pure-ftpd user login - how does it work?

Discussion in 'Installation/Configuration' started by Xenocide, Sep 24, 2010.

  1. Xenocide

    Xenocide Member

    Hi Guys,

    I'm still struggling with my setup here.

    My setup is 2 servers with the panel on the db server.

    My web server is setup with pure-ftpd, I can create a user in the panel but get the error when trying to connect:

    Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response:	220-You are user number 1 of 50 allowed.
    Response:	220-Local time is now 11:06. Server port: 21.
    Response:	220-This is a private system - No anonymous login
    Response:	220 You will be disconnected after 15 minutes of inactivity.
    Command:	USER xxx
    Response:	331 User xxx OK. Password required
    Command:	PASS ***
    Response:	530 Login authentication failed
    Error:	Critical error
    Error:	Could not connect to server
    So I looked in the /etc/pure-ftpd/pure-ftpd-mysql.conf and it was pointing at the local MySQL DB (ispconfig master DB is on the other server) so I changed that, I can see the user in the ftp_user table, When I run the query defined in the conf file to get the uid "web3" which doesn't seem to exist in either server's /etc/passwd file - or am I missing something here?

    Is my logic correct in the assumption of how FTP user mapping works?

    Anyone got any ideas of what's going wrong anywhere?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    In a ISPConfig 3 setup, every server needs a local mysql server for the dbispconfig database as ispconfig requires this to sync settings in a multiserver install. A external mysql server can be used for client databases but not for the ispconfig db itself, thats why yiou have to enter "localhost" as mysql server when you install ispconfig.

    If you accidently used a extrenal mailserver, then I recommend that you reinstall ispconfig so that the ispconfig database is installed on the local server.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

  4. Xenocide

    Xenocide Member

    Hi, that's the one I followed (I run rhel5 though).

    My web server does have a local db, when it's pointing at that the same error occurs!
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    1) Make sure that the db server for pure-ftpd is changed back to localhost.
    2) Check the ispconfig database on localhost on the webserver if it contains the record for the FTP user.
    3) Check the ispconfig.log file on the webserver if it contains errors.
    4) Check the monitor on the master server for errors.
  6. Xenocide

    Xenocide Member

    Hi thanks for your reply. I've put all the conf files back to how they were.

    On the front end server I changed the password for the ftp user thus:

    UPDATE `ftp_user` SET `password` = md5('fef');
    and changed /etc/pure-ftpd/pureftpd-mysql.conf to use md5 encryption instead of crypt - it still didn't connect :(.

    I then ran
    SELECT `password` FROM `ftp_user`;
    and got the md5 sum of the password i'd just set. I then put the config file back to crypt and changed the ftp user's password through the ispconfig panel and reran that query (^) - I got the same result so ispconfig isn't updating the local database.

    I'm thinking maybe i've cocked up a config step somewhere, any ideas where? ispconfig was installed with localhost as the database server. :/

    [Edit: Oh yeah, I forgot to mention, the log file is just filled up with this:]

    [[email protected] pure-ftpd]# tail -f /var/log/ispconfig/ispconfig.log
    27.09.2010-10:39 - ERROR - Modules directory missing: /usr/local/ispconfig/server/mods-enabled/
    27.09.2010-10:39 - ERROR - Plugin directory missing: /usr/local/ispconfig/server/plugins-enabled/
    27.09.2010-10:40 - ERROR - Modules directory missing: /usr/local/ispconfig/server/mods-core/
    27.09.2010-10:40 - ERROR - Plugin directory missing: /usr/local/ispconfig/server/plugins-core/
    27.09.2010-10:41 - ERROR - Modules directory missing: /usr/local/ispconfig/server/mods-core/
    27.09.2010-10:41 - ERROR - Plugin directory missing: /usr/local/ispconfig/server/plugins-core/
    27.09.2010-10:42 - ERROR - Modules directory missing: /usr/local/ispconfig/server/mods-core/
    27.09.2010-10:42 - ERROR - Plugin directory missing: /usr/local/ispconfig/server/plugins-core/
    27.09.2010-10:43 - ERROR - Modules directory missing: /usr/local/ispconfig/server/mods-core/
    27.09.2010-10:43 - ERROR - Plugin directory missing: /usr/local/ispconfig/server/plugins-core/
    Just to confirm, this is my /usr/local/ispconfig/interface/lib/config.inc.php file:

    //** Database
    $conf["db_type"] = 'mysql';
    $conf["db_host"] = 'localhost';
    $conf["db_database"] = 'dbispconfig';
    $conf["db_user"] = 'ispconfig';
    $conf["db_password"] = xxx
    $conf["db_charset"] = 'utf8'; // same charset as html-charset - (HTML --> MYSQL: "utf-8" --> "utf8", "iso-8859-1" --> "latin1")
    //** Database settings for the master DB. This setting is only used in multiserver setups
    $conf["dbmaster_type"]                  = 'mysql';
    $conf["dbmaster_host"]                  = xxx (the database server)
    $conf["dbmaster_database"]              = 'dbispconfig';
    $conf["dbmaster_user"]                  = 'ispcsrv2';
    $conf["dbmaster_password"]              = xx
    Last edited: Sep 27, 2010
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Most likely there is a problem with the hosts and access scheme for mysql.

    1) Ensure that you edited the hosts files in all servers of this cluster as the tutorial describes.
    2) Ensure that you are able to access the master mysql database from all other hosts by using the hostname of the master.
    3) Ensure that you used "localhost" for the local mysql database and the hostname of the master database when the installer asked you for the master database hostname.

