Login to Cloudmin/Webmin failed if it is managed by master host

I had a two simple KVM host with Webmin/Cloudmin installed on them. Authentication was by PAM module (to allow auth by LDAP/AD user). I changed one KVM host (HOST1) to a master and added second KVM host (HOST2) as a physical system to HOST1.

Exactly after this change/add I can't login to Webmin/Cloudmin in HOST2 by any user (local in shadow or in AD). I tried to disable PAM auth in miniserv.conf, I tried to do it by opening Webmin thought HOST1 (it's bypass auth), but nothing helps. Still I can not login to Webmin/Cloudmin in HOST2 directly. So when HOST1 will be down I wouldn't login to the HOST2 system.

Status: 
Active

Comments

What error message do you get when you try to login exactly?

I didn't get any specific error which can explain it at all. I found these messages: 1. Web UI - login page: Login failed. Please try again. 2. auth.log: webmin[19632]: Invalid login as username from IP address 3. miniserv.error: nothing relative 4. miniserv.log: nothing relative 5. webmin.log: nothing relative

Pam module configuration for webmin: @include common-auth @include common-account @include common-password @include common-session

Pam module for common-auth (first one is for domain AD): auth [success=2 default=ignore] pam_lsass.so auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass auth requisite pam_deny.so auth required pam_permit.so auth optional pam_cap.so

I tried these configs with same results (changed by Open Webmin function in Cloudmin Master): 1. Use PAM + Support full PAM 2. Use PAM + Do not support full PAM 3. Use shadow

I tried 2 users everytime, one local posix account (in shadow) and one from AD. I'm 100% sure, that credentials are working, I tested them in SSH session. Both users are members root/sudo group.

I'm 100% sure that it's a problem cause by adding host to the master as physical system. I had the server with auth problems after I added to the master, but I wasn't sure, what caused it. After many tests without any result I added second server to the master and right after add as physiscal system process was completed I tested the second server - same auth problem appeared.