm_lv_resizing",
			"id_map_base",
			"file_symlinks",
			"container_push_target",
			"network_vlan_physical",
			"storage_images_delete",
			"container_edit_metadata",
			"container_snapshot_stateful_migration",
			"storage_driver_ceph",
			"storage_ceph_user_name",
			"resource_limits",
			"storage_volatile_initial_source",
			"storage_ceph_force_osd_reuse",
			"storage_block_filesystem_btrfs",
			"resources",
			"kernel_limits",
			"storage_api_volume_rename",
			"macaroon_authentication",
			"network_sriov",
			"console",
			"restrict_devlxd",
			"migration_pre_copy",
			"infiniband",
			"maas_network",
			"devlxd_events",
			"proxy",
			"network_dhcp_gateway",
			"file_get_symlink",
			"network_leases",
			"unix_device_hotplug",
			"storage_api_local_volume_handling",
			"operation_description",
			"clustering",
			"event_lifecycle",
			"storage_api_remote_volume_handling",
			"nvidia_runtime",
			"candid_authentication",
			"candid_config",
			"candid_config_key",
			"usb_optional_vendorid"
		],
		"api_status": "stable",
		"api_version": "1.0",
		"auth": "untrusted",
		"public": false,
		"auth_methods": [
			"tls"
		],
		"environment": {
			"addresses": null,
			"architectures": null,
			"certificate": "",
			"certificate_fingerprint": "",
			"driver": "",
			"driver_version": "",
			"kernel": "",
			"kernel_architecture": "",
			"kernel_version": "",
			"server": "",
			"server_pid": 0,
			"server_version": "",
			"storage": "",
			"storage_version": ""
		}
	}
DBUG[07-26|11:11:23] Sending request to LXD                   etag= method=GET url=https://<ip_address_host_3>:8443/1.0
DBUG[07-26|11:11:24] Got response struct from LXD
DBUG[07-26|11:11:24]
	{
		"config": null,
		"api_extensions": [
			"storage_zfs_remove_snapshots",
			"container_host_shutdown_timeout",
			"container_stop_priority",
			"container_syscall_filtering",
			"auth_pki",
			"container_last_used_at",
			"etag",
			"patch",
			"usb_devices",
			"https_allowed_credentials",
			"image_compression_algorithm",
			"directory_manipulation",
			"container_cpu_time",
			"storage_zfs_use_refquota",
			"storage_lvm_mount_options",
			"network",
			"profile_usedby",
			"container_push",
			"container_exec_recording",
			"certificate_update",
			"container_exec_signal_handling",
			"gpu_devices",
			"container_image_properties",
			"migration_progress",
			"id_map",
			"network_firewall_filtering",
			"network_routes",
			"storage",
			"file_delete",
			"file_append",
			"network_dhcp_expiry",
			"storage_lvm_vg_rename",
			"storage_lvm_thinpool_rename",
			"network_vlan",
			"image_create_aliases",
			"container_stateless_copy",
			"container_only_migration",
			"storage_zfs_clone_copy",
			"unix_device_rename",
			"storage_lvm_use_thinpool",
			"storage_rsync_bwlimit",
			"network_vxlan_interface",
			"storage_btrfs_mount_options",
			"entity_description",
			"image_force_refresh",
			"storage_lvm_lv_resizing",
			"id_map_base",
			"file_symlinks",
			"container_push_target",
			"network_vlan_physical",
			"storage_images_delete",
			"container_edit_metadata",
			"container_snapshot_stateful_migration",
			"storage_driver_ceph",
			"storage_ceph_user_name",
			"resource_limits",
			"storage_volatile_initial_source",
			"storage_ceph_force_osd_reuse",
			"storage_block_filesystem_btrfs",
			"resources",
			"kernel_limits",
			"storage_api_volume_rename",
			"macaroon_authentication",
			"network_sriov",
			"console",
			"restrict_devlxd",
			"migration_pre_copy",
			"infiniband",
			"maas_network",
			"devlxd_events",
			"proxy",
			"network_dhcp_gateway",
			"file_get_symlink",
			"network_leases",
			"unix_device_hotplug",
			"storage_api_local_volume_handling",
			"operation_description",
			"clustering",
			"event_lifecycle",
			"storage_api_remote_volume_handling",
			"nvidia_runtime",
			"candid_authentication",
			"candid_config",
			"candid_config_key",
			"usb_optional_vendorid"
		],
		"api_status": "stable",
		"api_version": "1.0",
		"auth": "untrusted",
		"public": false,
		"auth_methods": [
			"tls"
		],
		"environment": {
			"addresses": null,
			"architectures": null,
			"certificate": "",
			"certificate_fingerprint": "",
			"driver": "",
			"driver_version": "",
			"kernel": "",
			"kernel_architecture": "",
			"kernel_version": "",
			"server": "",
			"server_pid": 0,
			"server_version": "",
			"storage": "",
			"storage_version": ""
		}
	}
DBUG[07-26|11:11:24] Sending request to LXD                   etag= method=POST url=https://<ip_address_host_3>:8443/1.0/certificates
DBUG[07-26|11:11:24]
	{
		"name": "",
		"type": "client",
		"certificate": "",
		"password": "<password>"
	}
DBUG[07-26|11:11:24] Trying to remove /home/useracc/.config/lxc/servercerts/my-lxd-host-3.crt
error: not authorized

Wrong password?

I have verified the password and it’s correct.

Any other way to verify the password? @stgraber

What’s in the server’s log?

If it’s a bad password issue, you should see Rejecting request from untrusted client.