pureftpd-mysql Authentication failed for user

Discussion in 'Installation/Configuration' started by Captain, May 24, 2012.

  1. Captain

    Captain Member

    Hello Guys!

    I dont know what to do.
    I try to find answers in web, try many manipulations with config files and etc.
    But I can not connect to FTP.
    I have Perfect Install Ubunut 12.04 ISPConfig 3 final.

    In debug mode in pureftpd:
    Code:
    May 24 18:13:10 in pure-ftpd: (?@192.168.1.102) [INFO] New connection from 192.168.1.102
    May 24 18:13:10 in pure-ftpd: (?@192.168.1.102) [DEBUG] Command [user] [username]
    May 24 18:13:10 in pure-ftpd: (?@192.168.1.102) [DEBUG] Command [pass] [<*>]
    May 24 18:13:14 in pure-ftpd: (?@192.168.1.102) [WARNING] Authentication failed for user [username]
    May 24 18:13:14 in pure-ftpd: (?@192.168.1.102) [INFO] Logout.
    
    User is created in ISPConfig panel.
    Password in mysql.conf (pureftpd) is right.

    Try 127.0.0.1 change to localhost.
    Try encrypt methods.
    try to recreate ftp users.
    Try with TLS and without it. TLS accept is ok.
    Code:
    
    Status:	Connecting to 192.168.1.101:21...
    Status:	Connection established, waiting for welcome message...
    Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response:	220-You are user number 1 of 50 allowed.
    Response:	220-Local time is now 18:26. Server port: 21.
    Response:	220-This is a private system - No anonymous login
    Response:	220-IPv6 connections are also welcome on this server.
    Response:	220 You will be disconnected after 15 minutes of inactivity.
    Command:	AUTH TLS
    Response:	234 AUTH TLS OK.
    Status:	Initializing TLS...
    Status:	Verifying certificate...
    Command:	USER username
    Status:	TLS/SSL connection established.
    Response:	331 User username OK. Password required
    Command:	PASS ******
    Response:	530 Login authentication failed
    Error:	Critical error
    Error:	Could not connect to server
    
    
    Iptables:

    Code:
    root@in:~# iptables -L
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    fail2ban-dovecot-pop3imap  tcp  --  anywhere             anywhere             multiport dports pop3,pop3s,imap2,imaps
    fail2ban-pureftpd  tcp  --  anywhere             anywhere             multiport dports ftp
    fail2ban-sasl  tcp  --  anywhere             anywhere             multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
    fail2ban-courierauth  tcp  --  anywhere             anywhere             multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
    fail2ban-couriersmtp  tcp  --  anywhere             anywhere             multiport dports smtp,ssmtp
    fail2ban-postfix  tcp  --  anywhere             anywhere             multiport dports smtp,ssmtp
    fail2ban-apache-overflows  tcp  --  anywhere             anywhere             multiport dports http,https
    fail2ban-apache-noscript  tcp  --  anywhere             anywhere             multiport dports http,https
    fail2ban-ssh-ddos  tcp  --  anywhere             anywhere             multiport dports ssh
    fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
    DROP       tcp  --  anywhere             127.0.0.0/8
    ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
    ACCEPT     all  --  anywhere             anywhere
    DROP       all  --  base-address.mcast.net/4  anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
    DROP       all  --  anywhere             anywhere
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    
    Chain INT_IN (0 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain INT_OUT (0 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    
    Chain PAROLE (12 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    
    Chain PUB_IN (5 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
    ACCEPT     icmp --  anywhere             anywhere             icmp echo-reply
    ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
    ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
    PAROLE     tcp  --  anywhere             anywhere             tcp dpt:ftp
    PAROLE     tcp  --  anywhere             anywhere             tcp dpt:ssh
    PAROLE     tcp  --  anywhere             anywhere             tcp dpt:smtp
    PAROLE     tcp  --  anywhere             anywhere             tcp dpt:domain
    PAROLE     tcp  --  anywhere             anywhere             tcp dpt:http
    PAROLE     tcp  --  anywhere             anywhere             tcp dpt:pop3
    PAROLE     tcp  --  anywhere             anywhere             tcp dpt:imap2
    PAROLE     tcp  --  anywhere             anywhere             tcp dpt:https
    PAROLE     tcp  --  anywhere             anywhere             tcp dpt:imaps
    PAROLE     tcp  --  anywhere             anywhere             tcp dpt:mysql
    PAROLE     tcp  --  anywhere             anywhere             tcp dpt:http-alt
    PAROLE     tcp  --  anywhere             anywhere             tcp dpts:40110:40210
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:mysql
    DROP       icmp --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain PUB_OUT (5 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    
    Chain fail2ban-apache-noscript (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-apache-overflows (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-courierauth (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-couriersmtp (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-dovecot-pop3imap (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-postfix (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-pureftpd (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-sasl (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-ssh (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Chain fail2ban-ssh-ddos (1 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    
    Please help to solve this problem.
     
  2. till

    till Super Moderator

    And you are really sure that you usedthe correct username incl. the prefix as it is dosplayed in the ftp user list? If you use the username without the prefix, the login must fail.
     
  3. Captain

    Captain Member

    yes I use Username from ISPConfig panel - all name with prefix.
    I have change prefix to inf[CLIENTID].
    User name now is inf3ftp. (ftp is entered by hand, in ftp user creation menu)
    I check it in ISPCOnfig and in DB too.
     
  4. Captain

    Captain Member

    Connection to MySQL:

    Code:
    120524 19:57:46   109 Connect   ispconfig@localhost on dbispconfig
                      109 Query     set autocommit=0
                      109 Query     SELECT password FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="inf3ftp"
                      109 Query     SELECT uid FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="inf3ftp"
                      109 Query     SELECT gid FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="inf3ftp"
                      109 Query     SELECT dir FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="inf3ftp"
                      109 Query     COMMIT
                      109 Quit
    
    I have installed mod_security, and mod_evasive and configure some php disable_functions.
    PassivePortRange is on. In ISPConfig firewall too.
    /var is mounted as nodev, nosuid

    ISPConfig DNS is not configure at this moment.
    Now I have a fresh install.
    Add 2 virtual web sites.

    I dont know what esle to tell. And where can be a problem.

    Thnk you.
     
    Last edited: May 24, 2012
  5. till

    till Super Moderator

    If you disabled e.g. php exec functions in the php that is used for the ispconfig cronjob (php-cli on debian or ubuntu and php-cgi on other distributions), then ipconfig will fails to create websites correctly and this causes ftp to fail.
     
  6. Captain

    Captain Member

    SOLVED!
    My PHP disable_functions is too hard for ISConfig.

    Thank you for attention.
     
  7. till

    till Super Moderator

    You must differentiate between the php.ini files. Disabling exec in cli php.ini makes no sense as cli means shell script anyway. In the cgi and apache php.ini files you can disable exec functions as this affects only your websites and not the ispconfig server cronjob.
     
  8. Captain

    Captain Member

    For other users:

    Your PHP configuration and its support by ISPConfig you can check execute:

    /usr/local/ispconfig/server/server.sh

    If you see any PHP Warning, please check your php configurations.
     

Share This Page