Anonymous FTP fails with 503 error
 

I'm running ISPConfig 2.2.10 on an Ubuntu system. User FTP logins work fine, but anonymous FTP fails with a 503 (incorrect login) error.

I've poked through other threads here, but none of the fixes seem to work.

Any additional suggestion for how to debug this problem?

-- Richard

Sorry... I copied the error wrong. That's a 530 Incorrect login, not 503.

-- Richard

What's in /etc/proftpd.conf and /etc/proftpd_ispconfig.conf?
Any errors in your logs?

Proftpd.conf looks like this:

#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName Default
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
#TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?pag...LSS-2004-10-02
# It is on by default.
#DelayEngine off

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>
<Global>
AccessGrantMsg "Welcome to the Greaves Group FTP Site"
RootLogin on
RequireValidShell off
UseFtpUsers on
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
AuthAliasOnly off
WtmpLog on
</Global>
TimesGMT off
<Anonymous /var/ftp>
</Anonymous>
RequireValidShell off
UseFtpUsers on
RootLogin on


Include /etc/proftpd_ispconfig.conf



************************************************** *

proftpd_ispconfig.conf looks like this:


###################################
#
# ISPConfig proftpd Configuration File
# Version 1.0
#
###################################
DefaultAddress 127.0.0.1
<VirtualHost 64.142.97.114>
DefaultRoot ~
AllowOverwrite on
Umask 002
</VirtualHost>
<VirtualHost 64.142.97.115>
DefaultRoot ~
AllowOverwrite on
Umask 002
<Anonymous /home/www/web9/ftp>
User web9_anonftp
Group web9_anonftp
UserAlias anonymous web9_anonftp
UserAlias guest web9_anonftp
MaxClients 10
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
<Directory /home/www/web9/ftp/incoming>
Umask 002
<Limit STOR>
AllowAll
</Limit>
<Limit READ>
DenyAll
</Limit>
</Directory>
</Anonymous>
</VirtualHost>
<VirtualHost 64.142.97.116>
DefaultRoot ~
AllowOverwrite on
Umask 002
<Anonymous /home/www/web2/ftp>
User web2_anonftp
Group web2_anonftp
UserAlias anonymous web2_anonftp
UserAlias guest web2_anonftp
MaxClients 10
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
<Directory /home/www/web2/ftp/incoming>
Umask 002
<Limit STOR>
AllowAll
</Limit>
<Limit READ>
DenyAll
</Limit>
</Directory>
</Anonymous>
</VirtualHost>
<VirtualHost 64.142.97.117>
DefaultRoot ~
AllowOverwrite on
Umask 002
<Anonymous /home/www/web5/ftp>
User web5_anonftp
Group web5_anonftp
UserAlias anonymous web5_anonftp
UserAlias guest web5_anonftp
MaxClients 10
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
<Directory /home/www/web5/ftp/incoming>
Umask 002
<Limit STOR>
AllowAll
</Limit>
<Limit READ>
DenyAll
</Limit>
</Directory>
</Anonymous>
</VirtualHost>
<VirtualHost 64.142.97.118>
DefaultRoot ~
AllowOverwrite on
Umask 002
<Anonymous /home/www/web8/ftp>
User web8_anonftp
Group web8_anonftp
UserAlias anonymous web8_anonftp
UserAlias guest web8_anonftp
MaxClients 10
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
<Directory /home/www/web8/ftp/incoming>
Umask 002
<Limit STOR>
AllowAll
</Limit>
<Limit READ>
DenyAll
</Limit>
</Directory>
</Anonymous>
</VirtualHost>
<VirtualHost 64.142.97.119>
DefaultRoot ~
AllowOverwrite on
Umask 002
<Anonymous /home/www/web10/ftp>
User web10_anonftp
Group web10_anonftp
UserAlias anonymous web10_anonftp
UserAlias guest web10_anonftp
MaxClients 10
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
<Directory /home/www/web10/ftp/incoming>
Umask 002
<Limit STOR>
AllowAll
</Limit>
<Limit READ>
DenyAll
</Limit>
</Directory>
</Anonymous>
</VirtualHost>
<VirtualHost 64.142.97.120>
DefaultRoot ~
AllowOverwrite on
Umask 002
</VirtualHost>
<VirtualHost 64.142.97.121>
DefaultRoot ~
AllowOverwrite on
Umask 002
</VirtualHost>
<VirtualHost 64.142.97.122>
DefaultRoot ~
AllowOverwrite on
Umask 002
</VirtualHost>
<VirtualHost 64.142.97.123>
DefaultRoot ~
AllowOverwrite on
Umask 002
</VirtualHost>
<VirtualHost 64.142.97.124>
DefaultRoot ~
AllowOverwrite on
Umask 002
</VirtualHost>
<VirtualHost 64.142.97.125>
DefaultRoot ~
AllowOverwrite on
Umask 002
</VirtualHost>
<VirtualHost 64.142.97.126>
DefaultRoot ~
AllowOverwrite on
Umask 002
</VirtualHost>

...and checking the Anonymous FTP box on the web10 site adds the following to ispconfig.log


