webadmin-list — Webmin users mailing list

Re: [webmin-l] Default firewall (IPTABLES) set-up for hosting

[Andrey R. <anr...@ya...>]

Greetings, Joaquim Homrighausen!

> Not sure if I've asked this before (I just looked through my messages on
> the list going back to 2006), but is there a reason why the FORWARD chain is set to "ALLOW/ACCEPT"?

Why not?

> I'm pretty sure that 99.9% of "hosting providers" are would not want to
> allow IPTABLES forwarding.

iptables does not forward anything, it only filter and modify packets.

> I realize more than this is required, but still ...

Without setting the kernel to forward packets, this is irrelevant.

> I always find myself setting the default action to "DROP" for this chain in Webmin.

So do i, but this is irrelevant in most cases.


-- 
With best regards,
Andrey Repin
Friday, June 29, 2018 11:56:26

Sorry for my terrible english...

Re: [webmin-l] The never ending story with PHP-FPM :)

[Joaquim H. <jo...@we...>]

After enabling mod_cgi, I could proceed with saving enabled features.

Creating a new website generates this:

"Performing other Apache configuration ..
.. configuration failed : PHP configuration mode fpm was selected, but 
is not supported on this system!"

Doing a virtualmin config check reveals the same, and it complains about 
mod_fcgid. Enabling it doesn't help either.

Not sure why this is needed as proxy/proxy_fcgi seems to do the job if I 
configure Apache+PHP-FPM by hand.

Sorry for the rant, but I really am/was expecting this to have been 
resolved by now :) mod_php, php cgi, and all these other methods of 
running PHP seems to be a bit "out of date" if you ask me.

And turning to nginx instead of Apache isn't an option either since that 
doesn't really work well with Webmin/Virtualmin.




-joho

Re: [webmin-l] Webmin does not detect Percona (MySQL) on Ubuntu 18.04.LTS

[Joaquim H. <jo...@we...>]

Not sure why it didn't find it, but I looked at the module 
configuration, and it had some weird path for the MySQL configuration 
file.

When I manually changed it to /etc/my.cnf and then did a "Refresh 
modules", the MySQL module properly appeared where it should.

(I did not do anything prior to this, it was an out-of-the-box 
installation, albeit Percona instead of MySQL)



-joho

[webmin-l] The never ending story with PHP-FPM :)

[Joaquim H. <jo...@we...>]

So on this Ubuntu 18.04 system, running Apache and PHP-FPM (7.2), I'm 
getting this:

"Failed to save enabled features : The Apache module mod_cgi is either 
not installed or not enabled."

when I try to set-up the enabled features.

But mod_cgi isn't needed for PHP-FPM nor do I want to use it.

I've told Webmin that the PHP to be used is PHP-FPM (which is detected) 
... where does it get the mod_cgi from?



-joho

[webmin-l] Default firewall (IPTABLES) set-up for hosting

[Joaquim H. <jo...@we...>]

Not sure if I've asked this before (I just looked through my messages on 
the list going back to 2006), but is there a reason why the FORWARD 
chain is set to "ALLOW/ACCEPT"?

I'm pretty sure that 99.9% of "hosting providers" are would not want to 
allow IPTABLES forwarding. I realize more than this is required, but 
still ...

I always find myself setting the default action to "DROP" for this chain 
in Webmin.


-joho

[webmin-l] Webmin does not detect Percona (MySQL) on Ubuntu 18.04.LTS

[Joaquim H. <jo...@we...>]

I just started setting up an Ubuntu 18.04.LTS server with Percona 
(MySQL) and Webmin.

I cannot seem to get Webmin to detect that "MySQL" is installed. I've 
refreshed the modules a few times, but to no avail.

If I go down to "Unused modules" and click on "MySQL", I'm as usual 
asked to enter the "root" credentials for MySQL. When I do so, it 
properly connects and show all information as expected. But it will not 
appear under the "Servers" category.



-joho

[webmin-l] MySQL Database Server

[Mohamedali l. <mou...@gm...>]

i cant access to mysql database server using my webmin.

error cod :
The full MySQL error message was : DBI connect failed : Access denied for
user 'wu18007'@'fd26:911f:ad73:0:8a77:71a2:564e:d931' (using password: YES).

[webmin-l] managing/monitoring bind in lxc container

[ѽ҉ᶬḳ℠ <vt...@gm...>]

Host                                    Linux 4.15.0-22-generic
#24-Ubuntu SMP Wed May 16 12:15:17 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Webmin (on host)            1.881
LXC                                      3.0
Container                           Archlinux Current amd64
Bind (on container)          9.13.0
________________________________________

Having adjusted/set all the relevant paths in Webmin's Bind module gui
on saving the settings this error is observed:

"/srv/lxc/dns/rootfs/usr/sbin/named: error while loading shared
libraries: libns.so.1300: cannot open shared object file: No such file
or directory"

How can this be sorted?

[webmin-l] [feature suggestion] unbound module

[ѽ҉ᶬḳ℠ <vt...@gm...>]

Hi,

unless I have missed it somehow when looking for an unbound (resolver)
module to monitor/manage an unbound daemon I would appreciate such to be
available in the future.

Re: [webmin-l] [bug report] webmin gui - binding webmin to non-public lo ip fails

[ѽ҉ᶬḳ℠ <vt...@gm...>]

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#f5f5f5" bgcolor="#272a36">
    <br>
    <blockquote type="cite" cite="mid:152...@we...">
      <pre class="moz-quote-pre" wrap="">
What output do you get if you run "ip addr" or "ifconfig -a"</pre>
    </blockquote>
    <br>
    "ip addr" being the long version of shorthand "ip a" and thus the
    output for lo is the same as previously stated.<br>
    <br>
    "ifconfig lo" output though is not showing the additional ips but
    only:<br>
    <br>
    lo: flags=73&lt;UP,LOOPBACK,RUNNING&gt;  mtu 65536<br>
            inet 127.0.0.1  netmask 255.0.0.0<br>
            loop  txqueuelen 1000  (Local Loopback)<br>
    <br>
  </body>
</html>

Re: [webmin-l] [bug report] webmin gui - binding webmin to non-public lo ip fails

[Jamie C. <jca...@we...>]

On 10/Jun/2018 10:51 ѽ҉ᶬḳ℠ <vt...@gm...> wrote ..
> 
> > I'm surprising that having non-local IPs on the "lo" interface works .. but
> > even so, Webmin should allow this.
> >
> > If you go to Hardware -> Network Configuration -> Network Interfaces, does
> > that IP show up?
> 
> The additional lo ips do not show on Active Now, only the last
> additional ip (172.23.124.98) is showing at Activated at Boot.
> 
> The system is running iproute2 and ifupdown2, ifupdown is removed. lo
> config:
> 
> iface lo inet loopback
>     address 172.23.120.98/32
>     address 172.23.121.98/32
>     address 172.23.122.98/32
>     address 172.23.123.98/32
>     address 172.23.124.98/32
> 
> Output from -> ip a ls lo:
> 
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
>        valid_lft forever preferred_lft forever
>     inet 172.23.120.98/32 scope global lo
>        valid_lft forever preferred_lft forever
>     inet 172.23.121.98/32 scope global lo
>        valid_lft forever preferred_lft forever
>     inet 172.23.122.98/32 scope global lo
>        valid_lft forever preferred_lft forever
>     inet 172.23.123.98/32 scope global lo
>        valid_lft forever preferred_lft forever
>     inet 172.23.124.98/32 scope global lo
>        valid_lft forever preferred_lft forever

What output do you get if you run "ip addr" or "ifconfig -a"

Re: [webmin-l] [bug report] webmin gui - binding webmin to non-public lo ip fails

[ѽ҉ᶬḳ℠ <vt...@gm...>]

> I'm surprising that having non-local IPs on the "lo" interface works .. but
> even so, Webmin should allow this.
>
> If you go to Hardware -> Network Configuration -> Network Interfaces, does
> that IP show up?

The additional lo ips do not show on Active Now, only the last
additional ip (172.23.124.98) is showing at Activated at Boot.

