#11  
Old 4th March 2008, 14:26
jupiter2005ster jupiter2005ster is offline
Junior Member
 
Join Date: Mar 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy :(

Hello!
I'm Hungarian and I learning english now so please you forgive language mistakes.
I everything do it than you wrote in topic: http://www.howtoforge.com/proftpd-tls-debian-etch only but I use gproftpd.
I configure proftpd.conf with gproftpd thus:
ServerType standalone
DefaultServer on
Umask 022
ServerName "0.0.0.0"
ServerIdent on "My FTPD"
ServerAdmin Admin@this.domain.topdomain
IdentLookups off
UseReverseDNS off
Port 21
PassivePorts 49152 65534
#MasqueradeAddress None
TimesGMT off
MaxInstances 30
MaxLoginAttempts 3
TimeoutLogin 300
TimeoutNoTransfer 120
TimeoutIdle 120
DisplayLogin welcome.msg
DisplayFirstChdir .message
User nobody
Group nobody
DirFakeUser off nobody
DirFakeGroup off nobody
DefaultTransferMode binary
AllowForeignAddress on
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores off
TransferRate RETR 80000
TransferRate STOR 80000
TransferRate STOU 80000
TransferRate APPE 80000
SystemLog /var/log/secure
RequireValidShell off
#gp_random_username_length 6
#gp_random_password_length 6
#gp_randomize_case lower
#gp_useradd_homedir_path /var/ftp
#gp_useradd_upload_path /upload
#gp_html_path /var/www/html/ftp.htm
#gp_welcome_name welcome.msg
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient off
TLSRequired on
</IfModule>

and doesn't work sftp. In TC(totalcommander) and UltraFXP didn't open SSL contact. It wrote: 500 AUTH not understood
but the Debian,OpenSSL and Proftpd don't wirte error.
Reply With Quote
Sponsored Links
  #12  
Old 4th March 2008, 19:12
misterm misterm is offline
Senior Member
 
Join Date: Aug 2005
Posts: 584
Thanks: 25
Thanked 8 Times in 7 Posts
Question Find a solution, for this problem

Hello, me also, I have evil to express myself in English, but I had the same problem, I hope that falko is till, go find a solution, for this problem...



MM
__________________
ISPConfig, the panel fantastic , http://www.ispconfig.be/forums/
http://www.ispconfig.be/
Reply With Quote
  #13  
Old 5th March 2008, 16:24
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Quote:
Originally Posted by jupiter2005ster
and doesn't work sftp. In TC(totalcommander) and UltraFXP didn't open SSL contact. It wrote: 500 AUTH not understood
but the Debian,OpenSSL and Proftpd don't wirte error.
Any errors in your logs?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #14  
Old 8th March 2008, 14:16
jupiter2005ster jupiter2005ster is offline
Junior Member
 
Join Date: Mar 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

In logs are some problem with IPV6 because I didn't set off, but I haven't need IPV6 yet. I don't understand that why it haven't gone.
Do you it run Falco?
Reply With Quote
  #15  
Old 9th March 2008, 15:59
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Change UseIPv6 from on to off in your proftpd.conf and restart ProFTPd.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #16  
Old 9th March 2008, 17:28
jupiter2005ster jupiter2005ster is offline
Junior Member
 
Join Date: Mar 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks Falko, I did it, but unfortunately it does not solve the problem. It still hasn't understood AUTH SSL. Do you have any other idea?
Reply With Quote
  #17  
Old 10th March 2008, 05:28
daveb daveb is offline
Senior Member
 
Join Date: Dec 2006
Location: St Louis Mo
Posts: 272
Thanks: 43
Thanked 41 Times in 37 Posts
Default

Maybe this post can help p=47122&postcount=2
Reply With Quote
  #18  
Old 10th March 2008, 09:43
jupiter2005ster jupiter2005ster is offline
Junior Member
 
Join Date: Mar 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks, but it didn't help "AUTH not understood".
Reply With Quote
  #19  
Old 10th March 2008, 12:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Can you post your full proftpd.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #20  
Old 11th March 2008, 16:53
SupuS SupuS is offline
HowtoForge Supporter
 
Join Date: May 2006
Posts: 202
Thanks: 68
Thanked 14 Times in 12 Posts
 
Default

Hi Falco

I have same problem with my ispconfig on Ubuntu box. In my proftpd.conf is:

Code:
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6                         off

ServerName                      "Name of Server"
ServerType                      standalone
DeferWelcome                    off

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                     "-l"

DenyFilter                      \*.*/

# Use this to jail all users in their homes
DefaultRoot                     ~
IdentLookups off
ServerIdent on "FTP Server ready."

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell             off

# Port 21 is the standard FTP port.
Port                            21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                  49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress             1.2.3.4

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the user and group that the server normally runs at.
User                            proftpd
Group                           nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                           022  022
# Normally, we want files to be overwriteable.
AllowOverwrite                  on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd              off

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile                   off

# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
#<IfModule mod_sql.c>
# SQLBackend                    mysql
#</IfModule>

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

#<IfModule mod_tls.c>
#TLSEngine off
#</IfModule>

# TLS http://www.howtoforge.com/forums/showthread.php?t=7987&highlight=ssl
#<IfModule mod_tls.c>
# TLSEngine on
# TLSLog /var/log/proftpd/proftpd_tls.log
# TLSProtocol TLSv1
# TLSRequired off
# TLSVerifyClient off
# TLSRSACertificateFile /etc/ssl_proftp/host.cert
# TLSRSACertificateKeyFile /etc/ssl_proftp/host.key
#</IfModule>

<IfModule mod_tls.c>
TLSEngine                  on
TLSLog                     /var/log/proftpd/tls.log
TLSProtocol                SSLv23
TLSOptions                 NoCertRequest
TLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile   /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient            off
TLSRequired                on
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        on
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
#   User                                ftp
#   Group                               nogroup
#   # We want clients to be able to login with "anonymous" as well as "ftp"
#   UserAlias                   anonymous ftp
#   # Cosmetic changes, all files belongs to ftp user
#   DirFakeUser on ftp
#   DirFakeGroup on ftp
#
#   RequireValidShell           off
#
#   # Limit the maximum number of anonymous logins
#   MaxClients                  10
#
#   # We want 'welcome.msg' displayed at login, and '.message' displayed
#   # in each newly chdired directory.
#   DisplayLogin                        welcome.msg
#   DisplayFirstChdir           .message
#
#   # Limit WRITE everywhere in the anonymous chroot
#   <Directory *>
#     <Limit WRITE>
#       DenyAll
#     </Limit>
#   </Directory>
#
#   # Uncomment this if you're brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   #   Umask                           022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>
#
# </Anonymous>

Include /etc/proftpd_ispconfig.conf
mod_tls is listed in compiled in modules:

Code:
# ftpdctl lsmod
ftpdctl: Loaded Modules:
ftpdctl:   mod_core.c
ftpdctl:   mod_xfer.c
ftpdctl:   mod_auth_unix.c
ftpdctl:   mod_auth_file.c
ftpdctl:   mod_auth.c
ftpdctl:   mod_ls.c
ftpdctl:   mod_log.c
ftpdctl:   mod_site.c
ftpdctl:   mod_delay.c
ftpdctl:   mod_dso.c
ftpdctl:   mod_auth_pam.c
ftpdctl:   mod_readme.c
ftpdctl:   mod_cap.c
ftpdctl:   mod_ctrls.c
ftpdctl:   mod_ctrls_admin.c
ftpdctl:   mod_tls.c
ftpdctl:   mod_sql.c
ftpdctl:   mod_ldap.c
ftpdctl:   mod_sql_mysql.c
ftpdctl:   mod_sql_postgres.c
ftpdctl:   mod_quotatab.c
ftpdctl:   mod_quotatab_file.c
ftpdctl:   mod_quotatab_ldap.c
ftpdctl:   mod_quotatab_sql.c
ftpdctl:   mod_radius.c
ftpdctl:   mod_wrap.c
ftpdctl:   mod_rewrite.c
ftpdctl:   mod_ifsession.c
In /var/log/proftpd/tls.log is only:

Code:
Mar 11 15:42:40 mod_tls/2.1.1[22570]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Mar 11 15:43:37 mod_tls/2.1.1[22654]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Mar 11 15:44:40 mod_tls/2.1.1[22677]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Mar 11 15:45:37 mod_tls/2.1.1[22734]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
As you can see I tried two ways of configuration by your howto and howto by Tom - http://www.howtoforge.com/forums/sho...&highlight=ssl (commented lines with TLS mode enabled) but without success.

I have another server with Ubuntu and proftpd configured as described in Tom's howto without ispconfig and it goes fine.

thanks for any suggestions.

SupuS
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
configuring IPTABLES firewall adityavpratap HOWTO-Related Questions 9 27th May 2006 22:42
Frustrated with ISPConfig install! woozyerdaddee Installation/Configuration 4 19th May 2006 04:38
Installation Fails... :( cyberstorm Installation/Configuration 1 15th January 2006 19:07
Could not make OpenSSL yontengyatso Installation/Configuration 3 3rd November 2005 11:50
Install stop at uuwish, UUDeview SeaWolf Installation/Configuration 6 5th October 2005 00:53


All times are GMT +2. The time now is 17:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.