    If you used anywhere a IP address when setting up the mysql connections instead of the hostname or when one of the hostnames is not set in the /etc/hosts file in one of the nodes, the setup will fail.
  8. Xenocide

    Xenocide Member

    Thankyou for your reply - you're being fantastic!! <3

    I'm just checking the config files for everything I can think of. The master server's config.inc.php file says this:

    //** Database settings for the master DB. This setting is only used in multiserver setups
    $conf["dbmaster_type"]                  = 'mysql';
    $conf["dbmaster_host"]                  = '';
    $conf["dbmaster_database"]              = 'dbispconfig';
    $conf["dbmaster_user"]                  = '';
    $conf["dbmaster_password"]              = xxx
    That can't be right... can it? (host is blank).

    I can connect to the master db using the credentials in the config.inc.php file from mysql-cli on the remote server (that's a mouthful).
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    That setting is correct. The master does not have to connect to the master as it is the master. This has to be empty, if not, the master would become a slave and will fail to run as there is no master then anymore in the setup.

    You have to check that on the slaves, not on the master.
  10. Xenocide

    Xenocide Member

    --- ignore this - I found the debug log file setting ---

    Right so I can see the settings are replicating properly now. Still can't connect to FTP with that user though. Just to confirm pureftpd-mysql.conf says localhost on the web server.

    So back to my original question - :)

    How does the ftp service facilitate different users? I can see it get the uid values from the db - what does it do with these? There's no entry in /etc/passwd, I guess it's creating a unix user and connecting as this but maybe not... :)
    Last edited: Sep 27, 2010
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    The slave runs a cronjob once a minute, it connects to the master with the master database settings from the config.inc.php file and checks if there are any updates. If it finds updates, it copies the changes to the local database.

    To debug this, enable debugging for the slave server in ispconfig on the master server under system > server config for this slave server. Then run:

    crontab -e

    on the slave and add a # in front of the server.sh cronjob to disable it temporarily. Then run:


    on the slave as root user and you will get a detailed output of all actions that were taken on the shell. Dont forget to activate the cronjob later again.
  12. Xenocide

    Xenocide Member

    I don't know if it's worth mentioning the boxes are virtual machines on ESX server. Does that make a difference? Don't see why it should but grasping at straws here :)
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    I dont think that this makes a difference, as long as esx does not try to block mysql network traffic.

    The most likely reason for your problem is that you used centos or rhel and not debian. The centos standard packages are not well suited for sql based installs like a ispconfig 3 server, they lack compiled in mysql support. Thats why you either have to compile packages manually or use almost all packages from external repositories as described in the perfect server guide. But using so many external sources causes dependency problems on updates and as result, you get a instable system. I can only recommend to everyone who needs a stable system with ispconfig 3 to use debian or ubuntu as these distributions have packages with compiled in mysql support in their default repositories.
  14. Xenocide

    Xenocide Member


    Well i've carried on my quest and turned on mysql query logging. When a user logs in you can see this:

    100927 17:27:50      78 Connect     [email protected] on dbispconfig
                         78 Query       set autocommit=0
                         78 Query       SELECT password FROM ftp_user WHERE active = 'y' AND server_id = '3' AND username="xxx"
                         78 Query       SELECT uid FROM ftp_user WHERE active = 'y' AND server_id = '3' AND username="xxx"
                         78 Query       SELECT gid FROM ftp_user WHERE active = 'y' AND server_id = '3' AND username="xxx"
                         78 Query       SELECT dir FROM ftp_user WHERE active = 'y' AND server_id = '3' AND username="xxx"
                         78 Query       COMMIT
                         78 Quit
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    This shows that pure-ftpd sends a query to mysql, but it does not say if the database connection from ispconfig worked. Please do the debug steps that I suggested to you.
  16. Xenocide

    Xenocide Member

    Hi, sorry, I can see that master -> slave replication is working properly - thankyou :).

    If there are no users in the ftp_user table; pureftpd only runs one query, gets 0 rows then shows invalid username message. If there are entries in the table and they match the credentials given to the client, it will run more than one query.

    When i login to mysql as the same user that pureftpd has to run, and run the same queries it runs, i get a row returned. I get the username, the password, the uid, the directory so it can get the info, it just fails after that which is why I think it's a user-mapping issue. Should it create a new local unix user? Because it doesn't :(.

    I might setup a standalone box on ubuntu today and see what the differences are :).

    Someone with working proftpd; can you see one of your ftp accounts and see what the uid field contains then run

    cat /etc/passwd
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    proftpd is not supported by ispconfig. ispconfig supports only pure-ftpd.

    does the web[ID] user and client[ID] group exists in /etc/passwd and /etc/group file?
  18. Xenocide

    Xenocide Member

    Sorry, I mean't pureftpd. Didn't get much sleep last night!

    No no users are created in either file, last 2 lines of each:

    Where's the code that should create the user as part of ajob?
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    The users are created when the website gets added, not when the ftp user get added as they belong to the website. So there must went something wrong when you created the website. Enable debugging in ispconfig as i described above, then modify a setting in the website were the ftp user belongs to and check the debug output for errors.

    Also make sure that you have selinux disabled.
  20. Xenocide

    Xenocide Member

    Ahh that's a point, i'd not considered website rather than FTP. I'll take a look. Thankyou Till!

Share This Page