07.03.2007 - 15:42:55 => INFO - USER:
web10_austinhq:x:10028:10010:Austin HQ Distribution List:/home/www/web10/user/web10_austinhq:/dev/null
07.03.2007 - 15:42:55 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 137: cp -fr /etc/postfix/local-host-names /etc/postfix/local-host-names~
07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 284: cp -fr /etc/postfix/virtusertable /etc/postfix/virtusertable~
07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 289: postmap hash:/etc/postfix/virtusertable
07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1230: cp -fr /etc/apache2/vhosts/Vhosts_ispconfig.conf /etc/apache2/vhosts/Vhosts_ispconfig.conf~
07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1891: cp -fr /etc/proftpd_ispconfig.conf /etc/proftpd_ispconfig.conf~
07.03.2007 - 15:42:56 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: WARNING: could not groupadd -g 12009 web9_anonftp &> /dev/null
07.03.2007 - 15:42:56 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: WARNING: could not useradd -d /home/www/web9/ftp -g web9_anonftp -m -s /bin/false -u 12009 web9_anonftp &> /dev/null
07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web9_anonftp 0 0 0 0 -a &> /dev/null
07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web9_anonftp 604800 604800 -a &> /dev/null
07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web9_anonftp 0 0 0 0 -a &> /dev/null
07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web9_anonftp 604800 604800 -a &> /dev/null
07.03.2007 - 15:42:56 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: WARNING: could not groupadd -g 12002 web2_anonftp &> /dev/null
07.03.2007 - 15:42:56 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: WARNING: could not useradd -d /home/www/web2/ftp -g web2_anonftp -m -s /bin/false -u 12002 web2_anonftp &> /dev/null
07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web2_anonftp 0 0 0 0 -a &> /dev/null
07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web2_anonftp 604800 604800 -a &> /dev/null
07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web2_anonftp 0 0 0 0 -a &> /dev/null
07.03.2007 - 15:42:56 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web2_anonftp 604800 604800 -a &> /dev/null
07.03.2007 - 15:42:57 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: WARNING: could not groupadd -g 12005 web5_anonftp &> /dev/null
07.03.2007 - 15:42:57 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: WARNING: could not useradd -d /home/www/web5/ftp -g web5_anonftp -m -s /bin/false -u 12005 web5_anonftp &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web5_anonftp 0 0 0 0 -a &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web5_anonftp 604800 604800 -a &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web5_anonftp 0 0 0 0 -a &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web5_anonftp 604800 604800 -a &> /dev/null
07.03.2007 - 15:42:57 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: WARNING: could not groupadd -g 12008 web8_anonftp &> /dev/null
07.03.2007 - 15:42:57 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: WARNING: could not useradd -d /home/www/web8/ftp -g web8_anonftp -m -s /bin/false -u 12008 web8_anonftp &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web8_anonftp 0 0 0 0 -a &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web8_anonftp 604800 604800 -a &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web8_anonftp 0 0 0 0 -a &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web8_anonftp 604800 604800 -a &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1926: groupadd -g 12010 web10_anonftp &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: useradd -d /home/www/web10/ftp -g web10_anonftp -m -s /bin/false -u 12010 web10_anonftp &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1937: setquota -u web10_anonftp 0 0 0 0 -a &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1938: setquota -T -u web10_anonftp 604800 604800 -a &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1939: setquota -g web10_anonftp 0 0 0 0 -a &> /dev/null
07.03.2007 - 15:42:57 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1940: setquota -T -g web10_anonftp 604800 604800 -a &> /dev/null
07.03.2007 - 15:42:59 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_system.lib.php, Line 706: /etc/init.d/proftpd restart &> /dev/null

What's in /etc/passwd and /etc/group?

Hmmm... lots of stuff, but the relevant lines seem to be:

in group:

users:x:100:web8_twg,web8_brenda,web8_chris,web8_m elissa,web8_partners,web8_info,web8_roger,web8_adm in,web8_chris2,web2_twg,web2_n6mod,web2_jhayes,web 10_barry,web10_sharla,web10_brenda,web10_melissa,w eb10_ed,web10_michele,web10_janeadmispconfig:x:100 1:admispconfig
web1:x:10001:admispconfig
web1_anonftp:x:12001:
web2:x:10002:admispconfig,web2_ram
web2_anonftp:x:12002:
web4:x:10004:admispconfig
web4_anonftp:x:12004:
web5:x:10005:admispconfig,web5_dreamweaver
web5_anonftp:x:12005:
web8:x:10008:admispconfig,web8_ram
web8_anonftp:x:12008:admispconfig,web8_anonftp
web9:x:10009:admispconfig,ram,web9_admin
web9_anonftp:x:12009:
web10:x:10010:admispconfig,web10_admin
web12:x:10012:admispconfig
web13:x:10013:admispconfig,web13_admin
freerad:x:115:
ssl-cert:x:116:postgres
web10_anonftp:x:12010:

...........................................and in passwd:

admispconfig:x:1001:1001:Administrator ISPConfig:/home/admispconfig:/bin/bash
web1_anonftp:x:12001:12001::/home/www/web1/ftp:/bin/false
web2_anonftp:x:12002:12002::/home/www/web2/ftp:/bin/false
web4_anonftp:x:12004:12004::/home/www/web4/ftp:/bin/false
web5_anonftp:x:12005:12005::/home/www/web5/ftp:/bin/false
web8_anonftp:x:12008:12008::/home/www/web8/ftp:/bin/false
web9_anonftp:x:12009:12009::/home/www/web9/ftp:/bin/false
web5_dreamweaver:x:10004:10005:Bug Track:/home/www/web5:/bin/bash
web13_admin:x:10027:10013:Richard:/home/www/web13:/bin/false
freerad:x:109:115::/etc/freeradius:/bin/false
web9_admin:x:10029:10009:Administrator:/home/www/web9:/bin/bash
web8_ram:x:10009:10008:Richard A. Milewski:/home/www/web8:/bin/bash
web8_twg:x:10010:10008:Thomas W. Greaves:/home/www/web8/user/web8_twg:/bin/false
web8_brenda:x:10014:10008:Brenda Raker:/home/www/web8/user/web8_brenda:/bin/false
web8_chris:x:10015:10008:Christine Whelan:/home/www/web8/user/web8_chris:/bin/false
web8_melissa:x:10016:10008:Melissa Mccullough:/home/www/web8/user/web8_melissa:/bin/false
web8_partners:x:10017:10008:Partners:/home/www/web8/user/web8_partners:/bin/false
web8_info:x:10018:10008:Catchall Accounts:/home/www/web8/user/web8_info:/bin/false
web8_roger:x:10019:10008:Roger Samdahl:/home/www/web8/user/web8_roger:/bin/false
web8_admin:x:10020:10008:NOC Accounts:/home/www/web8/user/web8_admin:/bin/bash
web8_chris2:x:10026:10008:Chris Whelan:/home/www/web8/user/web8_chris2:/bin/false
web2_twg:x:10012:10002:Thomas W. Greaves:/home/www/web2/user/web2_twg:/bin/false
web2_ram:x:10008:10002:Richard A. Milewski:/home/www/web2:/bin/bash
web2_n6mod:x:10007:10002:Aleksandr:/home/www/web2/user/web2_n6mod:/bin/bash
web2_jhayes:x:10013:10002:Jeanne Hayes:/home/www/web2/user/web2_jhayes:/bin/false
web10_admin:x:10022:10010:Administrator:/home/www/web10:/bin/bash
web10_barry:x:10023:10010:Barry Berman:/home/www/web10/user/web10_barry:/bin/false
web10_sharla:x:10025:10010:Sharla Woodrow:/home/www/web10/user/web10_sharla:/bin/false
web10_brenda:x:10031:10010:Brenda Raker:/home/www/web10/user/web10_brenda:/bin/false
web10_melissa:x:10032:10010:Melissa McCullough:/home/www/web10/user/web10_melissa:/bin/false
web10_ed:x:10033:10010:Ed Cranston:/home/www/web10/user/web10_ed:/bin/false
web10_michele:x:10034:10010:Michele Drake:/home/www/web10/user/web10_michele:/bin/false
web10_jane:x:10035:10010:Jane Stahler:/home/www/web10/user/web10_jane:/bin/false
web10_tom:x:10021:10010:Tom Fitzgerald:/home/www/web10/user/web10_tom:/dev/null
web10_david:x:10024:10010:David Walling:/home/www/web10/user/web10_david:/dev/null
web10_austinhq:x:10028:10010:Austin HQ Distribution List:/home/www/web10/user/web10_austinhq:/dev/null
web10_anonftp:x:12010:12010::/home/www/web10/ftp:/bin/false



....is there something in particular I should look for?

-- RAM

I wanted to see if all anonymous FTP users and groups are existing - they are, so that's not the problem... :confused:

I hate to bring a thread back from the dead but I've been reading through these threads that have anonymous ftp access problems and I don't see a fix for it.

I also am having this same problem, getting:

From SmartFTP:

[11:21:55] 220 FTP Server ready.
[11:21:55] USER anonymous
[11:21:55] 331 Password required for anonymous.
[11:21:55] PASS (hidden)
[11:21:55] 530 Login incorrect.
[11:21:55] Active Help: http://www.smartftp.com/support/kb/index.php/51
[11:21:55] Cannot login waiting to retry (30s)...
[11:26:55] 421 No Transfer Timeout (300 seconds): closing control connection.
[11:26:55] Server closed connection

From /var/log/messages:

Apr 13 11:20:42 proftpd[11346]: localhost.localdomain (::ffff:68.149.237.71[::ffff:68.149.237.71]) - no such user 'anonymous'

Here is the /etc/proftpd_ispconfig.conf file:

Here is the ispconfig.log file:


Everything looks like it should work but I have no clue why it's not working. I can FTP with a user in ISPConfig and SmartFTP no problem, it's just the anonymous ftp user that has the problems.

Thanks!

I'm not sure where that error comes from because the user anonymous is mapped to web11_anonftp in /etc/proftpd_ispconfig.conf:

Does web11_anonftp exist in /etc/passwd?