The system is running iproute2 and ifupdown2, ifupdown is removed. lo
config:

iface lo inet loopback
    address 172.23.120.98/32
    address 172.23.121.98/32
    address 172.23.122.98/32
    address 172.23.123.98/32
    address 172.23.124.98/32

Output from -> ip a ls lo:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 172.23.120.98/32 scope global lo
       valid_lft forever preferred_lft forever
    inet 172.23.121.98/32 scope global lo
       valid_lft forever preferred_lft forever
    inet 172.23.122.98/32 scope global lo
       valid_lft forever preferred_lft forever
    inet 172.23.123.98/32 scope global lo
       valid_lft forever preferred_lft forever
    inet 172.23.124.98/32 scope global lo
       valid_lft forever preferred_lft forever

Re: [webmin-l] [bug report] webmin gui - binding webmin to non-public lo ip fails

[Jamie C. <jca...@we...>]

On 09/Jun/2018 12:09 ѽ҉ᶬḳ℠ <vt...@gm...> wrote ..
> 
> >> Having the lo iface assigned a non-public ip (172.23.120.98)  and trying
> >> to bind Webmin (/webmin/edit_bind.cgi?xnavigation=1) to that ip produces
> >> -> Failed to change address : The IP address 172.23.120.98 is not active
> >> on this system, and so cannot be used
> >>
> >> setting 'bind=172.23.122.98' in "/etc/webmin/miniserv.conf" and a
> >> restart of Webmin gets it working though.
> > So you're setting the IP of the "lo" (loopback) interface to something
> > other than 127.0.0.1 ? I don't think that's going to work ..
> 
> There is no issue for the lo iface to be assigned various other ip
> addresses on top of 127.0.0.1 and neither for services/sockets to bind
> to any of those additional ips and be available to other system
> components.  At the moment I am running ssh, netdata, exim, dnsmasq and
> webmin each on a separate lo iface ip.
> Like mentioned earlier Webmin is currently bind and running on the lo
> iface with ip 172.23.122.98, which though was not possible to set via
> the Webmin gui but via 'bind=172.23.122.98' in "/etc/webmin/miniserv.conf".

I'm surprising that having non-local IPs on the "lo" interface works .. but
even so, Webmin should allow this.

If you go to Hardware -> Network Configuration -> Network Interfaces, does
that IP show up?

Re: [webmin-l] [bug report] webmin gui - binding webmin to non-public lo ip fails

[ѽ҉ᶬḳ℠ <vt...@gm...>]

>> Having the lo iface assigned a non-public ip (172.23.120.98)  and trying
>> to bind Webmin (/webmin/edit_bind.cgi?xnavigation=1) to that ip produces
>> -> Failed to change address : The IP address 172.23.120.98 is not active
>> on this system, and so cannot be used
>>
>> setting 'bind=172.23.122.98' in "/etc/webmin/miniserv.conf" and a
>> restart of Webmin gets it working though.
> So you're setting the IP of the "lo" (loopback) interface to something
> other than 127.0.0.1 ? I don't think that's going to work ..

There is no issue for the lo iface to be assigned various other ip
addresses on top of 127.0.0.1 and neither for services/sockets to bind
to any of those additional ips and be available to other system
components.  At the moment I am running ssh, netdata, exim, dnsmasq and
webmin each on a separate lo iface ip.
Like mentioned earlier Webmin is currently bind and running on the lo
iface with ip 172.23.122.98, which though was not possible to set via
the Webmin gui but via 'bind=172.23.122.98' in "/etc/webmin/miniserv.conf".

Re: [webmin-l] [bug report] webmin gui - binding webmin to non-public lo ip fails

[Jamie C. <jca...@we...>]

On 08/Jun/2018 13:36 ѽ҉ᶬḳ℠ <vt...@gm...> wrote ..
> Ubuntu Linux 18.04
> Webmin  1.881
> Authentic Theme 19.19
> 
> Having the lo iface assigned a non-public ip (172.23.120.98)  and trying
> to bind Webmin (/webmin/edit_bind.cgi?xnavigation=1) to that ip produces
> -> Failed to change address : The IP address 172.23.120.98 is not active
> on this system, and so cannot be used
> 
> setting 'bind=172.23.122.98' in "/etc/webmin/miniserv.conf" and a
> restart of Webmin gets it working though.

