Login to usermin doesn't work with LDAP

15 posts / 0 new
Last post
#1 Thu, 02/05/2009 - 03:42
mnt_schred

Login to usermin doesn't work with LDAP

I have a webserver running Webmin and virtualmin, based on LDAP. But it seems users can't login through Usermin.

Does usermin require additional steps when using LDAP?

Thu, 02/05/2009 - 05:05
andreychek

Hmm, it looks like Usermin uses PAM in order to authenticate.

So a few questions --

* Are you under the impression that PAM on your system is configured to use LDAP?

* Are you able to log in to check email using something such as Outlook?

* Do you have a way to verify that the users are correctly added into your LDAP directory, and that they don't exist in /etc/passwd?

Thu, 02/05/2009 - 05:10 (Reply to #2)
mnt_schred

Yes, because you need PAM for other aspects of Virtualmin
And yes, checking e-mail works with remote clients.

Thu, 02/05/2009 - 05:16 (Reply to #3)
andreychek

Okay, if you log into Virtualmin, and click Webmin -> Webmin -> Usermin -> Authentication, is "Use PAM for authentication, if available" selected?

Also, are you seeing any errors in /var/usermin/miniserv.error?
-Eric

Thu, 02/05/2009 - 05:26 (Reply to #4)
mnt_schred

I have enabled 'use pam for auth, if available' and 'support full pam conversations'.

However, I think the error log is telling us something:

lithium:/home/thijs # tail -f /var/usermin/miniserv.error
[05/Feb/2009:13:18:59 +0100] [85.144.133.30] Bad Request : This web server is running in SSL mode. Try the URL <a href='https://lithium.ebrius.nl:20000/'>https://lithium.ebrius.nl:20000/&lt... instead.<br>
[05/Feb/2009:14:24:31 +0100] miniserv.pl started
[05/Feb/2009:14:24:31 +0100] Perl module Authen::PAM needed for PAM is not installed : Can't locate Authen/PAM.pm in @INC (@INC contains: /usr/lib/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 /usr/lib/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl .) at (eval 9) line 1.
BEGIN failed--compilation aborted at (eval 9) line 1.

[05/Feb/2009:14:24:31 +0100] Continuing without the Authen::PAM perl module
[05/Feb/2009:14:24:31 +0100] Perl module User::Utmp needed for Utmp logging is not installed : Can't locate User/Utmp.pm in @INC (@INC contains: /usr/lib/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 /usr/lib/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl .) at (eval 10) line 1.
BEGIN failed--compilation aborted at (eval 10) line 1.

[05/Feb/2009:14:24:55 +0100] [85.144.133.30] Bad Request : This web server is running in SSL mode. Try the URL <a href='https://lithium.ebrius.nl:20000/'>https://lithium.ebrius.nl:20000/&lt... instead.<br>

So obviously pam isn't working for some reason.

Thu, 02/05/2009 - 05:31 (Reply to #5)
andreychek

Ahh, indeed, looks like you need the Authen::PAM Perl module. Normally that doesn't matter, as it can fall back to just using /etc/shadow -- but that doesn't work in your case ;-)

If your distro has an Authen::PAM package, I'd install that (for example, on Ubuntu/Debian, this is libauthen-pam-perl).

If not, I'd just install it from either the command line, or by going into Virtualmin, and clicking Webmin -> Others -> Perl Modules, and installing it from there.
-Eric

Thu, 02/05/2009 - 05:52 (Reply to #6)
mnt_schred

I'll try that and will keep you posted. Thanks so far.

Fri, 02/06/2009 - 03:46 (Reply to #7)
mnt_schred

Installing it from webmin results in this:

Compiling module

Executing /usr/bin/perl Makefile.PL && make ..

Checking if your kit is complete...
Looks good
checking for gcc... cc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ANSI C... none needed
checking how to run the C preprocessor... cc -E
checking for pam header files in... no
configure: error: cannot find the pam_appl.h file
Error in configuring the Authen::PAM module.

I solved that by first installing pam-devel (through YaST), but installing through wembin stops due to an error:

Testing module

Executing make test ..

PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl
1..10
ok 1
Can't obtain the tty name!
make: *** [test_dynamic] Error 25

Installation of Authen::PAM failed. Check the output above and try installing manually.
You can also install the module from CPAN with the command perl -MCPAN -e shell

however, shell install worked (kinda) and it isn't shown anymore in the available perl modules for webmin.

However, login into usermin still doesn't work.
I'll try to install the rest of the suggested modules in webmin first, i'll keep you posted.

Fri, 02/06/2009 - 15:09 (Reply to #8)
Joe
Joe's picture

Most operating systems have a package from Authen::PAM. As Eric suggested, you should try that first. Building Perl modules can be somewhat challenging...dependencies and all can be time consuming.

--

Check out the forum guidelines!

Sun, 06/07/2009 - 07:48
mnt_schred

All right; I've build and installed Authen::Pam:

lithium:/install/Authen-PAM-0.16 # perl Makefile.PL -t
Checking if your kit is complete...
Looks good
checking for gcc... cc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ANSI C... none needed
checking how to run the C preprocessor... cc -E
checking for pam header files in... security
checking for pam_getenv... yes
checking if pam_strerror takes a pam_handle_t argument... yes
checking for PAM_AUTHTOKEN_REQD... no
checking for PAM_NEW_AUTHTOK_REQD... yes
checking for PAM_AUTHTOK_EXPIRED... yes
checking for PAM_AUTHTOK_RECOVER... no
checking for PAM_AUTHTOK_RECOVERY... no
checking for PAM_BAD_ITEM... yes
checking for PAM_CONV_AGAIN... yes
checking for PAM_CRED_DELETE... no
checking for PAM_CRED_ESTABLISH... no
checking for PAM_CRED_REFRESH... no
checking for PAM_CRED_REINITIALIZE... no
checking for PAM_DELETE_CRED... yes
checking for PAM_ESTABLISH_CRED... yes
checking for PAM_REFRESH_CRED... yes
checking for PAM_REINITIALIZE_CRED... yes
checking for PAM_INCOMPLETE... yes
checking for PAM_MODULE_UNKNOWN... yes
checking for PAM_RADIO_TYPE... yes
checking for PAM_BINARY_PROMPT... yes
checking whether RTLD_GLOBAL is declared... yes
configure: creating ./config.status
config.status: creating pam.cfg
config.status: creating PAM.pm
config.status: creating PAM_config.h
Writing Makefile for Authen::PAM
lithium:/install/Authen-PAM-0.16 # make install
cp PAM/FAQ.pod blib/lib/Authen/PAM/FAQ.pod
cp PAM.pm blib/lib/Authen/PAM.pm
/usr/bin/perl /usr/lib/perl5/5.8.8/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.8/ExtUtils/typemap -typemap typemap PAM.xs > PAM.xsc && mv PAM.xsc PAM.c
cc -c -I. -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -pipe -Wdeclaration-after-statement -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -fmessage-length=0 -Wall -D_FORTIFY_SOURCE=2 -g -Wall -pipe -DVERSION=\"0.16\" -DXS_VERSION=\"0.16\" -fPIC "-I/usr/lib/perl5/5.8.8/x86_64-linux-thread-multi/CORE" -DHAVE_CONFIG_H PAM.c
PAM.c: In function âXS_Authen__PAM_pam_endâ:
PAM.xs:501: warning: unused variable âresâ
PAM.c: In function âXS_Authen__PAM_pam_set_itemâ:
PAM.xs:519: warning: unused variable âresâ
PAM.c: In function âXS_Authen__PAM_pam_get_itemâ:
PAM.xs:553: warning: unused variable âresâ
PAM.c: At top level:
PAM.xs:93: warning: ânot_hereâ defined but not used
Running Mkbootstrap for Authen::PAM ()
chmod 644 PAM.bs
rm -f blib/arch/auto/Authen/PAM/PAM.so
LD_RUN_PATH="/lib64" cc -shared -L/usr/local/lib64 PAM.o -o blib/arch/auto/Authen/PAM/PAM.so \
-lpam \

chmod 755 blib/arch/auto/Authen/PAM/PAM.so
cp PAM.bs blib/arch/auto/Authen/PAM/PAM.bs
chmod 644 blib/arch/auto/Authen/PAM/PAM.bs
Manifying blib/man3/Authen::PAM::FAQ.3pm
Manifying blib/man3/Authen::PAM.3pm
Installing /usr/lib/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/auto/Authen/PAM/PAM.so
Files found in blib/arch: installing files in blib/lib into architecture dependent library tree
Writing /usr/lib/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/auto/Authen/PAM/.packlist
Appending installation info to /usr/lib/perl5/5.8.8/x86_64-linux-thread-multi/perllocal.pod

But I still get this error:

[24/Mar/2009:19:25:23 +0100] miniserv.pl started
[24/Mar/2009:19:25:23 +0100] PAM test failed - maybe /etc/pam.d/usermin does not exist
[24/Mar/2009:19:25:23 +0100] Continuing without the Authen::PAM perl module
[24/Mar/2009:19:25:23 +0100] Perl module User::Utmp needed for Utmp logging is not installed : Can't locate User/Utmp.pm in @INC (@INC contains: /usr/lib/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 /usr/lib/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl .) at (eval 11) line 1.
BEGIN failed--compilation aborted at (eval 11) line 1.

Tue, 03/24/2009 - 09:45
mnt_schred

By the way, there is no 'usermin' entry in the PAM Authentication module (under system) while there is a webmin entry...

Wed, 03/25/2009 - 04:25 (Reply to #11)
andreychek

Looks like you may also need to install the Perl module "User::Utmp".

You can do that within Virtualmin, or on the command line using:

perl -MCPAN -e 'install User::Utmp'

Wed, 03/25/2009 - 10:01
mnt_schred

Okay, I've installed user:umtp but still no login. The problem lies with Authen::pam and all goes well in the install execpt for this problem when testing the module:

Testing module

Executing make test ..

PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl
1..10
ok 1
Can't obtain the tty name!
make: *** [test_dynamic] Error 25

Sun, 11/30/2014 - 20:46 (Reply to #13)
reyo

Kinda wrong to undead a buried topic, but I cant find a solutions for this exact problem.

Centos 7 x64. Everything else that is needed is installed. System is up-to-date and freshly installed.

Thanks for any help!

Tue, 06/02/2015 - 04:55 (Reply to #14)
Purple Edge

Just installed Virtualmin on a fresh Centos 7 system and have lost ability to login to usermin.

https://mysite:20000 - doesn't work

https://webmail.mysite - gives me a directory listing

Should I go back to Centos 6.4?

Note to self: Remember to START usermin next time

Topic locked