[prev in list] [next in list] [prev in thread] [next in thread]
List: webmin-l
Subject: Re: [webmin-l] "Login failed. Please try again." "validate_user: sudo failed" on Ubuntu 10.04.4 Webm
From: Joe Nyland <joe () joenyland ! co ! uk>
Date: 2012-03-31 20:20:05
Message-ID: 8D0E5FE4-9E1D-4E76-B54B-AA99427FEB7E () joenyland ! co ! uk
[Download RAW message or body]
On 31 Mar 2012, at 18:37, Jamie Cameron wrote:
> On 31/Mar/2012 03:35 Joe Nyland <joe@joenyland.co.uk> wrote ..
> >
> > On 30 Mar 2012, at 23:46, Jamie Cameron wrote:
> >
> > > On 30/Mar/2012 01:33 Joe Nyland <joe@joenyland.co.uk> wrote ..
> > > > -----Original message-----
> > > > > >
> > > > > > Here's the output from 'sudo -l -S':
> > > > > >
> > > > > > joe@MailServer1:~$ sudo -l -S
> > > > > > [sudo] password for joe:
> > > > > > Matching Defaults entries for joe on this host:
> > > > > > env_reset
> > > > > >
> > > > > > User joe may run the following commands on this host:
> > > > > > joe@MailServer1:~$
> > > > > >
> > > > > > Does that look right to you?
> > > > > >
> > > > > > Thank you for your help.
> > > > >
> > > > > That doesn't look like it includes all the needed permissions.
> > > > >
> > > > > It should be more like :
> > > > >
> > > > > User jcameron may run the following commands on this host:
> > > > > (ALL) ALL
> > > > > (ALL) ALL
> > > > >
> > > > > - Jamie
> > > >
> > > > Ok, this is a bit strange; 'sudo -l -S' now gives:
> > > >
> > > > joe@MailServer1:~$ sudo -l -S
> > > > [sudo] password for joe:
> > > > Matching Defaults entries for joe on this host:
> > > > env_reset
> > > >
> > > > User joe may run the following commands on this host:
> > > > (ALL) ALL
> > > > joe@MailServer1:~$
> > > >
> > > > But I still can't login to Webmin.
> > > >
> > > > Sudo from an SSH connection still continues to work. Also, I've checked the
> > above
> > > > command output on my file server which I can login to Webmin fine on, and \
> > > > that gives the same output as above:
> > > >
> > > > joe@FileServer1:~$ sudo -l -S
> > > > Matching Defaults entries for joe on this host:
> > > > env_reset
> > > >
> > > > User joe may run the following commands on this host:
> > > > (ALL) ALL
> > > > joe@FileServer1:~$
> > > >
> > > > I'm not sure how to proceed with this. I'm tempted to do a reinstall of \
> > > > Webmin on this server, but I'm not convinced this will help.
> > >
> > > The (ALL) ALL is what Webmin is looking for .. so I would expect the login
> > > as a sudo-capable user to work now.
> > >
> > > What gets logged to the debug file now when you try to login?
> > >
> > > - Jamie
> >
> > Here's a login attempt I just made, which has been taken from miniserv.debug:
> >
> > handle_request: passed timeout check
> > handle_request reqline=POST /session_login.cgi HTTP/1.1
> > handle_request: got headline Host: mailserver1:10000
> > handle_request: got headline User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X
> > 10.7; rv:11.0) Gecko/20100101 Firefox/11.0
> > handle_request: got headline Accept: \
> > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> > handle_request: got headline Accept-Language: en-gb,en;q=0.5
> > handle_request: got headline Accept-Encoding: gzip, deflate
> > handle_request: got headline Connection: keep-alive
> > handle_request: got headline Referer: https://mailserver1:10000/session_login.cgi
> > handle_request: got headline Cookie: testing=1
> > handle_request: got headline Content-Type: application/x-www-form-urlencoded
> > handle_request: got headline Content-Length: 29
> > clen_read=29 clen=29 posted_data=29
> > handle_request: posted_data=page=%2F&user=joe&pass=****
> > handle_request: Need authentication
> > validate_user: user=joe pass=**** host=mailserver1
> > can_user_login: Validate with PAM
> > validate_user: canuser=joe canmode=2 notexist=0 webminuser=root sudo=1
> > validate_user: unix val=1
> > check_sudo_permissions: querying cache for joe
> > main: inline readsudo joe
> > check_sudo_permissions: cache said 0
> > validate_user: sudo failed
> > handle_login: requesting delay vu=joe acptip=192.168.1.205 ok=0
> > main: inline delay joe 192.168.1.205 0
> > handle_login: delay=2 blocked=0
> > handle_request: page=/session_login.cgi simple=/session_login.cgi
> > handle_request: initial full=
> > handle_request: full=/usr/share/webmin/session_login.cgi
> > handle_request: executing CGI
> > REMOTE_USER =
> > BASE_REMOTE_USER =
> > main: Done handle_request loop pid=7801
> > main: inline EOF
> >
> > For completeness, I checked my sudo privileges again, after the login attempt:
> >
> > joe@MailServer1:~$ sudo -l -S
> > Matching Defaults entries for joe on this host:
> > env_reset
> >
> > User joe may run the following commands on this host:
> > (ALL) ALL
> >
> > However, still: "Login failed. Please try again."