So you're setting the IP of the "lo" (loopback) interface to something
other than 127.0.0.1 ? I don't think that's going to work ..

Re: [webmin-l] webmin gui certificate upload - Failed to save new key : Missing or invalid PEM format key

[ѽ҉ᶬḳ℠ <vt...@gm...>]

> that's quite a long standing problem, jamie, have a look at a similar
> ticket from me..
>

Well, I got it sorted my end - when trying to debug with a bunch of test
certificates it turned out that I should debugged meselfs first. Seems
that I missed to activate the radio control "Entered below..." :(
And of course since then it is working, both pasting and uploading from
file.

My apologies for having bothered/wasted valuable time/effort.

Re: [webmin-l] webmin gui certificate upload - Failed to save new key : Missing or invalid PEM format key

[Pat E. <pe...@gm...>]

that's quite a long standing problem, jamie, have a look at a similar
ticket from me..

On Sat, Jun 9, 2018 at 8:40 AM ѽ҉ᶬḳ℠ <vt...@gm...> wrote:

>
> > Can you post the first and last lines of this cert file?
>
> x.cert.pem
>
> -----BEGIN CERTIFICATE-----
> MIIGljCCBH6gAwIBAgICEAMwDQYJKoZIhvcNAQENBQAwTzELMAkGA1UEBhMCMDAx
> DjAMBgNVBAgMBU5ldmVyMQ8wDQYDVQQKDAZTZXJ2ZXIxCzAJBgNVBAsMAklNMRIw
> EAYDVQQDDAlTZXJ2ZXIgSU0wHhcNMTgwNjA4MTk0NjQwWhcNMjMwNjA4MTk0NjQw
>
>
> jCZYflDHnnBX+uorw0i8+hvdSGrMWuKcZoOcbPjY0R5orxOG+XNw9RLfXu+UVyIa
> e95KPt7xe9zf2VBg7wxHPirEvPhdRMQsR1P9tYeoqovY/sIGtOSLOfa3k1Y3Dqoi
> M0173fSKze7pOw==
> -----END CERTIFICATE-----
>
> __________________________________
>
> ca-chain.cert.pem
>
> -----BEGIN CERTIFICATE-----
> MIIFjzCCA3egAwIBAgICEAAwDQYJKoZIhvcNAQENBQAwXjELMAkGA1UEBhMCMDAx
> DjAMBgNVBAgMBU5ldmVyMQ0wCwYDVQQHDARNaW5kMQ8wDQYDVQQKDAZTZXJ2ZXIx
>
>
> K28pbbccBQk1AKi4LhM23hLlWRcL1S9WKpKvD9ZtHsq7uBASlSyu8DizIGTmZRDg
> xFc8l2lC6AizbeYGNrgOJhJBfh6ZhGjU17nNVxF8IlB0bKWCEw91dxh5AIP/yUiU
> Z3e+qw1wPX7H1ugrOixmq/eL1R6nAPjH9OiD5OSdzwuBjX4=
> -----END CERTIFICATE-----
> -----BEGIN CERTIFICATE-----
> MIIFojCCA4qgAwIBAgIJAOnxNKmo1awsMA0GCSqGSIb3DQEBDQUAMF4xCzAJBgNV
> BAYTAjAwMQ4wDAYDVQQIDAVOZXZlcjENMAsGA1UEBwwETWluZDEPMA0GA1UECgwG
>
>
> tlc0uLL+lyDLMxcZYcBTNOX4a5qdqXybbvfIYiP9Z7JnqQbTh4RkqLBFj/wGwj2Y
> ejqU2sQbfXnO0uzXlvzh1az5xGrz/AaO9ZgRW9OT/IRAFBxAkxgMYTa5ErJ2/MGI
> HTTIMaLa
> -----END CERTIFICATE-----
>
> __________________________________
>
> Just in case it matters - OpenSSL 1.1.0g  2 Nov 2017
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> -
> Forwarded by the Webmin mailing list at
> web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list
>
--

