proftpd

[White]

ok i have tried to ftp to my server using filezilla and i get this

Status: Connecting to myserver.com ...
Status: Connected with myserver.com. Waiting for welcome message...
Response: 220 FTP Server (Version 1.0) ready.
Command: USER myusername
Response: 331 User name okay, need password.
Command: PASS **********
Response: 530 Not logged in.
Error: Unable to connect!

now i have tried this for every user on my system with the correct passwords and have set up new usernames to test this and still get this error.

So i followed falko's howto for mysql and virtual users with proftpd but i still get the same errors returned from my ftp client. I have trawled the forum but i cant seem to find the right answer, any ideas?

[falko]

Which distribution are you using?
Are there any errors in your logs?

[White]

Im using debian etch 4.0, now with proftpd

in the proftpd log i have

May 04 17:56:17 server1.example.com proftpd[3397]
server1.example.com (192.168.1.3[192.168.1.3]): FTP session closed.

i get the same log entry no matter which user i try and sign on with and all return the same log entry.

i tried telnet locahost 21 and this was instantly kicked out, im not sure if it should have been or not as i have never telnet'd 21 before.

[falko]

What's in /etc/proftpd.conf?

[White]

Contents of /etc/proftpd.conf below,

Code:

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6                         off

ServerName                      "Debian"
ServerType                      standalone
DeferWelcome                    off

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                     "-l"

DenyFilter                      \*.*/

# Port 21 is the standard FTP port.
Port                            21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                    49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the user and group that the server normally runs at.
User                            proftpd
Group                           nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                           022  022
# Normally, we want files to be overwriteable.
AllowOverwrite                  on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd              off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile                   off

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        on
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
#   User                                ftp
#   Group                               nogroup
#   # We want clients to be able to login with "anonymous" as well as "ftp"
#   UserAlias                   anonymous ftp
#   # Cosmetic changes, all files belongs to ftp user
#   DirFakeUser on ftp
#   DirFakeGroup on ftp
#
#   RequireValidShell           off
#
#   # Limit the maximum number of anonymous logins
#   MaxClients                  10
#
#   # We want 'welcome.msg' displayed at login, and '.message' displayed
#   # in each newly chdired directory.
#   DisplayLogin                        welcome.msg
#   DisplayFirstChdir           .message
#
#   # Limit WRITE everywhere in the anonymous chroot
#   <Directory *>
#     <Limit WRITE>
#       DenyAll
#     </Limit>
#   </Directory>
#
#   # Uncomment this if you're brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   #   Umask                           022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>
#
# </Anonymous>

DefaultRoot ~


# The passwords in MySQL are encrypted using CRYPT
SQLAuthTypes            Plaintext Crypt
SQLAuthenticate         users* groups*


# used to connect to the database
# databasename@host database_user user_password
SQLConnectInfo  ftp@localhost proftpd mypassword


# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo     ftpuser userid passwd uid gid homedir shell

# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo    ftpgroup groupname gid members

# set min UID and GID - otherwise these are 999 each
SQLMinID        500

# create a user's home directory on demand if it doesn't exist
SQLHomedirOnDemand on

# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u                                             '" ftpuser

# Update modified everytime user uploads or deletes a file
SQLLog  STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

# User quotas
# ===========
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type,                                              bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_av                                             ail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '                                             %{1}'"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out                                             _used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpq                                             uotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, b                                             ytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2},                                              files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, f                                             iles_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{                                             7}'" ftpquotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6                                             }, %{7}" ftpquotatallies

QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

RootLogin off
RequireValidShell off

[falko]

Are the users, passwords, etc. in this part correct?

Code:

# The passwords in MySQL are encrypted using CRYPT
SQLAuthTypes            Plaintext Crypt
SQLAuthenticate         users* groups*


# used to connect to the database
# databasename@host database_user user_password
SQLConnectInfo  ftp@localhost proftpd mypassword

# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo     ftpuser userid passwd uid gid homedir shell

# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo    ftpgroup groupname gid members

[White]

Yep the above is correct, i have checked it out in phpmyadmin i have only created 1 user in the database.

i have rebooted the server just to check, the user seems to be recognised but not the password, could this be an encryption difference?

the passwords are plain text in the database would this be an issue?

[falko]

Can you change

Code:

SQLAuthTypes            Plaintext Crypt

to

Code:

SQLAuthTypes            Plaintext

?

If that doesn't work, what's the output of

Code:

ls -l /etc/pam.d

?

[White]

Hope this helps Falko

Code:

server1:~# ls -l /etc/pam.d
total 100
-rw-r--r-- 1 root root  182 2006-01-03 07:15 atd
-rw-r--r-- 1 root root  384 2007-02-27 07:27 chfn
-rw-r--r-- 1 root root  581 2007-02-27 07:27 chsh
-rw-r--r-- 1 root root  392 2008-04-26 10:39 common-account
-rw-r--r-- 1 root root  436 2008-04-26 10:39 common-auth
-rw-r--r-- 1 root root 1097 2008-04-26 10:39 common-password
-rw-r--r-- 1 root root  372 2008-04-26 10:39 common-session
-rw-r--r-- 1 root root  289 2005-10-14 13:00 cron
-rw-r--r-- 1 root root   69 2008-03-23 04:28 cupsys
-rw-r--r-- 1 root root  101 2008-05-03 11:57 ftp
-rw-r--r-- 1 root root    0 2008-05-03 11:55 ftp~
-rw-r--r-- 1 root root  263 2006-12-15 08:16 gdm
-rw-r--r-- 1 root root  270 2006-12-16 11:24 gdm-autologin
-rw-r--r-- 1 root root   21 2006-11-24 20:43 gnome-screensaver
-rw-r--r-- 1 root root  148 2007-02-13 09:51 imap
-rw-r--r-- 1 root root 2843 2007-02-27 07:27 login
-rw-r--r-- 1 root root   38 2007-03-07 22:30 newrole
-rw-r--r-- 1 root root  520 2003-08-31 23:21 other
-rw-r--r-- 1 root root   92 2007-02-27 07:27 passwd
-rw-r--r-- 1 root root  148 2007-02-13 09:51 pop3
-rw-r--r-- 1 root root  370 2007-01-02 10:00 proftpd
-rw-r--r-- 1 root root   38 2007-03-07 22:30 run_init
-rw-r--r-- 1 root root  290 2008-04-26 14:28 smtp
-rw-r--r-- 1 root root    0 2008-04-26 14:27 smtp~
-rw-r--r-- 1 root root 1272 2007-03-05 16:36 ssh
-rw-r--r-- 1 root root 2305 2007-02-27 07:27 su
-rw-r--r-- 1 root root   56 2006-04-15 08:39 sudo
server1:~#

[falko]

What's in /etc/pam.d/proftpd and /etc/pam.d/ftp?