Navigation

Median · #1 22nd January 2006, 16:02

Hi - me again

When I try and log in to the web-ftp area I get an error saying

Quote:

Could not connect as user web1_username

I can log in to ftp fine using CuteFTP and everything works just the way it should.

Any suggestions please?

Thanks in advance

till · #2 22nd January 2006, 17:01

Maybe your ftp server is not listening on localhost (127.0.0.1). Please post the output of:

netstat -tap | grep ftp

Median · #3 22nd January 2006, 17:12

Quote:

Originally Posted by till

Maybe your ftp server is not listening on localhost (127.0.0.1). Please post the output of:

netstat -tap | grep ftp

Output was:

Quote:

[root@median root]# netstat -tap | grep ftp
tcp 0 0 *:ftp *:* LISTEN 3524/xinetd
[root@median root]#

till · #4 22nd January 2006, 18:30

This looks fine so far. You are sure you used the same password then in cureftp (sorry for asking

, but i want to be sure)?

Did you get any error in your syslog or ftp or xfer log?

Median · #5 22nd January 2006, 20:14

Thanks for yet helping again Till

Quote:

Originally Posted by till

This looks fine so far. You are sure you used the same password then in cureftp (sorry for asking

, but i want to be sure)?

--->Yes - double and triple checked this. I even changed the password to be certain that I had the right one.

Quote:

Originally Posted by till

Did you get any error in your syslog or ftp or xfer log?

--->Nothing of interest in xfer log, but I noticed these:

/var/log/messages shows the following:

Quote:

Jan 22 14:29:28 median proftpd[25675]: xxx.xxx.xxx.xxx (myhostname[xxx.xxx.xxx.xxx]) - FTP session opened.
Jan 22 14:29:29 median proftpd: PAM-listfile: Couldn't open /etc/ftpusers
Jan 22 14:29:29 median PAM_pwdb[25675]: (ftp) session opened for user web1_webuser by (uid=0)
Jan 22 14:30:01 median proftpd[25675]: xxx.xxx.xxx.xxx (myhostname[xxx.xxx.xxx.xxx]) - FTP session closed.
Jan 22 14:30:03 median proftpd[25836]: host.domain.net(host.domain.net[127.0.0.1]) - FTP session opened.
Jan 22 14:30:03 median proftpd[25836]: host.domain.net(host.domain.net[127.0.0.1]) - FTP session closed.

/var/log/secure shows this:

Quote:

Jan 22 14:49:08 median sshd[8182]: subsystem request for sftp
Jan 22 14:58:55 median xinetd[3524]: START: ftp pid=11351 from=127.0.0.1
Jan 22 14:58:56 median proftpd[11351]: host.domain.net(host.domain.net[127.0.0.1]) - USER web1_webuser (Login failed): Limit access denies login
Jan 22 14:58:56 median xinetd[3524]: EXIT: ftp pid=11351 duration=1(sec)
Jan 22 14:58:56 median xinetd[3524]: START: ftp pid=11392 from=127.0.0.1
Jan 22 14:58:56 median proftpd[11392]: host.domain.net(host.domain.net[127.0.0.1]) - USER web1_webuser (Login failed): Limit access denies login

Does this help at all?

falko · #6 22nd January 2006, 22:29

Maybe this thread helps you: http://www.howtoforge.com/forums/showthread.php?t=1984

Can you post your /etc/proftpd.conf here?

Median · #7 22nd January 2006, 23:03

Thanks Falko

Quote:

Originally Posted by falko

Maybe this thread helps you: http://www.howtoforge.com/forums/showthread.php?t=1984

Can you post your /etc/proftpd.conf here?

--->

Code:

# This is a basic ProFTPD configuration file (rename it to 
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName			"ProFTPD Default Installation"
ServerType			inetd
DefaultServer			on

# Port 21 is the standard FTP port.
Port				21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask				022

# Disable IdentLookups by default
IdentLookups			off

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances			30

# Set the user and group that the server normally runs at.
User				nobody
Group				nobody

# Normally, we want files to be overwriteable.
<Directory /*>
  AllowOverwrite		on
  AllowStoreRestart             on
  AllowRetrieveRestart          on
</Directory>

# Needed for NIS.
PersistentPasswd off

# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
#  User				ftp
#  Group				ftp
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias			anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients			10
#  RequireValidShell 		off
#  AnonRequirePassword		off
#
#  # We want 'welcome.msg' displayed at login, and '.message' displayed
#  # in each newly chdired directory.
#  DisplayLogin			welcome.msg
#  DisplayFirstChdir		.message
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE>
#    DenyAll
#  </Limit>
#
# </Anonymous>

# Default root can be used to put users in a chroot environment.
# As an example if you have a user foo and you want to put foo in /home/foo
# chroot environment you would do this:
# 
# DefaultRoot /home/foo foo

# By default webadmin access to /var/www


<Limit LOGIN>
AllowGroup      ftpusers
DenyAll
</Limit>

DefaultRoot ~

Include /etc/proftpd_ispconfig.conf

falko · #8 22nd January 2006, 23:33

Please change this:

Code:

<Limit LOGIN>
AllowGroup      ftpusers
DenyAll
</Limit>

to this:

Code:

#<Limit LOGIN>
#AllowGroup      ftpusers
#DenyAll
#</Limit>

and restart xinetd:

Code:

/etc/init.d/xinetd restart

Median · #9 23rd January 2006, 12:10

Ok - tried that. Now I no longer get the error. I can (apparently) login successfully but I end up with a blank screen apart from the buttons at the top (File Upload, New Folder, FTP Logout). Clicking any of the buttons just results in the screen sitting there waiting to load the page.

I can still get in via CuteFTP by the way.

Quote:

Originally Posted by falko

Maybe this thread helps you: http://www.howtoforge.com/forums/showthread.php?t=1984

--->Followed that thread - I already have a etc/pam.d/ftp file as follows:

Code:

#%PAM-1.0
auth       required	/lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       required	/lib/security/pam_pwdb.so shadow nullok

# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
#
# If you enable this, it is recommended that you do *not* give the 'ftp'
# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
# add /bin/false to /etc/shells.
#auth       required	/lib/security/pam_shells.so

account    required	/lib/security/pam_pwdb.so
session    required	/lib/security/pam_pwdb.so

Should I change that at all?

Thanks

falko · #10 23rd January 2006, 17:55

Quote:

Originally Posted by Median

Ok - tried that. Now I no longer get the error. I can (apparently) login successfully but I end up with a blank screen apart from the buttons at the top (File Upload, New Folder, FTP Logout). Clicking any of the buttons just results in the screen sitting there waiting to load the page.

I can still get in via CuteFTP by the way.

This means you can log in with a normal FTP client, but not with Web-FTP?
Anything in the log files?
Please post the output of

Code: