FTP Access

Discussion in 'Installation/Configuration' started by ProTrooper, Aug 15, 2005.

  1. ProTrooper

    ProTrooper New Member

    I finally installed ISPConfig and started to play with it. I created a client and a web site with ftp access, but it will not let me log in. It prompts for a user and password and I tried everything.
     
  2. till

    till Super Moderator

    Have you checked the "FTP" checkbox for this site?

    And have a look at this thread, it may contain the solution:
    http://www.howtoforge.com/forums/showthread.php?t=196
     
  3. ProTrooper

    ProTrooper New Member

    I tried from a non-firewalled computer to a non-firewalled server both passively and actively. It returns "login incorrect." The FTP access check box is enabled. What is the default login/pass?
     
  4. falko

    falko Super Moderator

  5. ProTrooper

    ProTrooper New Member

    Yah, I read that, but it didn't really help. For some reason I can't find the log file (/var/log/proftpd.log) either. The proftpd service is started. If it would help, I can give you access to the server since it is a test server. Here are the listening services:
    Code:
    Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
    tcp        0      0 *:imaps                     *:*                         LISTEN      1911/xinetd
    tcp        0      0 *:32769                     *:*                         LISTEN      1645/rpc.statd
    tcp        0      0 *:pop3s                     *:*                         LISTEN      1911/xinetd
    tcp        0      0 *:mysql                     *:*                         LISTEN      2001/mysqld
    tcp        0      0 *:pop3                      *:*                         LISTEN      1911/xinetd
    tcp        0      0 *:imap                      *:*                         LISTEN      1911/xinetd
    tcp        0      0 *:sunrpc                    *:*                         LISTEN      1628/portmap
    tcp        0      0 *:81                        *:*                         LISTEN      2290/ispconfig_http
    tcp        0      0 *:ftp                       *:*                         LISTEN      2428/proftpd: (acce
    tcp        0      0 wsip-68-110-129-76.g:domain *:*                         LISTEN      2413/named
    tcp        0      0 Canada.oceanave.net:domain  *:*                         LISTEN      2413/named
    tcp        0      0 Canada.oceanave.net:rndc    *:*                         LISTEN      2413/named
    tcp        0      0 *:smtp                      *:*                         LISTEN      2394/master
    tcp        0      0 *:http                      *:*                         LISTEN      2322/httpd
    tcp        0      0 *:ssh                       *:*                         LISTEN      1903/sshd
    tcp        0      0 ::1:rndc                    *:*                         LISTEN      2413/named
    tcp        0   2276 wsip-68-110-129-76.ga.a:ssh adsl-220-146-77.gnv.b:50030 ESTABLISHED 5566/0
    
    There is nothing after "(acce"
     
  6. ProTrooper

    ProTrooper New Member

    I can log into the stats page with my test user account. Should I be able to log in to the ftp with that account?
     
  7. falko

    falko Super Moderator

    Yes, that's right.
     
  8. ProTrooper

    ProTrooper New Member

    Yah okay that's what I thought. But no... it doesn't work. :(
     
  9. ProTrooper

    ProTrooper New Member

    I tried to connect using an FTP client so I can see all the handshakin' and it returns "login incorrect." Is this an ambiguous error or is the login wrong?
     
  10. falko

    falko Super Moderator

    Can you post your /etc/proftpd.conf here?
     
  11. ProTrooper

    ProTrooper New Member

    Okay, here it is. I didn't manually change anything.
    Code:
    # This is the ProFTPD configuration file
    # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
    
    ServerName                      "ProFTPD server"
    ServerIdent                     on "FTP Server ready."
    ServerAdmin                     root@localhost
    ServerType                      standalone
    #ServerType                     inetd
    DefaultServer                   on
    AccessGrantMsg                  "User %u logged in."
    #DisplayConnect                 /etc/ftpissue
    #DisplayLogin                   /etc/ftpmotd
    #DisplayGoAway                  /etc/ftpgoaway
    DeferWelcome                    off
    
    # Use this to excude users from the chroot
    DefaultRoot                     ~ !adm
    
    # Use pam to authenticate (default) and be authoritative
    AuthPAMConfig                   proftpd
    AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
    
    # Do not perform ident nor DNS lookups (hangs when the port is filtered)
    IdentLookups                    off
    UseReverseDNS                   off
    
    # Port 21 is the standard FTP port.
    Port                            21
    
    # Umask 022 is a good standard umask to prevent new dirs and files
    # from being group and world writable.
    Umask                           022
    
    # Default to show dot files in directory listings
    ListOptions                     "-a"
    
    # See Configuration.html for these (here are the default values)
    #MultilineRFC2228               off
    #RootLogin                      off
    #LoginPasswordPrompt            on
    #MaxLoginAttempts               3
    #MaxClientsPerHost              none
    #AllowForeignAddress            off     # For FXP
    
    # Allow to resume not only the downloads but the uploads too
    AllowRetrieveRestart            on
    AllowStoreRestart               on
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances                    20
    
    # Set the user and group that the server normally runs at.
    User                            nobody
    Group                           nobody
    
    # This is where we want to put the pid file
    ScoreboardFile                  /var/run/proftpd.score
    
    # Normally, we want users to do a few things.
    <Global>
      AllowOverwrite                yes
      <Limit ALL SITE_CHMOD>
        AllowAll
      </Limit>
    </Global>
    
    # Define the log formats
    LogFormat                       default "%h %l %u %t \"%r\" %s %b"
    LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"
    
    # TLS
    # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
    #TLSEngine                      on
    #TLSRequired                    on
    #TLSRSACertificateFile          /usr/share/ssl/certs/proftpd.pem
    #TLSRSACertificateKeyFile       /usr/share/ssl/certs/proftpd.pem
    #TLSCipherSuite                 ALL:!ADH:!DES
    #TLSOptions                     NoCertRequest
    #TLSVerifyClient                off
    ##TLSRenegotiate                ctrl 3600 data 512000 required off timeout 300
    #TLSLog                         /var/log/proftpd/tls.log
    
    # A basic anonymous configuration, with an upload directory.
    #<Anonymous ~ftp>
    #  User                         ftp
    #  Group                                ftp
    #  AccessGrantMsg               "Anonymous login ok, restrictions apply."
    #
    #  # We want clients to be able to login with "anonymous" as well as "ftp"
    #  UserAlias                    anonymous ftp
    #
    #  # Limit the maximum number of anonymous logins
    #  MaxClients                   10 "Sorry, max %m users -- try again later"
    #
    #  # Put the user into /pub right after login
    #  #DefaultChdir                        /pub
    #
    #  # We want 'welcome.msg' displayed at login, '.message' displayed in
    #  # each newly chdired directory and tell users to read README* files.
    #  DisplayLogin                 /welcome.msg
    #  DisplayFirstChdir            .message
    #  DisplayReadme                        README*
    #
    #  # Some more cosmetic and not vital stuff
    #  DirFakeUser                  on ftp
    #  DirFakeGroup                 on ftp
    #
    #  # Limit WRITE everywhere in the anonymous chroot
    #  <Limit WRITE SITE_CHMOD>
    #    DenyAll
    #  </Limit>
    #
    #  # An upload directory that allows storing files but not retrieving
    #  # or creating directories.
    #  <Directory uploads/*>
    #    AllowOverwrite             no
    #    <Limit READ>
    #      DenyAll
    #    </Limit>
    #
    #    <Limit STOR>
    #      AllowAll
    #      AllowAll
    #    </Limit>
    #  </Directory>
    #
    #  # Don't write anonymous accesses to the system wtmp file (good idea!)
    #  WtmpLog                      off
    #
    #  # Logging for the anonymous transfers
    #  ExtendedLog          /var/log/proftpd/access.log WRITE,READ default
    #  ExtendedLog          /var/log/proftpd/auth.log AUTH auth
    #
    #</Anonymous>
    
    
    DefaultRoot ~
    
    Include /etc/proftpd_ispconfig.conf
    
    And in case you want to see /etc/proftpd_ispconfig.conf
    Code:
    ###################################
    #
    # ISPConfig proftpd Configuration File
    #         Version 1.0
    #
    ###################################
    <VirtualHost 68.110.129.76>
            DefaultRoot             ~
            AllowOverwrite          on
            Umask                   002
    </VirtualHost>
    
    Hope this helps!
     
  12. falko

    falko Super Moderator

    Looks good.
    Can you also post /etc/pam.d/ftp here?
     
  13. ProTrooper

    ProTrooper New Member

    Okay hmmm... no /etc/pam.d/ftp but there is a /etc/pam.d/proftpd. Here is what it has:
    Code:
    #%PAM-1.0
    auth       required     pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
    auth       required     pam_stack.so service=system-auth
    auth       required     pam_shells.so
    account    required     pam_stack.so service=system-auth
    session    required     pam_stack.so service=system-auth
    
     
  14. falko

    falko Super Moderator

    Can you create /etc/pam.d/ftp and put this into it?

    Code:
    #%PAM-1.0
    auth    required        pam_unix.so     nullok
    account required        pam_unix.so
    session required        pam_unix.so
    Then restart proftpd:
    Code:
    /etc/init.d/proftpd restart
     
  15. ProTrooper

    ProTrooper New Member

    What.... it worked! Thanks falko. Any ideas what could have happened?
     
  16. falko

    falko Super Moderator

  17. ProTrooper

    ProTrooper New Member

    Oh man... I didn't see page 2... and it was right there. :eek: Sorry about that falko, I really did read it.
     
  18. falko

    falko Super Moderator

    No problem at all! :)
     

Share This Page