Submitted by brano.kosik@allit.sk on Wed, 06/05/2019 - 04:15
I had a two simple KVM host with Webmin/Cloudmin installed on them. Authentication was by PAM module (to allow auth by LDAP/AD user). I changed one KVM host (HOST1) to a master and added second KVM host (HOST2) as a physical system to HOST1.
Exactly after this change/add I can't login to Webmin/Cloudmin in HOST2 by any user (local in shadow or in AD). I tried to disable PAM auth in miniserv.conf, I tried to do it by opening Webmin thought HOST1 (it's bypass auth), but nothing helps. Still I can not login to Webmin/Cloudmin in HOST2 directly. So when HOST1 will be down I wouldn't login to the HOST2 system.
Status:
Active
Comments
Submitted by JamieCameron on Wed, 06/05/2019 - 17:37 Comment #1
What error message do you get when you try to login exactly?
Submitted by brano.kosik@allit.sk on Thu, 06/06/2019 - 03:06 Comment #2
I didn't get any specific error which can explain it at all. I found these messages: 1. Web UI - login page: Login failed. Please try again. 2. auth.log: webmin[19632]: Invalid login as username from IP address 3. miniserv.error: nothing relative 4. miniserv.log: nothing relative 5. webmin.log: nothing relative
Pam module configuration for webmin: @include common-auth @include common-account @include common-password @include common-session
Pam module for common-auth (first one is for domain AD): auth [success=2 default=ignore] pam_lsass.so auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass auth requisite pam_deny.so auth required pam_permit.so auth optional pam_cap.so
I tried these configs with same results (changed by Open Webmin function in Cloudmin Master): 1. Use PAM + Support full PAM 2. Use PAM + Do not support full PAM 3. Use shadow
I tried 2 users everytime, one local posix account (in shadow) and one from AD. I'm 100% sure, that credentials are working, I tested them in SSH session. Both users are members root/sudo group.
I'm 100% sure that it's a problem cause by adding host to the master as physical system. I had the server with auth problems after I added to the master, but I wasn't sure, what caused it. After many tests without any result I added second server to the master and right after add as physiscal system process was completed I tested the second server - same auth problem appeared.