Menu
▾
▴
Re: [webmin-l] PAM Authentication
|
From: Derrick K. <kr...@uc...> - 2011-10-04 12:45:50
|
also, my nssswitch is configured for local and Likewise: passwd: files lsass shadow: files group: files lsass >>> "Jamie Cameron" <jca...@we...> 10/3/2011 6:22 PM >>> That "Non-existent login" message means that Webmin couldn't find the Unix user that you are trying to login as.. I assume you have NSS-LDAP setup to make active directory users visible to Linux? I wonder if perhaps your Linux system isn't getting groups from active directory as well. One option to enable more debugging is to edit /etc/webmin/miniserv.conf and add the line debuglog=/var/webmin/miniserv.debug , then restart Webmin. Then you can check what gets logged to miniserv.debug after a failed login.. On 03/Oct/2011 14:17 Derrick Krieger <kr...@uc...> wrote .. No OTP devices. In /var/log/secure it records the ID that I attempted with and the right host IP. <hostname> webmin[12553]: Non-existent login as <userid> from <valid ip> If, at a shell prompt, I run the ID command with the user id I am testing with, it returns the id and the group memberships. It will then work in webmin. But, it is only temporary. On the same system I tested, SSH and also Apache with mod_auth_pam and a custom .htaccess file to limit to the same group I have configured in webmin. Without, "pre-caching" the ID, SSH and Apache work but, Webmin does not. Once I run a command such as ID <userid>, then Webmin also works. >>> "Jamie Cameron" <jca...@we...> 10/3/2011 3:36 PM >>> On 03/Oct/2011 09:20 Derrick Krieger <kr...@uc...> wrote .. Hello all, I am currently working on integrating Likewise Enterprise into our environment to authenticate all non-Windows systems to Active Directory. I am having trouble getting webmin authentication to work though. My issue is that webmin records "non-existent" user and fails logon. If I first logon with the same account through SSH, and then try webmin, then webmin login works fine. Both pam modules for ssh and webmin are configured the same and point to system-auth. The problem only seems to be an issue when I try to use "Members of a group.." and the group is an Active Directory domain group. A domain user works fine, a local system user or group also works fine. I can't seem to figure out how to turn on enough debugging to diagnose. Any thoughts? Thanks. Do you perhaps have any non-standard PAM authentication steps setup, such as requirements that the user use an OTP device? Also, what gets logged to /var/log/authlog or /var/log/secure when the Webmin login fails? - Jamie |
