Virtualmin + LDAP Server

Submitted by ReArmedHalo on Fri, 07/25/2014 - 11:52

(Link to forum post: https://virtualmin.com/node/33760)

Hi,

So I have managed to setup an OpenLDAP server using the legacy documentation here on the site and Virtualmin seems all set to use it. I can create virtual servers and LDAP users just fine, mail aliases as well. I can even login via FTP and SSH as an LDAP user. However, I cannot login to virtualmin (https://:10000) as the virtual server administrator user. I can only seem to login as root. Does anyone have any ideas on what I should try? Thanks

CentOS 6.5 x64 Virtualmin 4.09 Pro | Webmin 1.690 /var/log/secure:

Jul 21 15:50:58 <hostname) webmin[18423]: Invalid login as <user> from <my_ip>
Status: 
Active

Comments

Submitted by JamieCameron on Fri, 07/25/2014 - 17:06

Check the /etc/pam.d/webmin file ,and make sure it has entries for LDAP that match those in the PAM configs for other services like /etc/pam.d/ssh

Submitted by ReArmedHalo on Fri, 07/25/2014 - 17:24

Thanks,

/etc/pam.d/sshd

#%PAM-1.0
auth       required     pam_sepermit.so
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth

/etc/pam.d/webmin

#%PAM-1.0
auth    required        pam_unix.so     nullok
account required        pam_unix.so
session required        pam_unix.so

I must admit I don't know enough about Unix (or PAM for that matter) to really understand what I should put into the /etc/pam.d/webmin file...

Submitted by JamieCameron on Fri, 07/25/2014 - 18:51

One quick fix may be to just copy /etc/pam.d/sshd over /etc/pam.d/webmin , and then restart Webmin.

Submitted by ReArmedHalo on Fri, 07/25/2014 - 19:10

That didn't seem to have any effect unfortunately.

Submitted by JamieCameron on Fri, 07/25/2014 - 20:55

Is the error in /var/log/messages or /var/log/secure still the same when a user login fails?

Submitted by ReArmedHalo on Fri, 07/25/2014 - 23:59

Nothing in /var/log/messages, same message in /var/log/secure.

I am going to have a friend who appears to have successfully done this integration rebuild my systems with me and hopefully this issue becomes resolved. I most likely didn't setup something correctly. I will post back if he was able to resolve this issue in a fresh setup or not.

Thanks.

Submitted by JamieCameron on Sat, 07/26/2014 - 18:20

Ok, let us know if you get it working or not.

Submitted by ReArmedHalo on Sat, 07/26/2014 - 18:50

Hello,

We did manage to get it working! Not really sure what the difference is between the way I did things and the way he did things for me today but everything is working!

I have an unrelated, in the sense that it is a question and not a support request; using LDAP as my user management backend, say I installed Virtualmin (pro) on another server and that server was also configured to store users in OpenLDAP, these two virtualmin systems would not share anything except the LDAP server. I have read that Cloudmin for physical servers has the ability to provide a "unified login" for multiple Virtualmin instances. The question: if users were stored in the same tree in LDAP would Cloudmin be able to log users in to the appropriate Virtualmin backend? If having users stored in the same tree would prevent this, I'm guessing creating a separate tree would resolve the issue?

(Sorry for the many commas, I'm typing on my iPhone and couldn't quite figure out the best way to write out all the details while taking grammer into account :) )