ProFTPD Logins and Authentication

[pete]

I can't seems to login to proftpd from webFTP or remote FTP client using username and password I created from ISPconfig web interface.

annoymous FTP is working

Can someone help me!

Here is error
##############################
[root@web1 etc]# ftp localhost
Connected to web1.
220 FTP Server ready.
500 AUTH not understood
500 AUTH not understood
KERBEROS_V4 rejected as an authentication type
Name (localhost:root):
#############################

Here is my proftpd.conf
###################

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c


DefaultRoot ~

Include /etc/proftpd_ispconfig.conf
#####################

[till]

Quote:

Originally Posted by pete

I can't seems to login to proftpd from webFTP or remote FTP client using username and password I created from ISPconfig web interface.

annoymous FTP is working

Can someone help me!

Here is my proftpd.conf
###################

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c


DefaultRoot ~

Include /etc/proftpd_ispconfig.conf
#####################

Have you checked the "FTP Access" checkbox in the site settings?
Did you get any errors in the logfiles (auth.log)?

[pete]

user can login to web-FTP by checking "FTP Access"
but
can not login from remote FTP client. It's like I don't have home directory to login to.
error
#############
530 Login incorrect.
QUIT
221 Goodbye.
###########

I tried the username and password to localhost and it works.
###########################
[root@web1 etc]# ftp localhost
Connected to web1.
220 FTP Server ready.
500 AUTH not understood
500 AUTH not understood
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): <username>
331 Password required for <username>.
Password:
230 User <username> logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
##############################

[till]

Quote:

Originally Posted by pete

user can login to web-FTP by checking "FTP Access"
but
can not login from remote FTP client. It's like I don't have home directory to login to.
error
#############
530 Login incorrect.
QUIT
221 Goodbye.
###########

I tried the username and password to localhost and it works.
###########################
[root@web1 etc]# ftp localhost
Connected to web1.
220 FTP Server ready.
500 AUTH not understood
500 AUTH not understood
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): <username>
331 Password required for <username>.
Password:
230 User <username> logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
##############################

Webftp is a normal FTP-Client that uses only FTP commands and connects to localhost. When you can login from localhost and not from a remote computer, it might be a firewall issue.

[pete]

i tried ftp from remote server that has no fireall restriction and i could not login either. So it seems the firewall is not the issue from my machine.

I did not setup any firewall restriction on localhost server. I don't understand what's going on.


Thank you for your help.

[brandon]

I am experiencing the same issue.
I can login to SSH from a remote system using one of the user logins, but am unable to use that same username/password pair to login to FTP remotely, but I can login with that username password locally when I connect to localhost.

Till: Regarding the question posed to Pete, here is my iptables output:

# iptables -L -t filter
Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

# iptables -L -t nat
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

# iptables -L -t mangle
Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

This is very confusing to me. Here are the relevant messages from /var/log/secure:
Aug 13 18:58:44 webhost sshd[28692]: Accepted password for web2_brandon from REMOTEHOST port 51960 ssh2
Aug 13 19:04:05 webhost proftpd[28887]: webhost.mydomain.tld (127.0.0.1[127.0.0.1]) - USER web2_brandon: Login successful.
Aug 13 19:04:40 webhost proftpd[28900]: webhost.mydomain.tld (REMOTEHOST[REMOTEHOST]) - USER web2_brandon (Login failed): Incorrect password.

and if you can believe it, I used the same password for all three of those login attempts.

Here are some entries from /var/log/messages:

Aug 13 19:03:57 webhost proftpd[28887]: webhost.mydomain.tld (127.0.0.1[127.0.0.1]) - FTP session opened.
Aug 13 19:04:05 webhost proftpd(pam_unix)[28887]: session opened for user web2_brandon by (uid=0)
Aug 13 19:04:20 webhost proftpd[28887]: webhost.mydomain.tld (127.0.0.1[127.0.0.1]) - PAM(setcred): System error
Aug 13 19:04:20 webhost proftpd[28887]: webhost.mydomain.tld (127.0.0.1[127.0.0.1]) - PAM(close_session): System error
Aug 13 19:04:20 webhost proftpd[28887]: webhost.mydomain.tld (127.0.0.1[127.0.0.1]) - FTP session closed.
Aug 13 19:04:28 webhost sshd(pam_unix)[28695]: session closed for user web2_brandon
Aug 13 19:04:31 webhost proftpd[28900]: myHostIPAddress (REMOTEHOST[REMOTEHOST]) - FTP session opened.
Aug 13 19:04:40 webhost proftpd[28900]: myHostIPAddress (REMOTEHOST[REMOTEHOST]) - PAM(web2_brandon): Authentication failure.
Aug 13 19:09:05 webhost proftpd[28900]: myHostIPAddress (REMOTEHOST[REMOTEHOST]) - FTP login timed out, disconnected
Aug 13 19:09:05 webhost proftpd[28900]: myHostIPAddress (REMOTEHOST[REMOTEHOST]) - FTP session closed.

[brandon]

Wow, I got connected... I have been struggling with this for a few days.

So I use Filezilla (http://filezilla.sourceforge.net/) as my ftp client.
Since I was still having problems, and not getting anywhere with looking at my pam.d/proftpd file I decided to play around with my client for a few.
First off... you HAVE to have puTTY installed on your windows PC.
In Filezilla, add your ISPConfig server in Site Manager.
Under Servertype: choose SFTP using SSH2
Then use your ISPConfig user that is configured, e.g. webx_username and the password you assigned to this user.
I got connected and am now happily using if to load files and remove them as well.

[till]

Quote:

Originally Posted by brandon

Wow, I got connected... I have been struggling with this for a few days.

So I use Filezilla (http://filezilla.sourceforge.net/) as my ftp client.
Since I was still having problems, and not getting anywhere with looking at my pam.d/proftpd file I decided to play around with my client for a few.
First off... you HAVE to have puTTY installed on your windows PC.
In Filezilla, add your ISPConfig server in Site Manager.
Under Servertype: choose SFTP using SSH2
Then use your ISPConfig user that is configured, e.g. webx_username and the password you assigned to this user.
I got connected and am now happily using if to load files and remove them as well.

Hi Brandon,

this is another solution to upload files to your server but it does not solve the FTP problem because the proftpd daemon is not envolved at all when uploading files in sftp mode. Maybe falko has an idea what might be wrong with your proftpd installation.

Till

[falko]

Have a look at this thread, it may contain the solution:
http://www.howtoforge.com/forums/showthread.php?t=196

[brandon]

Quote:

Originally Posted by falko

Have a look at this thread, it may contain the solution:
http://www.howtoforge.com/forums/showthread.php?t=196

Thanks a lot Falko. I thought I had looked all through the forums regarding this issue, but apparently not.

Adding /etc/pam.d/ftp with those entries worked like a charm. Thanks again.