Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th September 2007, 13:20
Aldert Aldert is offline
Junior Member
 
Join Date: Jul 2007
Posts: 20
Thanks: 1
Thanked 0 Times in 0 Posts
Default ProFTPD PAM authentication not working

Sorry for opening a thread on this, but solution I tried for 2 hours did not work.

If find the following errors while trying to log in with FTP:
Code:
Sep 20 12:55:59 aerotronicvds proftpd[9079]: localhost.localdomain (::ffff:130.89.137.92[::ffff:130.89.137.92]) - FTP session opened. 
Sep 20 12:55:59 aerotronicvds proftpd: PAM-listfile: Refused user ***user*** for service proftpd
Sep 20 12:55:59 aerotronicvds proftpd(pam_unix)[9079]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=::ffff:130.89.137.92  user=***user***
Sep 20 12:56:01 aerotronicvds proftpd[9079]: localhost.localdomain (::ffff:130.89.137.92[::ffff:130.89.137.92]) - PAM(***user***): Authentication failure. 
Sep 20 12:57:28 aerotronicvds proftpd[9145]: localhost.localdomain (::ffff:130.89.137.92[::ffff:130.89.137.92]) - FTP session opened. 
Sep 20 12:57:28 aerotronicvds proftpd: PAM-listfile: Refused user ***user*** for service proftpd
Sep 20 12:57:30 aerotronicvds proftpd[9145]: localhost.localdomain
I have followed: http://www.howtoforge.com/perfect_setup_centos_4.4_p6

So /etc/pam.d/ftp is as should

passwd:
***user***:x:10018:10002: *** Information:/var/www/web2/:/dev/null

Also tried:
***user***:x:10018:10002: *** Information:/var/www/web2/./:/bin/false
***user***:x:10018:10002: *** Information:/var/www/web2/./:/etc/shell

Also changed the owner of the files, but that's not where the problem lies.

No luck. I think I better send proftpd.conf per PM.

Thanks so much in advance for your help!

Aldert
Reply With Quote
Sponsored Links
  #2  
Old 21st September 2007, 17:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,703 Times in 2,546 Posts
Default

Can you post your proftpd.conf here?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 21st September 2007, 23:03
Aldert Aldert is offline
Junior Member
 
Join Date: Jul 2007
Posts: 20
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Code:
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName			"ProFTPD server"
ServerIdent			on "FTP Server ready."
ServerAdmin			root@localhost
ServerType			standalone
#ServerType			inetd
DefaultServer			on
AccessGrantMsg			"User %u logged in."
#DisplayConnect			/etc/ftpissue
#DisplayLogin			/etc/ftpmotd
#DisplayGoAway			/etc/ftpgoaway
DeferWelcome			off

# Use this to excude users from the chroot
DefaultRoot			~ !adm

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig			proftpd
AuthOrder			mod_auth_pam.c* mod_auth_unix.c

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups			off
UseReverseDNS			off

# Port 21 is the standard FTP port.
Port				21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask				022

# Default to show dot files in directory listings
ListOptions			"-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228		off
#RootLogin			off
#LoginPasswordPrompt		on
#MaxLoginAttempts		3
#MaxClientsPerHost		none
#AllowForeignAddress		off	# For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart		on
AllowStoreRestart		on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances			20

# Set the user and group that the server normally runs at.
User				nobody
Group				nobody

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile			no

# This is where we want to put the pid file
ScoreboardFile			/var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
  AllowOverwrite		yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

# Define the log formats
LogFormat			default	"%h %l %u %t \"%r\" %s %b"
LogFormat			auth	"%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine			on
#TLSRequired			on
#TLSRSACertificateFile		/etc/pki/tls/certs/proftpd.pem
#TLSRSACertificateKeyFile	/etc/pki/tls/certs/proftpd.pem
#TLSCipherSuite			ALL:!ADH:!DES
#TLSOptions			NoCertRequest
#TLSVerifyClient		off
##TLSRenegotiate		ctrl 3600 data 512000 required off timeout 300
#TLSLog				/var/log/proftpd/tls.log

# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
#<IfModule mod_dso.c>
#   LoadModule mod_sql.c
#   LoadModule mod_sql_mysql.c
#   LoadModule mod_sql_postgres.c
#</IfModule>

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User				ftp
#  Group				ftp
#  AccessGrantMsg		"Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias			anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients			10 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir			/pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files. 
#  DisplayLogin			/welcome.msg
#  DisplayFirstChdir		.message
#  DisplayReadme			README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser			on ftp
#  DirFakeGroup			on ftp
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite		no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog			off
#
#  # Logging for the anonymous transfers
#  ExtendedLog		/var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog		/var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>


DefaultRoot ~

Include /etc/proftpd_ispconfig.conf
There you go, thanks in advance (what is you PP account? ;-))
Reply With Quote
  #4  
Old 22nd September 2007, 12:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,703 Times in 2,546 Posts
Default

Can you comment out these two lines and restart ProFTPd?

