PDA

View Full Version : Users created but cannot login (FTP and shell)


baskin
12th December 2009, 20:13
I have an ISPConfig 3 server with opensuse 11.1.

Until now i had only one client with one site, one ftp account and one shell account. Everything is working nice (I cannot login to stats and i have post a thread for that, that's my only problem).

I have created a second client and a site for that client. I have also created an ftp user and a shell user for that site.

Neither shell or ftp user can login. I'm getting a "Access denied" on shell user and "Login failed" on ftp user.

I have deleted all the users and the site and recreated from scratch multiple times but the problem persists.

What should i check?

Thanks in advance.

falko
13th December 2009, 15:13
Any errors in your logs?

baskin
13th December 2009, 15:19
Any errors in your logs?

What log should i check?

I have these on /var/log/messages:

Dec 12 20:04:36 aragorn sshd[1328]: Invalid user kernelitshell from 10.215.4.227
Dec 12 20:04:39 aragorn sshd[1328]: error: PAM: User not known to the underlying authentication module for illegal user kernelitshell from 10.215.4.227
Dec 12 20:04:39 aragorn sshd[1328]: Failed keyboard-interactive/pam for invalid user kernelitshell from 10.215.4.227 port 41921 ssh2
Dec 12 20:04:43 aragorn sshd[1328]: error: PAM: User not known to the underlying authentication module for illegal user kernelitshell from 10.215.4.227
Dec 12 20:04:43 aragorn sshd[1328]: Failed keyboard-interactive/pam for invalid user kernelitshell from 10.215.4.227 port 41921 ssh2
Dec 12 20:04:44 aragorn sshd[1328]: error: PAM: User not known to the underlying authentication module for illegal user kernelitshell from 10.215.4.227
Dec 12 20:04:44 aragorn sshd[1328]: Failed keyboard-interactive/pam for invalid user kernelitshell from 10.215.4.227 port 41921 ssh2

Dec 13 15:05:10 aragorn pure-ftpd: (?@10.215.4.227) [WARNING] Authentication failed for user [kernelitftp]
Dec 13 15:05:19 aragorn pure-ftpd: (?@10.215.4.227) [WARNING] Authentication failed for user [kernelitftp]
Dec 13 15:05:37 aragorn pure-ftpd: (?@10.215.4.227) [WARNING] Authentication failed for user [kernelitftp]
Dec 13 15:08:28 aragorn pure-ftpd: (?@10.215.4.227) [WARNING] Authentication failed for user [kernelitftp]

till
14th December 2009, 16:41
Are ythere any pending jobs in the ispconfig jonbqueue in the monitor module? Does the shell user exists in /etc/passwd?

baskin
14th December 2009, 16:58
Jobqueue is empty and the user does not exist in /etc/passwd.

It seems that ISPConfig does not create the user. Regarding the FTP user it seems that it is created but with wrong password.

Thanks.

baskin
16th December 2009, 21:14
Is there a specific log that has some info at the time of user creation?

I mean if i create the user, is there a log where the executed commands are logged, so i can check there.

I'm asking because this is a major problem and it doesn't has an obvious solution.

I have also created a third client with one site and tried to create a shell user for that client. The result is the same. I can see the insert shell_user job in the jobqueue. The job disappears after a while but no user is created although is listed in the ispconfig's shell users list. In /etc/passwd the user does not exists.

Thanks.

till
17th December 2009, 08:52
FTP users are just in the database, there are no commands executed when you create a FTP user.

Also do not mix up shall and FTP users. You canm not login with the shell users with FTP. You have to use a ssh client like putty to login with shell users or use sftp with a client like winscp.

if you want to debug your FTP logins, enable debugging in pure-ftpd:

http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-enable-debugging-in-pure-ftpd-on-debian-linux/

and you can enable it also in ispconfig:

http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-enable-debugging-in-ispconfig-3/

baskin
17th December 2009, 10:12
I know very well the difference between shell and ftp users.

I'm having problem with both of them on all newly created clients (except the first one that was created after initial installation of the ispconfig).

I will enable debug on pure-ftpd, but what about with the shell's users problem. You understand that this problem makes ispconfig useless.

I will enable debug on ispconfig and report but if something useful appears.

It is a major problem and i think it happened after the update to 3.0.1.6. My system is useless as it is now so that's why i'm eager to find a solution.

Regarding ftp users i have recreated the user (and several others) multiple times but always i'm getting a wrong password error.

till
17th December 2009, 10:26
Ok, its the first time that you mentioned now that it happened after an update. You should really give the full information when you want to get help!

please post the output of:

grep sshusers /etc/group

baskin
17th December 2009, 12:22
I haven't mention the update because i'm not sure if the problem occured after the latest update. I had until now only one client, one ftp user and one shell user and i have performed all the updates since the initial install of ispconfig 3.0 (the client and the users were created just after the initial install).

grep sshusers /etc/group returns nothing.

Regarding the ftp users, when i edit the problematic new user and change his password, i can see with phpmyadmin that his password is changing in the ispconfig's database (although is encrypted but i can see characters changing). Pure-ftpd continues to report that the password is wrong. It seems like pure-ftpd doesn't "look" in the database.

Thanks.

jay_six
17th December 2009, 14:55
Hello.
I also have the same problem regarding creating new ftp users since update to 3.0.1.6 . Didn't notice it for a while because no new ftp users were added but now when i whant to add a new ftp account, it creates it, i can see with phpmyadmin that the account and the password it is created but ftp server sais Login Authentification Failed. Also old ftp account works.

I don't have any Shell-Users created to see if that is working but i will test that later on today.

Like Baskin i also don't get any results when running command: grep sshusers /etc/group

Regards
Jay

baskin
18th December 2009, 20:36
When i try to edit an existing shell user (from the new that do not work, not the first working one) i'm getting this on the ispconfig.log:

18.12.2009-20:33 - DEBUG - Found 1 changes, starting update process.
18.12.2009-20:33 - DEBUG - Call function 'update' in plugin 'shelluser_base_plugin' raised by event 'shell_user_update'.
18.12.2009-20:33 - WARNING - Skippung update for user:kernelitshell, parent user web8 does not exist.
18.12.2009-20:33 - DEBUG - Call function 'update' in plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_update'.
18.12.2009-20:33 - WARNING - Jailkit Plugin -> update username:kernelitshell skipped, the user does not exist.
18.12.2009-20:33 - DEBUG - Processed datalog_id 784

till
18th December 2009, 20:39
The sshusers group is missing. Run:

groupadd sshusers

and then delete the website and add it again.

baskin
18th December 2009, 21:05
OLEEEEE!!! :D

Problem solved as well as ftp users problem (at least for this client). I will test with another client and report back if necessary.

The disappearance of sshusers is a mystery to me. System has only the official updates and i run several identical opensuse 11.1 systems (not with ispconfig) without any problem (at least from system updates).