> >
> > I'm happy to perform a reinstall of Webmin, if you think this will resolve \
> > anything. However, this would also remove any hope of finding what this issue is, \
> > so that it can be worked around in the future, if it crops up again.
>
> Looks like Webmin was caching the response from sudo in that check .. I can tell
> from the message "check_sudo_permissions: cache said 0"
>
> Try running /etc/webmin/restart , and then immediately after attempting a login
> and post what gets logged to the debug file.
>
> I'm pretty sure a re-install won't help here.
>
> - Jamie
Still no luck, I'm afraid:
miniserv.pl starting ..
Reading crons from /etc/webmin/webmincron/crons
adding cron id=133215899832608 module=system-status \
func=scheduled_collect_system_info adding cron id=133215899832422 module=cron \
func=cleanup_temp_files Running cron id=133215899832422 module=cron \
func=cleanup_temp_files
main: Starting handle_request loop pid=16829
handle_request: from 192.168.1.205 to 192.168.1.8 ipv6=0
handle_request: passed IP checks
handle_request: passed timeout check
handle_request reqline=POST /session_login.cgi HTTP/1.1
handle_request: got headline Host: mailserver1:10000
handle_request: got headline User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; \
rv:11.0) Gecko/20100101 Firefox/11.0
handle_request: got headline Accept: \
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
handle_request: got headline Accept-Language: en-gb,en;q=0.5
handle_request: got headline Accept-Encoding: gzip, deflate
handle_request: got headline Connection: keep-alive
handle_request: got headline Referer: https://mailserver1:10000/
handle_request: got headline Cookie: testing=1
handle_request: got headline Content-Type: application/x-www-form-urlencoded
handle_request: got headline Content-Length: 29
clen_read=29 clen=29 posted_data=29
handle_request: posted_data=page=%2F&user=joe&pass=***
handle_request: Need authentication
validate_user: user=joe pass=*** host=mailserver1
can_user_login: Validate with PAM
validate_user: canuser=joe canmode=2 notexist=0 webminuser=root sudo=1
validate_user: unix val=1
check_sudo_permissions: querying cache for joe
main: inline readsudo joe
check_sudo_permissions: cache said 2
check_sudo_permissions: ptyfh=IO::Pty=GLOB(0x281df28)
check_sudo_permissions: ttyfh=IO::Tty=GLOB(0x3326030)
check_sudo_permissions: tty=/dev/pts/1
check_sudo_permissions: about to fork..
check_sudo_permissions: fork=0 pid=16831
check_sudo_permissions: fork=16831 pid=16829
check_sudo_permissions: pid=16831
check_sudo_permissions: about to send pass
check_sudo_permissions: sent pass=***
validate_user: sudo failed
handle_login: requesting delay vu=joe acptip=192.168.1.205 ok=0
main: inline writesudo joe 0
main: inline delay joe 192.168.1.205 0
handle_login: delay=0 blocked=0
handle_request: page=/session_login.cgi simple=/session_login.cgi
handle_request: initial full=
handle_request: full=/usr/share/webmin/session_login.cgi
handle_request: executing CGI
REMOTE_USER =
BASE_REMOTE_USER =
main: Done handle_request loop pid=16829
Running cron id=133215899832608 module=system-status \
func=scheduled_collect_system_info
main: inline EOF
Running cron id=133215899832422 module=cron func=cleanup_temp_files
Thank you for you continued support.
Joe
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
-
Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic