LFTP can't connect to Proftpd server (hangs)
I'm using ProFTPd as my FTP server on a CentOS 5 box. Since updating to version 1.3.3c, I seem to have very specific problems. Connections work quite fine with about any FTP client out there, including the basic ftp command from the Linux prompt. However, when trying to connect to that server with LFTP, things go wrong.
When connecting, all I get is [Connecting] then [Logging in...] and then nothing. I have to add that SSL is forced off in lftp.conf (I read it could be the problem). I sometimes get a counter for reconnection, but it never works. The command I use in lftp is : open -u <user>,<pass> <server_ip>, the ls for lftp to establish the connection. I don't see anything at all in the server's log. I just see "FTP session opened" and "FTP session closed" in /var/log/messages" and nothing in /var/log/secure. I can give you a strace if needed. Please keep in mind that the server WORKS with anything but LFTP and NCFTP (which I also tried). This is driving me crazy. Please help ! Here's my LFTP config (comments stripped) : Code:
alias dir ls Code:
|
Quote:
Quote:
Also my version of 'lftp' was compiled without ftps:// support. Check yours? Quote:
Did you try TraceLog? * BTW temporarily adding iptables "-j LOG" rules could show if the client hits port TCP/990 (FTPS) and not TCP/21. Quote:
//NTLB |
Quote:
Reinstalled just in case. Quote:
Here are the compile options for LFTP (it's on a Gentoo box) : net-ftp/lftp-4.0.10 USE="nls ssl -gnutls -socks5" I just added gnutls to the compile options and recompiled (libtasn1 and gnutls were added as dependencies) but it did not change anything. Quote:
There's no trace of the transaction in /var/log/secure or in /var/log/xferlog, though. Enabling a full tracelog showed absolutely no trace of the transaction either. And I'm not good enough with iptables to understand what -j LOG will do and how I use it. Quote:
I'd be happy to try something else... |
Quote:
Let's see if debugging helps. Run 'lftp -d -p portnumber -u username hostname' where port is number 21 for regularly weak FTP and 990 once you enabled SSL on the server. If that doesn't display enough debugging information create a ~/.lftprc file with only these contents: Code:
set cmd:trace yes |
Code:
# lftp -d -p 21 -u ***username*** **x.x.x.x** Code:
`ls' at 0 [Logging in...] Code:
Interrupt |
Only thing I can conclude from this is it indeed dislikes something about the password however I doubt if that's a lftp thing. If you try the same again, if that's not too much trouble, but in another window do something like 'echo Trace DEFAULT:10 >> /etc/proftpd.conf; touch /var/log/proftpd/trace.log; service proftpd restart; tail -f /var/log/proftpd/auth.log /var/log/proftpd/access.log /var/log/proftpd/ban.log /var/log/proftpd/tls.log /var/log/xferlog /var/log/secure /var/log/proftpd/trace.log' we would have a view of both the client and server side.
* And please clean up the host names in your existing and future posts. No need for anyone to come moseying over. |
On the client, output is unchanged.
Server-side, errr.. ouch! it's long! Having stripped what was not relevant (i.e. other connections, because this is a production server with lots of websites on it) I see this : 1. Error with one of the commands : Code:
# echo Trace DEFAULT:10 >> /etc/proftpd.conf; touch /var/log/proftpd/trace.log; service proftpd restart; tail -f /var/log/proftpd/auth.log /var/log/proftpd/access.log /var/log/proftpd/ban.log /var/log/proftpd/tls.log /var/log/xferlog /var/log/secure /var/log/proftpd/trace.log Code:
Dec 15 11:43:31 **Server_name** proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: No file or folder with that type Two more things : 1. I tried the same client with the same options on another server (running Pure-FTPd on Debian Lenny) and it works fine. Another proof that the issue is on the server, not the client. 2. We're now officially seraching for the glory of science, because this specific server will be turned off by the end of the month. I nevertheless (maybe because I'm proud, or because I've got other servers with the same setup) would like to figure out WHY the damn thing is acting so strangely. Cheers. |
Quote:
Quote:
Quote:
- apparently works for other users, # not a TCP/20-21 problem - works for this user except the password gets rejected, # due to PAM errors? What's different about this user in comparison with others? What's the difference between 1.3.3c and the previous version? What does your /etc/pam.d/proftpd look like anyway? Comment out any "auth required pam_env.so" lines in your /etc/pam.d/proftpd (or comment out includes if they use it)? Maybe try again with PAM auth completely disabled?: Code:
<IfModule mod_auth_pam.c> |
No time to try all this right away (will try later this week) but there's one thing incorrect in your recap. Logging in *with the same user* but using a different FTP client (for instance the regular FTP command) does work. So it's not a user-related issue, more of a client-server relationship problem. Oh, and the problem is the same with ncftpget. And finally, I'm really sorry but I don't have a server farm, so I'm unable to replicate this config on another server (I might setup a VM to do so, but once again, I don't have enough time right now). I'll keep you posted with my other tries. Thanks for helping, anyway! :)
|
Quote:
|
Well, well... I did different things, including setting up a VM with exact same config (ie CentOS 5.5 with ProFTPd) and still get the exact same result, not knowing why this happens. I thought it might be a firewall issue (iptables is active on the machine, in both cases) but disabling iptables does not change anything, and disabling SELinux (also active bu default) does not change anything either.
I gave up. Sorry for the community, but the server has been disabled and I'm now using a Debian machine with PureFTPd and things work smoothly with LFTP so I have no urgent need to solve that problem. Sorry not to be more resilient, but hey, that's life ;-) Thank you unSpawn for your help, anyway! |
All times are GMT -5. The time now is 11:52 PM. |