Re: [webmin-l] webmin gui certificate upload - Failed to save new key : Missing or invalid PEM format key

[ѽ҉ᶬḳ℠ <vt...@gm...>]

> Can you post the first and last lines of this cert file?

x.cert.pem

-----BEGIN CERTIFICATE-----
MIIGljCCBH6gAwIBAgICEAMwDQYJKoZIhvcNAQENBQAwTzELMAkGA1UEBhMCMDAx
DjAMBgNVBAgMBU5ldmVyMQ8wDQYDVQQKDAZTZXJ2ZXIxCzAJBgNVBAsMAklNMRIw
EAYDVQQDDAlTZXJ2ZXIgSU0wHhcNMTgwNjA4MTk0NjQwWhcNMjMwNjA4MTk0NjQw


jCZYflDHnnBX+uorw0i8+hvdSGrMWuKcZoOcbPjY0R5orxOG+XNw9RLfXu+UVyIa
e95KPt7xe9zf2VBg7wxHPirEvPhdRMQsR1P9tYeoqovY/sIGtOSLOfa3k1Y3Dqoi
M0173fSKze7pOw==
-----END CERTIFICATE-----

__________________________________

ca-chain.cert.pem

-----BEGIN CERTIFICATE-----
MIIFjzCCA3egAwIBAgICEAAwDQYJKoZIhvcNAQENBQAwXjELMAkGA1UEBhMCMDAx
DjAMBgNVBAgMBU5ldmVyMQ0wCwYDVQQHDARNaW5kMQ8wDQYDVQQKDAZTZXJ2ZXIx


K28pbbccBQk1AKi4LhM23hLlWRcL1S9WKpKvD9ZtHsq7uBASlSyu8DizIGTmZRDg
xFc8l2lC6AizbeYGNrgOJhJBfh6ZhGjU17nNVxF8IlB0bKWCEw91dxh5AIP/yUiU
Z3e+qw1wPX7H1ugrOixmq/eL1R6nAPjH9OiD5OSdzwuBjX4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFojCCA4qgAwIBAgIJAOnxNKmo1awsMA0GCSqGSIb3DQEBDQUAMF4xCzAJBgNV
BAYTAjAwMQ4wDAYDVQQIDAVOZXZlcjENMAsGA1UEBwwETWluZDEPMA0GA1UECgwG


tlc0uLL+lyDLMxcZYcBTNOX4a5qdqXybbvfIYiP9Z7JnqQbTh4RkqLBFj/wGwj2Y
ejqU2sQbfXnO0uzXlvzh1az5xGrz/AaO9ZgRW9OT/IRAFBxAkxgMYTa5ErJ2/MGI
HTTIMaLa
-----END CERTIFICATE-----

__________________________________

Just in case it matters - OpenSSL 1.1.0g  2 Nov 2017

Re: [webmin-l] webmin gui certificate upload - Failed to save new key : Missing or invalid PEM format key

[Jamie C. <jca...@we...>]

On 08/Jun/2018 13:24 ѽ҉ᶬḳ℠ <vt...@gm...> wrote ..
> Ubuntu Linux 18.04
> Webmin  1.881
> Authentic Theme 19.19
> 
> Upload of 4096 bit / sha512WithRSAEncryption / X509v3 extensions
> certificates via Webmin gui fails with -> Failed to save new key :
> Missing or invalid PEM format key.
> Pasting the cert/key text produced the same outcome.
> 
> Certificates/keys are tested various ways with no issues and appear to
> be ok/working otherwise.
> 
> Looked into the following but could not find an option to set the
> cert/key path manually and check whether it would perhaps work that way
> and if is a bug in the gui eventually:
> 
> "/etc/webmin/webmin/config"
> "/etc/webmin/config"
> "/etc/webmin/miniserv.conf"
> 
> Where can I point Webmin outside the gui to the certifcates/keys?

Can you post the first and last lines of this cert file?