Code:
AuthPAMConfig			proftpd
AuthOrder			mod_auth_pam.c* mod_auth_unix.c
Does it work then?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
Aldert (23rd September 2007)
  #5  
Old 22nd September 2007, 17:24
Aldert Aldert is offline
Junior Member
 
Join Date: Jul 2007
Posts: 20
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Hi Falko,
Thanks for your time, it works better now:
Code:
Sep 22 15:05:34 aerotronicvds proftpd: proftpd shutdown succeeded
Sep 22 15:05:35 aerotronicvds proftpd:  - setting default address to 127.0.0.1
Sep 22 15:05:35 aerotronicvds proftpd[24024]: localhost.localdomain - error setting IPV6_V6ONLY: Protocol not available 
Sep 22 15:05:35 aerotronicvds proftpd[24024]: localhost.localdomain - ProFTPD 1.3.0 (stable) (built Wed Sep 13 17:13:34 EDT 2006) standalone mode STARTUP 
Sep 22 15:05:35 aerotronicvds proftpd: proftpd startup succeeded
Sep 22 15:06:03 aerotronicvds proftpd[24033]: localhost.localdomain (::ffff:82.92.***.***[::ffff:82.92.***.***]) - FTP session opened. 
Sep 22 15:06:03 aerotronicvds ftp(pam_unix)[24033]: session opened for user ***user*** by (uid=0)
Sep 22 15:06:03 aerotronicvds ftp(pam_unix)[24033]: session closed for user ***user***
But other options of different topics dont work (using web2_username does not work, passive mode does not work, firewall port 21 is open, proftpd is listening right, also web-ftp of ispconfig does not work)
Code:
Sep 22 15:24:59 aerotronicvds proftpd[24634]: localhost.localdomain (::ffff:82.92.***.***[::ffff:82.92.***.***]) - FTP session opened. 
Sep 22 15:24:59 aerotronicvds proftpd[24634]: localhost.localdomain (::ffff:82.92.***.***[::ffff:82.92.***.***]) - no such user 'web2_***user***' 
Sep 22 15:25:04 aerotronicvds proftpd[24637]: localhost.localdomain (::ffff:82.92.***.***[::ffff:82.92.***.***]) - FTP session opened. 
Sep 22 15:25:04 aerotronicvds proftpd[24637]: localhost.localdomain (::ffff:82.92.***.***[::ffff:82.92.***.***]) - no such user 'web2_***user***' 
Sep 22 15:30:01 aerotronicvds proftpd[24905]: localhost.localdomain (::ffff:127.0.0.1[::ffff:127.0.0.1]) - FTP session opened. 
Sep 22 15:30:01 aerotronicvds proftpd[24905]: localhost.localdomain (::ffff:127.0.0.1[::ffff:127.0.0.1]) - FTP session closed.
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:ftp *:* LISTEN 24024/proftpd: (acc
There is also a problem with a double userId for that user (id ***user*** gives dkfilter), but another user that has a unique id cant login also. Also:
Code:
-bash-3.00# proftpd -t
Checking syntax of configuration file
 - setting default address to 127.0.0.1
Syntax check complete.
I have no idea anymore
Reply With Quote
  #6  
Old 23rd September 2007, 19:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,703 Times in 2,546 Posts
Default

Can you check that your user is existing in /etc/passwd, and that there are only unique user IDs in /etc/passwd?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 23rd September 2007, 19:32
Aldert Aldert is offline
Junior Member
 
Join Date: Jul 2007
Posts: 20
Thanks: 1
Thanked 0 Times in 0 Posts
 
Cool

It appeared that the user was accidentally in ftpusers, so that it's conn. was refused ;-) Afterwards I was having problems with 'directory listing', but that could be solved with passive connection.

Thanks for your time!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
proftpd anonymous login gabrix Server Operation 10 14th November 2006 14:54
proftpd virtual host not working DaddyFix Installation/Configuration 6 19th April 2006 19:59
Im thinking about throwing proftpd to the trashcan danf.1979 Installation/Configuration 2 23rd December 2005 09:27
Proftpd authentication ProTrooper Installation/Configuration 6 2nd September 2005 20:11
ProFTPD Logins and Authentication pete General 9 14th August 2005 23:24


All times are GMT +2. The time now is 09:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.