Re: [webmin-l] PAM Authentication

[Derrick K. <kr...@uc...>]

No OTP devices.
 
In /var/log/secure it records the ID that I attempted with and the right host IP.
 
<hostname> webmin[12553]: Non-existent login as <userid> from <valid ip>
 
If, at a shell prompt, I run the ID command with the user id I am testing with, it returns the id and the group memberships.  It will then work in webmin.  But, it is only temporary.
 
On the same system I tested, SSH and also Apache with mod_auth_pam and a custom .htaccess file to limit to the same group I have configured in webmin.  Without, "pre-caching" the ID, SSH and Apache work but, Webmin does not.  Once I run a command such as ID <userid>, then Webmin also works.

>>> "Jamie Cameron" <jca...@we...> 10/3/2011 3:36 PM >>>
On 03/Oct/2011 09:20 Derrick Krieger <kr...@uc...> wrote .. 


Hello all,
I am currently working on integrating Likewise Enterprise into our environment to authenticate all non-Windows systems to Active Directory.  I am having trouble getting webmin authentication to work though.  My issue is that webmin records "non-existent" user and fails logon.  If I first logon with the same account through SSH, and then try webmin, then webmin login works fine.  Both pam modules for ssh and webmin are configured the same and point to system-auth.  
The problem only seems to be an issue when I try to use "Members of a group.." and the group is an Active Directory domain group.  A domain user works fine, a local system user or group also works fine.  I can't seem to figure out how to turn on enough debugging to diagnose.
Any thoughts? Thanks.
Do you perhaps have any non-standard PAM authentication steps setup, such as requirements that the user use an OTP device?

Also, what gets logged to /var/log/authlog or /var/log/secure when the Webmin login fails?

 - Jamie