[webmin-l] [bug report] webmin gui - binding webmin to non-public lo ip fails

[ѽ҉ᶬḳ℠ <vt...@gm...>]

Ubuntu Linux 18.04
Webmin  1.881
Authentic Theme 19.19

Having the lo iface assigned a non-public ip (172.23.120.98)  and trying
to bind Webmin (/webmin/edit_bind.cgi?xnavigation=1) to that ip produces
-> Failed to change address : The IP address 172.23.120.98 is not active
on this system, and so cannot be used

setting 'bind=172.23.122.98' in "/etc/webmin/miniserv.conf" and a
restart of Webmin gets it working though.

[webmin-l] webmin gui certificate upload - Failed to save new key : Missing or invalid PEM format key

[ѽ҉ᶬḳ℠ <vt...@gm...>]

Ubuntu Linux 18.04
Webmin  1.881
Authentic Theme 19.19

Upload of 4096 bit / sha512WithRSAEncryption / X509v3 extensions
certificates via Webmin gui fails with -> Failed to save new key :
Missing or invalid PEM format key.
Pasting the cert/key text produced the same outcome.

Certificates/keys are tested various ways with no issues and appear to
be ok/working otherwise.

Looked into the following but could not find an option to set the
cert/key path manually and check whether it would perhaps work that way
and if is a bug in the gui eventually:

"/etc/webmin/webmin/config"
"/etc/webmin/config"
"/etc/webmin/miniserv.conf"

Where can I point Webmin outside the gui to the certifcates/keys?

Re: [webmin-l] Help with Webmin authentication using FreeIPA

[Andrey R. <anr...@ya...>]

Greetings, Victor Pelagatti!

> I'm trying to authenticate Webmin login using my FreeIPA server.
> The PAM authentication is working on the server but I failed to
> setup Webmin to use PAM for login authentication.

One thing I've found through the years is that if a system failing to list
user's groups, Webmin may fail to properly authorize the user, and even deny
login if not configured specifically for that user.

Check with `getent group`.


-- 
With best regards,
Andrey Repin
Wednesday, May 23, 2018 23:37:16

Sorry for my terrible english...

Re: [webmin-l] Help with Webmin authentication using FreeIPA

[Przemysław O. <prz...@ma...>]

webmin and virtualmin are capable of using pam but ...

1) they will always fallback to /etc/passwd :]

here is a pam file that works for me using ipa

cat /etc/pam.d/webmin
#%PAM-1.0
auth       required    pam_sepermit.so
auth       substack     password-auth
auth       include      postlogin
# Used with polkit to reauthorize users in remote sessions
-auth      optional     pam_reauthorize.so prepare
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed 
in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin
# Used with polkit to reauthorize users in remote sessions
-session   optional     pam_reauthorize.so prepare


##%PAM-1.0
#auth    required    pam_unix.so    nullok
#account    required    pam_unix.so
#session    required    pam_unix.so


W dniu 22.05.2018 o 14:41, Victor Pelagatti pisze:
> Hi,
>
> I'm trying to authenticate Webmin login using my FreeIPA server. The 
> PAM authentication is working on the server but I failed to setup 
> Webmin to use PAM for login authentication.
>
> I configure PAM for webmin on /etc/pam.d/webmin:
>
> #%PAM-1.0
> auth       sufficient   pam_sss.so
> auth       required     pam_unix.so nullok
>
> account    include      password-auth
>
> password   include      password-auth
>
> session    required     pam_loginuid.so
> session    include      password-auth
>
>
>
> Could someone give a clue?
>
> Thanks
>
> Distro: CentOS 7.5.1804
> Webmin: webmin-1.881-1.noarch
> Freeipa server: 4.5.0-21
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list

[webmin-l] Help with Webmin authentication using FreeIPA

[Victor P. <vi...@te...>]

Hi,

I'm trying to authenticate Webmin login using my FreeIPA server. The PAM authentication is working on the server but I
failed to setup Webmin to use PAM for login authentication.

I configure PAM for webmin on /etc/pam.d/webmin:

#%PAM-1.0
auth       sufficient   pam_sss.so
auth       required     pam_unix.so nullok

account    include      password-auth

password   include      password-auth

session    required     pam_loginuid.so
session    include      password-auth



Could someone give a clue?

Thanks

Distro: CentOS 7.5.1804
Webmin: webmin-1.881-1.noarch
Freeipa server: 4.5.0-21

Re: [webmin-l] webmin lets encrypt

[Jamie C. <jca...@we...>]

On the cert request form, try checking the option to perform a connectivity check before requesting the cert.  

On 13/May/2018 20:54 Aristos Vasiliou <ar...@ar...> wrote ..    Yes, I just did that. You can see it here. http://wviiv.com/     From: Jamie Cameron [mailto:jca...@we...] Sent: Monday, May 14, 2018 6:39 AMTo: Webmin users list <web...@li...>Subject: Re: [webmin-l] webmin lets encrypt   

The let's encrypt request process should create a file in that directory automatically.If you create an index.html file in /home/wviiv.com and then open wviiv.com in your browser, can you see the contents of that file? 

On 12/May/2018 11:42 Aristos Vasiliou <ar...@ar...> wrote ..   It wasnt. So i removed the domain and added it again in /home/wviiv.com. But got the same message again.       I’ve read that lets encrypt requires a file in the document root directory but I dont know what to put there.     Sent from my iPhone   On 12 May 2018, at 21:27, Jamie Cameron <jca...@we...> wrote:    

Are you sure the directory /home is correct? That's not what is normally used as the HTML directory for a website..  

On 11/May/2018 20:02 Aristos Vasiliou <ar...@ar...> wrote ..    Thanks, I created an entry, but now I get this message when I try to request a certificate: Requesting a new certificate for wviiv.com, using the website directory /home .. .. request failed : Failed to request certificate :  wviiv.com challenge did not pass: Invalid response from http://wviiv.com/.well-known/acme-challenge/uZvQ0h_76x5ur30veM4wctxW81tg2-Jr1iZqZ_OYkk4Q: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p"  From: Jamie Cameron [mailto:jca...@we...] Sent: Saturday, May 12, 2018 2:44 AMTo: Webmin users list <web...@li...>Subject: Re: [webmin-l] webmin lets encrypt 

You will need to create an Apache virtual host for that domain first, in the Apache module.  

On 10/May/2018 22:41 Aristos Vasiliou <ar...@ar...> wrote ..   When I try that I get a message saying:   Failed to request certificate : No virtual host matching wviiv.com was found  Sent from my iPhone   On 11 May 2018, at 07:52, Jamie Cameron <jca...@we...> wrote:    

If you have Apache running on your server and a real internet-accessible hostname,  you can request a Let's Encrypt cert at Webmin -> Webmin Configuration -> SSL Encryption. 

On 10/May/2018 01:20 Aristos Vasiliou <ar...@ar...> wrote ..    Hello, I am running webmin on Debian 9, and I want to install an SSL certificate so there’s no warning when accessing the Webmin URL. What is the correct method of installing a Let’s Encrypt certificate on Webmin? This method does not appear to be valid since python-letsencrypt-apache does not exist anymore. https://www.ericluwj.com/2017/02/23/install-free-lets-encrypt-ssl-certificate-in-webmin.html This method requires that the domain is configured as a virtual server/domain, but I don’t have virtualmin installed https://doxfer.webmin.com/Webmin/Let%27s_Encrypt Thanks       ------------------------------------------------------------------------------Check out the vibrant tech community on one of the world's mostengaging tech sites, Slashdot.org! http://sdm.link/slashdot     -Forwarded by the Webmin mailing list at web...@li...To remove yourself from this li
 st, go tohttp://lists.sourceforge.net/lists/listinfo/webadmin-list             ------------------------------------------------------------------------------Check out the vibrant tech community on one of the world's mostengaging tech sites, Slashdot.org! http://sdm.link/slashdot     -Forwarded by the Webmin mailing list at web...@li...To remove yourself from this list, go tohttp://lists.sourceforge.net/lists/listinfo/webadmin-list