PDA

View Full Version : FTP Access


ProTrooper
15th August 2005, 00:30
I finally installed ISPConfig and started to play with it. I created a client and a web site with ftp access, but it will not let me log in. It prompts for a user and password and I tried everything.

till
15th August 2005, 09:19
I finally installed ISPConfig and started to play with it. I created a client and a web site with ftp access, but it will not let me log in. It prompts for a user and password and I tried everything.

Have you checked the "FTP" checkbox for this site?

And have a look at this thread, it may contain the solution:
http://www.howtoforge.com/forums/showthread.php?t=196

ProTrooper
15th August 2005, 18:26
I tried from a non-firewalled computer to a non-firewalled server both passively and actively. It returns "login incorrect." The FTP access check box is enabled. What is the default login/pass?

falko
15th August 2005, 19:16
Please have a look at this thread:
http://www.howtoforge.com/forums/showthread.php?t=196

ProTrooper
15th August 2005, 19:57
Yah, I read that, but it didn't really help. For some reason I can't find the log file (/var/log/proftpd.log) either. The proftpd service is started. If it would help, I can give you access to the server since it is a test server. Here are the listening services:

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 1911/xinetd
tcp 0 0 *:32769 *:* LISTEN 1645/rpc.statd
tcp 0 0 *:pop3s *:* LISTEN 1911/xinetd
tcp 0 0 *:mysql *:* LISTEN 2001/mysqld
tcp 0 0 *:pop3 *:* LISTEN 1911/xinetd
tcp 0 0 *:imap *:* LISTEN 1911/xinetd
tcp 0 0 *:sunrpc *:* LISTEN 1628/portmap
tcp 0 0 *:81 *:* LISTEN 2290/ispconfig_http
tcp 0 0 *:ftp *:* LISTEN 2428/proftpd: (acce
tcp 0 0 wsip-68-110-129-76.g:domain *:* LISTEN 2413/named
tcp 0 0 Canada.oceanave.net:domain *:* LISTEN 2413/named
tcp 0 0 Canada.oceanave.net:rndc *:* LISTEN 2413/named
tcp 0 0 *:smtp *:* LISTEN 2394/master
tcp 0 0 *:http *:* LISTEN 2322/httpd
tcp 0 0 *:ssh *:* LISTEN 1903/sshd
tcp 0 0 ::1:rndc *:* LISTEN 2413/named
tcp 0 2276 wsip-68-110-129-76.ga.a:ssh adsl-220-146-77.gnv.b:50030 ESTABLISHED 5566/0


There is nothing after "(acce"

ProTrooper
16th August 2005, 00:50
I can log into the stats page with my test user account. Should I be able to log in to the ftp with that account?

falko
16th August 2005, 00:59
I can log into the stats page with my test user account. Should I be able to log in to the ftp with that account?

Yes, that's right.

ProTrooper
16th August 2005, 01:00
Yah okay that's what I thought. But no... it doesn't work. :(

ProTrooper
16th August 2005, 01:07
I tried to connect using an FTP client so I can see all the handshakin' and it returns "login incorrect." Is this an ambiguous error or is the login wrong?

falko
16th August 2005, 09:22
Can you post your /etc/proftpd.conf here?

ProTrooper
16th August 2005, 16:13
Okay, here it is. I didn't manually change anything.

# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
ServerType standalone
#ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in."
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome off

# Use this to excude users from the chroot
DefaultRoot ~ !adm

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups off
UseReverseDNS off

# Port 21 is the standard FTP port.
Port 21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# Default to show dot files in directory listings
ListOptions "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
#LoginPasswordPrompt on
#MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20

# Set the user and group that the server normally runs at.
User nobody
Group nobody

# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>

# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
#TLSLog /var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
# User ftp
# Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions apply."
#
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10 "Sorry, max %m users -- try again later"
#
# # Put the user into /pub right after login
# #DefaultChdir /pub
#
# # We want 'welcome.msg' displayed at login, '.message' displayed in
# # each newly chdired directory and tell users to read README* files.
# DisplayLogin /welcome.msg
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE SITE_CHMOD>
# DenyAll
# </Limit>
#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
# <Directory uploads/*>
# AllowOverwrite no
# <Limit READ>
# DenyAll
# </Limit>
#
# <Limit STOR>
# AllowAll
# AllowAll
# </Limit>
# </Directory>
#
# # Don't write anonymous accesses to the system wtmp file (good idea!)
# WtmpLog off
#
# # Logging for the anonymous transfers
# ExtendedLog /var/log/proftpd/access.log WRITE,READ default
# ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>


DefaultRoot ~

Include /etc/proftpd_ispconfig.conf

And in case you want to see /etc/proftpd_ispconfig.conf

###################################
#
# ISPConfig proftpd Configuration File
# Version 1.0
#
###################################
<VirtualHost 68.110.129.76>
DefaultRoot ~
AllowOverwrite on
Umask 002
</VirtualHost>

Hope this helps!

falko
16th August 2005, 16:33
Looks good.
Can you also post /etc/pam.d/ftp here?

ProTrooper
16th August 2005, 16:39
Okay hmmm... no /etc/pam.d/ftp but there is a /etc/pam.d/proftpd. Here is what it has:

#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth

falko
16th August 2005, 16:46
Can you create /etc/pam.d/ftp and put this into it?

#%PAM-1.0
auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so

Then restart proftpd: /etc/init.d/proftpd restart

ProTrooper
16th August 2005, 16:58
What.... it worked! Thanks falko. Any ideas what could have happened?

falko
16th August 2005, 17:32
Please have a look at this thread:
http://www.howtoforge.com/forums/showthread.php?t=196

Yah, I read that, but it didn't really help.

Are you sure you've read that thread? :p

ProTrooper
16th August 2005, 17:37
Oh man... I didn't see page 2... and it was right there. :o Sorry about that falko, I really did read it.

falko
16th August 2005, 17:53
No problem at all! :)