RE: [webmin-l] Configure Webmin with PAM Authentication

[<Dir...@fu...>]

Hi,

i use a SuSE SLES 9 and they offer a pam_unix2.conf, which itself
uses ldap as you can see here. Moreover we also tried pam_ldap.so=20
directly and logging on via shell or samba /w ldap works fine.
But logging in via webmin only requires a valid user.
Here's my config for webmin. What is wrong?

hgest3201:~ # cat /etc/security/pam_unix2.conf
# pam_unix2 config file
#
# This file contains options for the pam_unix2.so module.
# It contains a list of options for every type of management group,
# which will be used for authentication, account management and
# password management. Not all options will be used from all types of
# management groups.
#
# At first, pam_unix2 will read this file and then uses the local
# options. Not all options can be set her global.
#
# Allowed options are:
#
# debug                 (account, auth, password, session)
# nullok                (auth)
# md5                   (password)
# bigcrypt              (password)
# blowfish              (password)
# crypt_rounds=3DXX
# none                  (session)
# trace                 (session)
# call_modules=3Dx,y,z    (account, auth, password)
#
#  Example:
#  auth:        nullok
#  account:
#  password:    nullok blowfish crypt_rounds=3D8
#  session:     none
#
auth:           use_ldap
account:        use_ldap
password:       md5
session:        none use_ldap



Mit freundlichem Gru=DF,



Dirk Laurenz
Systems Engineer=09

Fujitsu Siemens Computers
S CE DE SE PS N/O
Sales Central Europe Deutschland=20
Professional Service Nord / Ost

Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:	+49 (511) 84 89 - 18 08
Telefax:	+49 (511) 84 89 - 25 18 08
Mobile:	+49 (170) 22 10 781
Email:	mailto:dir...@fu...
Internet:	http://www.fujitsu-siemens.com
            http://www.fujitsu-siemens.de/services/index.html
*************************************************************************=
******************************************
 =20

-|  -----Original Message-----
-|  From: web...@li...=20
-|  [mailto:web...@li...] On=20
-|  Behalf Of Jamie Cameron
-|  Sent: Tuesday, September 20, 2005 11:34 PM
-|  To: web...@li...
-|  Subject: Re: [webmin-l] Configure Webmin with PAM Authentication
-| =20
-|  Hi Dirk,
-|  One thing you will definately need is to setup=20
-|  /etc/pam.d/webmin to use pam_ldap.so . Typically this also=20
-|  requires that a file like /etc/pam.d/pam_ldap.conf be set=20
-|  up to talk to your LDAP server.. although that file may be=20
-|  in a different location depending on your Linux distribution.
-| =20
-|   - Jamie
-| =20
-|  -----Original Message-----
-| =20
-|  From:  <Dir...@fu...>
-|  Subj:  [webmin-l] Configure Webmin with PAM Authentication
-|  Date:  Tue 20 Sep 2005 6:32 pm
-|  Size:  1K
-|  To:  <web...@li...>
-| =20
-|  Hello list,
-| =20
-|  i want to configure webmin to authenticate users against an=20
-|  ldap server.
-|  Users in a certain (ldap) group should be able  to=20
-|  administer the server.
-|  I don't want to a have a second source of authentication.=20
-|  I got so far, that webmin uses the ldap accounts in that=20
-|  way, that if the
-|  user exists he will be authenticated, but it doesn't matter which=20
-|  password you type in as long as it is not zero length. What=20
-|  i want to have,
-|  that webmin authenticates against the ldap server and has=20
-|  no vitual users.
-|  (like in MS AD, oder sudo where an account as additional privileges)
-| =20
-|  Here's my setup:
-|  hgest3201:/etc/webmin # cat miniserv.conf
-|  port=3D20000
-|  addtype_cgi=3Dinternal/cgi
-|  realm=3DWebmin Server
-|  logfile=3D/var/webmin/miniserv.log
-|  errorlog=3D/var/webmin/miniserv.error
-|  pidfile=3D/var/webmin/miniserv.pid
-|  logtime=3D168
-|  ppath=3D
-|  ssl=3D1
-|  env_WEBMIN_CONFIG=3D/etc/webmin
-|  env_WEBMIN_VAR=3D/var/webmin
-|  atboot=3D1
-|  logout=3D/etc/webmin/logout-flag
-|  listen=3D20000
-|  denyfile=3D\.pl$
-|  log=3D1
-|  blockhost_failures=3D3
-|  blockhost_time=3D300
-|  syslog=3D1
-|  session=3D1
-|  userfile=3D/etc/webmin/miniserv.users
-|  keyfile=3D/etc/webmin/miniserv.pem
-|  passwd_file=3D/etc/shadow
-|  passwd_uindex=3D0
-|  passwd_pindex=3D1
-|  passwd_cindex=3D2
-|  passwd_mindex=3D4
-|  passwd_mode=3D0
-|  preroot=3Dmscstyle3
-|  passdelay=3D1
-|  logouttime=3D
-|  root=3D/usr/libexec/webmin
-|  mimetypes=3D/usr/libexec/webmin/mime.types
-|  bind=3D192.168.53.44
-|  sockets=3D
-|  pam_conv=3D1
-|  no_pam=3D0
-|  unixauth=3Dpam
-| =20
-|  hgest3201:/etc/webmin # cat /etc/pam.d/webmin
-|  #%PAM-1.0
-| =20
-| =20
-|  auth    required        pam_unix2.so
-|  account required        pam_unix2.so
-|  session required        pam_unix2.so
-|  password        required        pam_unix2.so
-| =20
-| =20
-|  =20
-| =20
-|  Mit freundlichem Gru=DF,
-| =20
-| =20
-| =20
-|  Dirk Laurenz
-|  Systems Engineer=09
-| =20
-|  Fujitsu Siemens Computers
-|  S CE DE SE PS N/O
-|  Sales Central Europe Deutschland=20
-|  Professional Service Nord / Ost
-| =20
-|  Hildesheimer Strasse 25
-|  30880 Laatzen
-|  Germany
-| =20
-|  Telephone:	+49 (511) 84 89 - 18 08
-|  Telefax:	+49 (511) 84 89 - 25 18 08
-|  Mobile:	+49 (170) 22 10 781
-|  Email:	mailto:dir...@fu...
-|  Internet:	http://www.fujitsu-siemens.com
-| =20
-|  --- message truncated ---
-| =20
-| =20
-| =20
-| =20
-|  -------------------------------------------------------
-|  SF.Net email is sponsored by:
-|  Tame your development challenges with Apache's Geronimo App=20
-|  Server. Download
-|  it for free - -and be entered to win a 42" plasma tv or=20
-|  your very own
-|  Sony(tm)PSP.  Click here to play:=20
-|  http://sourceforge.net/geronimo.php
-|  -
-|  Forwarded by the Webmin mailing list at=20
-|  web...@li...
-|  To remove yourself from this list, go to
-|  http://lists.sourceforge.net/lists/listinfo/webadmin-list
-| =20