[SOLVED] ARM Help Can't login to WebGui after fresh install

Well this could be the solution.
I definetly did not configure locales but left them untouched;
so there's just the general values of a virgin install set.

I will give it a try and run "dpkg-reconfigure locale" and another "omv-initsystem" afterwards.
Hopefully it will work at this late stage of installation.

I'm gonna try this tonight and give you feedback about the results.

Regards

ranX

Hi,

just installed and configured locales and re-ran omv-initsystem.
Login still doesn't work; neither with admin nor with root.

/var/log/auth.log -->

Zitat

Jan 12 21:35:38 localhost unix_chkpwd[16220]: check pass; user unknown
Jan 12 21:35:38 localhost unix_chkpwd[16220]: password check failed for user (root)
Jan 12 21:35:38 localhost php5: pam_unix(openmediavault-webgui:auth): authentication failure; logname= uid=999 euid=999 tty= ruser= rhost=192.168.168.10 user=root
Jan 12 21:35:52 localhost unix_chkpwd[21169]: check pass; user unknown
Jan 12 21:35:52 localhost unix_chkpwd[21169]: password check failed for user (admin)
Jan 12 21:35:52 localhost php5: pam_unix(openmediavault-webgui:auth): authentication failure; logname= uid=999 euid=999 tty= ruser= rhost=192.168.168.10 user=admin

btw.: as I'm on a serial console I go by command line only - there's no Gui at all

Are there any other logfiles which Icould have a look at for further investigation on this authentication issue ?

Regards

ranX

Hi !

The Stora NAS has no video out.
Usually you plug it to the net and configure via Browser.
As the factory OS is pretty ugly, I disabled it and run Debian from a thumb drive.
My wish is to enhance the Debian base by OMV

To get control (e.g. install Debian an configure it) you have to plug a serial adapter directly to the JTAG pins on the board.
Then you start something like picocom and have direct console access to issue commands on the NAS box.
After you've gotten ssh installed you can also go by that.

Maybe we've been talking 'bout different things : serial access has always been working.
ssh authentiction is also fine.
The logon to http webgui is the thing that refuses to work and which I'm trying to get to work.
Using OMV wouldn't be too smart without that

Checked the packges - all of them installed ...

Regards

ranX

Hi !

Just an idea: could it be the whole thing is just a DNS issue ?
When I try to log on at the webinterface for any user I get: "unix_chkpwd[18893]: check pass; user unknown" at /var/log/auth.log
This is even the case when I try with root.

Strange enough regarding I can logon locally with root without any issues.
This proves the root user is existent on the system and his account is valid.
May it be local password authority feels not responsive for the given user
as it cannot determine that authentication against a local system user is invoked by the webgui ?

Regards

ranX

Yes I call up the webgui by IP.

Zitat

Loaded Modules:
core_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
alias_module (shared)
auth_basic_module (shared)
authn_file_module (shared)
authz_default_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgi_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
fcgid_module (shared)
mime_module (shared)
negotiation_module (shared)
php5_module (shared)
reqtimeout_module (shared)
setenvif_module (shared)
ssl_module (shared)
status_module (shared)
suexec_module (shared)
Syntax OK

Alles anzeigen

Zitat von "ryecoaaron"

I found an article that mentioned needing mod_auth_basic, mod_authN_file, and mod_authz_user.

I found that one too, while diggin' through the interwebs ...

I'm not sure, but at least I found a workaround, if not the solution.
Authentication uses /etc/shadow as password container.
Permission of this file was set to root:root.

As the whole OMV-site delivered by Apache belongs to user and group openmediavault.
I assumed any authentication from the webgui might be called with this owner/group rights.
Therfore I did "chown root:openmediavault /etc/shadow" to change permissions of the password container and make it readable for OMV
After this I'm now able to logon to the webgui.

I'm not too familiar with web-authentication stuff; therefore excuse me dumb question:
Did I really find a valid solution or did I open a security hole ?

Would be nice, if you could take a look at permissions for /etc/shadow set on your system

best Regards

ranX

Thank you for your help to find a solution !

I marked this one as "solved"
Gonna change my shadow's permissions to root:shadow too.

As I already pointed out, there was at least one other guy, who had the same issue.
Could that be worth adding a check to the install process, which changes permissions, if not set properly ?

Regards

ranX

Hi !

Zitat von "votdev"

User 'openmediavault' is created with group membership of 'sudo' and 'shadow' during package installation, thus there is no error in the setup routine in my eyes.

Yes, you're right !
Late night yesetrday, when coming back from Sports, I couldn't go to bed before having another look at the installation 8-)
While trying to change configuration via webgui (e.g. activate ssh) I always got the following error, when clicking the "submit" button

Zitat

"sudo:effective uid is not 0, is sudo installed setuid root?"

Short research pointed to the issue, that permissions on /usr/bin/sudo were not accurate
They were -rwxr-xr-x root:root
Necessary is -rwsr-xr-x root:root
So I did "chmod 4755 /usr/bin/sudo" to fix this

Just a guess: these wrong permissions might have already been set during debootstrapping the base installation as this took part in a virtual environment.
Missing sudo permissions led to configuration errors during installation process.
e.g. I also get errors, when trying to start FTP as the directory /home/ftp has not been created during setup.
It's just an assumption as I don't know if the install/initialisation process has to rely on sudo.

Regards

ranX