LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-31-2007, 08:45 PM   #1
LWillmann
Member
 
Registered: Oct 2003
Location: Middle Tennessee
Distribution: CentOS
Posts: 31

Rep: Reputation: 15
Proftpd Login problems


I'm running a box with Fedora Core 5. I have Apache, Mysql, Postfix, Dovecot, sshd, and Proftpd installed.

Mail is working as it should be.

Mysql is working.

SSH is working.

Apache appears to be, but I can't really test it because I can't get FTP access to the box.

The box lives behind a Cisco firewall, and I am having the same access problem regardless of how I attempt to access it. I have tried from out side the firewall by domain name and by IP. I have tried from behind the firewall by domain name, public IP and private IP. And I have even logged into the box via SSH and attempted to connect to localhost.

The problem appears to be during authentication of users who connect to the server. I am certain that I have entered the correct password. I am using the same password that I use for checking my email, and for SSH access, and it works fine in those instances.

Here's a few samples of connection attempts:
Accessing via public IP from outside of firewall:
Quote:
Connected to xxx.xxx.xxx.xxx.
220 ProFTPD 1.3.0a Server (ProFTPD Default Installation) [::ffff:192.168.0.210]
User (xxx.xxx.xxx.xxxnone)): lee
331 Password required for lee.
Password:
530 Login incorrect.
Login failed.
ftp>
Accessing via domain name either inside or outside the firewall.
Quote:
Connected to xxxxxxxxxxxx.
220 ProFTPD 1.3.0a Server (ProFTPD Default Installation) [::ffff:192.168.0.210]
User (xxxxxxxxxxxxxnone)): lee
331 Password required for lee.
Password:
530 Login incorrect.
Login failed.
ftp>
Accessing via localhost while SSH'd to the box.
Quote:
Connected to mail.alphaequipmentcompany.com.
220 ProFTPD 1.3.0a Server (ProFTPD Default Installation) [::ffff:127.0.0.1]
500 AUTH not understood
500 AUTH not understood
KERBEROS_V4 rejected as an authentication type
Name (localhost:lee): lee
331 Password required for lee.
Password:
530 Login incorrect.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221 Goodbye.
Here's a sampling from the log file after several attempts to connect via FTP:
Quote:
May 31 03:40:55 mail proftpd: Deprecated pam_stack module called from service "proftpd"
May 31 03:40:55 mail proftpd: Deprecated pam_stack module called from service "proftpd"
May 31 03:40:55 mail proftpd: pam_unix(proftpd:session): session closed for user lee
May 31 03:40:55 mail proftpd[29493]: xxxxxxxxxx (::ffff:xxx.xxx.xxx.xxx[::ffff:xxx.xxx.xxx.xxx]) - FTP session closed.
May 31 10:44:48 mail proftpd: Deprecated pam_stack module called from service "proftpd"
May 31 10:44:48 mail last message repeated 2 times
May 31 10:44:48 mail proftpd: pam_unix(proftpd:session): session opened for user lee by (uid=0)
May 31 10:44:48 mail proftpd: Deprecated pam_stack module called from service "proftpd"
May 31 10:44:48 mail proftpd[15125]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - USER lee: Login successful.
May 31 10:44:48 mail proftpd[15125]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - notice: unable to use '~/' [resolved to '/home/lee/']: Permission denied
May 31 15:44:48 mail proftpd[15125]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - Preparing to chroot to directory '~/'
May 31 15:44:48 mail proftpd[15125]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - lee chroot("~/"): No such file or directory
May 31 15:44:48 mail proftpd[15125]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - error: unable to set default root directory
May 31 15:44:48 mail proftpd: Deprecated pam_stack module called from service "proftpd"
May 31 15:44:48 mail proftpd: Deprecated pam_stack module called from service "proftpd"
May 31 15:44:48 mail proftpd: pam_unix(proftpd:session): session closed for user lee
May 31 15:44:48 mail proftpd[15125]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - FTP session closed.
May 31 10:52:54 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - USER lee (Login failed): Incorrect password.
May 31 10:52:54 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - mod_delay/0.5: delaying for 3504159 usecs
May 31 10:53:12 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - mod_delay/0.5: delaying for 319 usecs
May 31 10:53:14 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - no such user 'alpha'
May 31 10:53:14 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - USER alpha: no such user found from ::ffff:192.168.0.213 [::ffff:192.168.0.213] to ::ffff:192.168.0.210:21
May 31 10:53:14 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - mod_delay/0.5: delaying for 3505587 usecs
May 31 10:53:25 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - PAM(lee): Authentication failure.
May 31 10:53:25 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - USER lee (Login failed): Incorrect password.
May 31 10:53:25 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - Maximum login attempts (3) exceeded
May 31 10:53:25 mail proftpd[15302]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - FTP session closed.
May 31 10:53:58 mail proftpd[15307]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - USER lee (Login failed): Incorrect password.
May 31 10:54:34 mail proftpd[15307]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - FTP session closed.
May 31 13:01:55 mail proftpd[17503]: xxxxxxxxxx (xxx.xxx.xxx.xxx[::ffff:xxx.xxx.xxx.xxx]) - USER lee (Login failed): Incorrect t password.
May 31 18:44:36 mail proftpd[21081]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - mod_delay/0.5: delaying for 5554444 usecs
May 31 18:44:46 mail proftpd[21081]: xxxxxxxxxx (::ffff:192.168.0.213[::ffff:192.168.0.213]) - FTP session closed.
May 31 18:46:18 mail proftpd[21122]: xxxxxxxxxx (xxxxxxxxxx[::ffff:127.0.0.1]) - USER lee (Login failed): Incorrect password.
May 31 18:46:18 mail proftpd[21122]: xxxxxxxxxx (xxxxxxxxxx[::ffff:127.0.0.1]) - mod_delay/0.5: delaying for 318658 usecs
May 31 18:46:22 mail proftpd[21122]: xxxxxxxxxx (xxxxxxxxxx[::ffff:127.0.0.1]) - FTP session closed.
Here is the proftpd.conf file:
Quote:
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
ServerType standalone
#ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in."
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome off

# Use this to excude users from the chroot
DefaultRoot ~

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups off
UseReverseDNS off

# Port 21 is the standard FTP port.
Port 21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# Default to show dot files in directory listings
ListOptions "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
#LoginPasswordPrompt on
#MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20

# Set the user and group that the server normally runs at.
User nobody
Group nobody

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile no

# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
RequireValidShell on
RootLogin off
DeferWelcome off
ServerIdent on
</Global>

# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
RequireValidShell on

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
#TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
#TLSLog /var/log/proftpd/tls.log

# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
#<IfModule mod_dso.c>
# LoadModule mod_sql.c
# LoadModule mod_sql_mysql.c
# LoadModule mod_sql_postgres.c
#</IfModule>

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
# User ftp
# Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions apply."
#
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10 "Sorry, max %m users -- try again later"
#
# # Put the user into /pub right after login
# #DefaultChdir /pub
#
# # We want 'welcome.msg' displayed at login, '.message' displayed in
# # each newly chdired directory and tell users to read README* files.
# DisplayLogin /welcome.msg
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE SITE_CHMOD>
# DenyAll
# </Limit>
#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
# <Directory uploads/*>
# AllowOverwrite no
# <Limit READ>
# DenyAll
# </Limit>
#
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>
#
# # Don't write anonymous accesses to the system wtmp file (good idea!)
# WtmpLog off
#
# # Logging for the anonymous transfers
# ExtendedLog /var/log/proftpd/access.log WRITE,READ default
# ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>
I have tried everything that I can think of to get it to work. I have copied the .conf from another box that runs Red Hat 9 and an older version of Proftpd that works, and it still reports the same error.

I have also attempted to copy the pam.d file from the other box and it still doesn't work.

I'm at a total loss!

Anyone have any ideas?
 
Old 06-01-2007, 01:56 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,898

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Quote:
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
Comment out the above lines, restart the server and see if it works.
 
Old 06-01-2007, 07:34 AM   #3
LWillmann
Member
 
Registered: Oct 2003
Location: Middle Tennessee
Distribution: CentOS
Posts: 31

Original Poster
Rep: Reputation: 15
Ok, I made the recommended changes and here is the result:
Quote:
Connected to xxxxxxxx.
220 FTP Server ready.
User (xxxxxxxxnone)): lee
331 Password required for lee.
Password:
530 Login incorrect.
Login failed.
ftp>
And here is the error log entries:
Quote:
Jun 1 06:58:24 mail proftpd[17493]: xxxxxx - ProFTPD killed (signal 15)
Jun 1 06:58:24 mail proftpd[17493]: xxxxxx - ProFTPD 1.3.0a standalone mode SHUTDOWN
Jun 1 06:58:25 mail proftpd[26820]: xxxxxx - error setting IPV6_V6ONLY: Protocol not available
Jun 1 06:58:25 mail proftpd[26820]: xxxxxx - ProFTPD 1.3.0a (stable) (built Tue Feb 6 06:12:11 EST 2007) standalone mode STARTUP
Jun 1 06:58:38 mail proftpd[26822]: xxxxxx (::ffff:xxx.xxx.xxx.xxx[::ffff:xxx.xxx.xxx.xxx]) - FTP session opened.
Jun 1 06:58:44 mail proftpd[26822]: xxxxxx (::ffff:xxx.xxx.xxx.xxx[::ffff:xxx.xxx.xxx.xxx]) - PAM(lee): Module is unknown.
I have another, different box that runs RH9 and a slightly older version of ProFTPD and it works perfectly. I have to move the services from that RH9 box to this FC5 box. That's what's prompted all this work. I have even tried copying the pam.d enty from the other box to the FC5 box, but I notice some modules listed on the RH9 box that aren't on the FC5 box. I also tried copying the ProFTPD config to the FC5 box and it doesn't that work either. I tried this seperately (first the ProFTPD config copy, then when that didn't work I went back to the original FC5 config, and tried the pam.d entry, then returned to the original pam.d entry).

Last edited by LWillmann; 06-01-2007 at 07:38 AM.
 
Old 06-01-2007, 08:00 AM   #4
digitalnerds
Member
 
Registered: May 2007
Distribution: Debian
Posts: 103

Rep: Reputation: 15
To use PAM with proftpd you need to make sure name of the service defined by you in the AuthPAMconfig exists. For that check your /etc/pam.d directory for a file named proftpd that has a content similar with:

Code:
auth    required        pam_unix.so     nullok
account required        pam_unix.so
session required        pam_unix.so
Also uncomment the two lines you commented before.
Hope it helps you

Regards
Andy
 
Old 06-01-2007, 09:31 AM   #5
telemark
LQ Newbie
 
Registered: Jul 2003
Location: Sweden
Posts: 4

Rep: Reputation: 0
I guess you must've checked it, but if not... -Are the access permission set properly? (the ftp-user must have read access in the folder that proftp tries to open. Your error message may suggest this.) If proftpd cannot open the right directory, it will deny login. I know that from experience :-)

(::ffff:192.168.0.213[::ffff:192.168.0.213]) - notice: unable to use '~/' [resolved to '/home/lee/']: Permission denied
 
Old 06-01-2007, 12:37 PM   #6
LWillmann
Member
 
Registered: Oct 2003
Location: Middle Tennessee
Distribution: CentOS
Posts: 31

Original Poster
Rep: Reputation: 15
Ok, I uncommented the two lines that I commented before.

Here's the contents of the /etc/pam.d/proftpd file:
Quote:
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
For comparison, here's the one off of the RH9 box:
Quote:
#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_pwdb.so shadow nullok

# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
#
# If you enable this, it is recommended that you do *not* give the 'ftp'
# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
# add /bin/false to /etc/shells.
#auth required /lib/security/pam_shells.so

account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so
The FC5 bos does NOT have /lib/security/pam_pwdb.so for some reason, I presume that it's not required for the version of PAM included with FC5?


Also, please forgive this stupid question, but if the user/group that the server runs as needs read access to the user's home folder, then why is it that I can log into the RH9 box with my home folder set to 0700? I set the permissions on my home folder to 0755, as the others are set, and it still fails.

Here's the latest bit from /var/log/messages:
Quote:
Jun 1 11:45:01 mail proftpd[26820]: xxxxxxxxx - ProFTPD killed (signal 15)
Jun 1 11:45:01 mail proftpd[26820]: xxxxxxxxx - ProFTPD 1.3.0a standalone mode SHUTDOWN
Jun 1 11:45:01 mail proftpd[30295]: xxxxxxxxx - error setting IPV6_V6ONLY: Protocol not available
Jun 1 11:45:01 mail proftpd[30295]: xxxxxxxxx - ProFTPD 1.3.0a (stable) (built Tue Feb 6 06:12:11 EST 2007) standalone mode STARTUP
Jun 1 11:55:01 mail proftpd[30455]: xxxxxxxxx (::ffff:xxx.xxx.xxx.xxx[::ffff:xxx.xxx.xxx.xxx]) - FTP session opened.
Jun 1 11:55:06 mail kernel: audit(1180716906.478:2174): avc: denied { getattr } for pid=30455 comm="proftpd" name="home" dev=dm-0 ino=8216737 scontext=system_u:system_r:ftpd_t:s0 tcontext=system_ubject_r:home_root_t:s0 tclass=dir
Jun 1 11:55:06 mail kernel: audit(1180716906.482:2175): avc: denied { getattr } for pid=30455 comm="proftpd" name="home" dev=dm-0 ino=8216737 scontext=system_u:system_r:ftpd_t:s0 tcontext=system_ubject_r:home_root_t:s0 tclass=dir
Jun 1 11:55:24 mail proftpd[30474]: xxxxxxxxx (::ffff:xxx.xxx.xxx.xxx[::ffff:xxx.xxx.xxx.xxx]) - FTP session opened.
Jun 1 11:55:36 mail proftpd[30474]: xxxxxxxxx (::ffff:xxx.xxx.xxx.xxx1[::ffff:xxx.xxx.xxx.xxx]) - PAM(lee): Authentication failure.
and from /var/log/secure:
Jun 1 11:55:06 mail proftpd: pam_unix(proftpd:session): session opened for user lee by (uid=0)
Jun 1 11:55:06 mail proftpd: Deprecated pam_stack module called from service "proftpd"
Jun 1 11:55:06 mail proftpd[30455]: xxxxxxxxxxxx(::ffff:xxx.xxx.xxx.xxx[::ffff:xxx.xxx.xxx.xxx]) - USER lee: Login successful.
Jun 1 11:55:06 mail proftpd[30455]: xxxxxxxxxxxx (::ffff:xxx.xxx.xxx.xxx[::ffff:xxx.xxx.xxx.xxx]) - notice: unable to use '~/' [resolved to '/home/lee/']: Permission denied
Jun 1 16:55:06 mail proftpd[30455]: xxxxxxxxxxxx (::ffff:xxx.xxx.xxx.xxx[::ffff:xxx.xxx.xxx.xxx]) - Preparing to chroot to directory '~/'
Jun 1 16:55:06 mail proftpd[30455]: xxxxxxxxxxxx (::ffff:xxx.xxx.xxx.xxx[::ffff:xxx.xxx.xxx.xxx]) - lee chroot("~/"): No such file or directory
Jun 1 16:55:06 mail proftpd[30455]: xxxxxxxxxxxx (::ffff:xxx.xxx.xxx.xxx[::ffff:xxx.xxx.xxx.xxx]) - error: unable to set default root directory
Jun 1 16:55:06 mail proftpd: Deprecated pam_stack module called from service "proftpd"
Jun 1 16:55:06 mail proftpd: Deprecated pam_stack module called from service "proftpd"
Jun 1 16:55:06 mail proftpd: pam_unix(proftpd:session): session closed for user lee
Jun 1 16:55:06 mail proftpd[30455]: xxxxxxxxxxxx (::ffff:xxx.xxx.xxx.xxx[::ffff:xxx.xxx.xxx.xxx]) - FTP session closed.


What do I need to do now? It looks like it can't resolve '~/' to be my home folder properly, and that is causing it to be unable to chroot to my home folder. What can I do to fix this?
 
Old 06-02-2007, 12:11 PM   #7
zzzy
LQ Newbie
 
Registered: Jun 2006
Distribution: slackware, darwin
Posts: 5
Blog Entries: 1

Rep: Reputation: 0
Had similar issues with ProFTPd 1.3.0a and after many hours of struggle and frustration I finally gave up and switched to file transfer over ssh: scp or fish/kde on linux and winscp or even smb over ssh on windoze.
 
Old 06-02-2007, 12:52 PM   #8
LWillmann
Member
 
Registered: Oct 2003
Location: Middle Tennessee
Distribution: CentOS
Posts: 31

Original Poster
Rep: Reputation: 15
That's just it though, I don't have the luxury of just giving up on FTP. I have to move the web sites from the RH9 box which is having problems to the FC5 box. And that means that I need FTP access to the box.

Should I try to step back to an older version of the daemon?
 
Old 06-02-2007, 01:25 PM   #9
digitalnerds
Member
 
Registered: May 2007
Distribution: Debian
Posts: 103

Rep: Reputation: 15
Have you tried what i told you in the previous post? Make the proftpd file in /etc/pam.d look like the one below

Quote:
Originally Posted by digitalnerds
To use PAM with proftpd you need to make sure name of the service defined by you in the AuthPAMconfig exists. For that check your /etc/pam.d directory for a file named proftpd that has a content similar with:

Code:
auth    required        pam_unix.so     nullok
account required        pam_unix.so
session required        pam_unix.so
Also uncomment the two lines you commented before.
Hope it helps you

Regards
Andy
 
Old 06-02-2007, 01:26 PM   #10
zzzy
LQ Newbie
 
Registered: Jun 2006
Distribution: slackware, darwin
Posts: 5
Blog Entries: 1

Rep: Reputation: 0
finally works for me

Believe it or not, I decided to give it another try today and it works. Can't explain what's changed. Here is my config file; be warned though that I use slackware linux and so all configs are done through conf files direclty. Also, I don't use PAM auth.

Code:
MasqueradeAddress     your.hostname.net
PassivePorts 65510 65520
ServerName			"ProFTPD Default Installation"
ServerType			inetd
DefaultServer			on
Port				21
Umask				022
MaxInstances			30
User				nobody
Group				nogroup
SystemLog			/var/log/proftpd.log
TransferLog			/var/log/xferlog
<Directory /*>
  AllowOverwrite		on
</Directory>
<Anonymous ~ftp>
  RequireValidShell		off
  User				ftp
  Group				ftp
  UserAlias			anonymous ftp
  MaxClients			50
  DisplayLogin			welcome.msg
  DisplayFirstChdir		.message
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>
 
Old 06-02-2007, 03:27 PM   #11
LWillmann
Member
 
Registered: Oct 2003
Location: Middle Tennessee
Distribution: CentOS
Posts: 31

Original Poster
Rep: Reputation: 15
I just tried your offering for the pamd.d and it still does not work.

Here's the entries from the security log:
Quote:
Jun 2 14:51:34 mail proftpd: pam_unix(proftpd:session): session opened for user lee by (uid=0)
Jun 2 14:51:34 mail proftpd[8977]: myhost (::ffff:myip[::ffff:myip]) - USER lee: Login successful.
Jun 2 14:51:34 mail proftpd[8977]: myhost (::ffff:myip[::ffff:myip]) - notice: unable to use '~/' [resolved to '/home/lee/']: Permission denied
Jun 2 19:51:34 mail proftpd[8977]: myhost (::ffff:myip[::ffff:myip]) - Preparing to chroot to directory '~/'
Jun 2 19:51:34 mail proftpd[8977]: myhost (::ffff:myip[::ffff:myip]) - lee chroot("~/"): No such file or directory
Jun 2 19:51:34 mail proftpd[8977]: myhost (::ffff:myip[::ffff:myip]) - error: unable to set default root directory
Jun 2 19:51:34 mail proftpd: pam_unix(proftpd:session): session closed for user lee
Jun 2 19:51:34 mail proftpd[8977]: myhost (::ffff:myip[::ffff:myip]) - FTP session closed.
I don't understand why it's having problems with the ~/ folder and chrooting it.
 
Old 06-02-2007, 03:33 PM   #12
Marco Oliveira
LQ Newbie
 
Registered: Mar 2007
Location: Portugal
Distribution: Debian
Posts: 3

Rep: Reputation: 0
Hello,

is there any particulary reason to use it in "standalone" ?
I had problems using it in that mode, since i didn't had ftp that justify that, i'm using it in "inetd" mode.
I'm currently using debian 4.0, but in the past with other linux's, was more or less the same, no problems at all.
Can you verify in the firewall, if the port 20 is blocked ?
If i'm not mistaken, you can have authentication problems if the port 20 is blocked.


Best Regards

Marco Oliveira
 
Old 06-02-2007, 03:34 PM   #13
Marco Oliveira
LQ Newbie
 
Registered: Mar 2007
Location: Portugal
Distribution: Debian
Posts: 3

Rep: Reputation: 0
Hello again,

In this link, --> http://ubuntuguide.org/wiki/Ubuntu:Feisty , you can find some useful information regarding proftpd, please do the search using proftp as the search key.

Best Regards

Marco Oliveira
 
Old 06-02-2007, 04:02 PM   #14
digitalnerds
Member
 
Registered: May 2007
Distribution: Debian
Posts: 103

Rep: Reputation: 15
Quote:
Originally Posted by LWillmann
I just tried your offering for the pamd.d and it still does not work.

Here's the entries from the security log:


I don't understand why it's having problems with the ~/ folder and chrooting it.

Well as far as i can see now you get a login successful while at the beginning the user was not recognized.

"USER lee: Login successful."

Now the problem with ~/ (home dir) might be a permissions problem since the error you get it's pretty much self explanatory "notice: unable to use '~/' [resolved to '/home/lee/']: Permission denied " Can you please show us the output of ls -la in your /home directory?

Regards
Andy
 
Old 06-02-2007, 04:40 PM   #15
LWillmann
Member
 
Registered: Oct 2003
Location: Middle Tennessee
Distribution: CentOS
Posts: 31

Original Poster
Rep: Reputation: 15
digitalnerds, here's the response on the FC5 box:
Quote:
total 144
drwxr-xr-x 18 root root 4096 May 31 10:40 .
drwxr-xr-x 23 root root 4096 Jun 1 17:32 ..
drwxr-xr-x 2 as400 as400 4096 May 30 18:18 as400
drwxr-xr-x 3 asmith asmith 4096 May 30 18:17 asmith
drwx------ 2 infobak infobak 4096 Sep 19 2006 infobak
drwx------ 3 jackie jackie 4096 Sep 21 2006 jackie
drwx------ 3 jamie jamie 4096 Sep 22 2006 jamie
drwx------ 3 kathyp kathyp 4096 Sep 21 2006 kathyp
drwxr-xr-x 16 lee lee 4096 May 31 10:52 lee
drwx------ 3 maryann maryann 4096 Sep 21 2006 maryann
drwx------ 3 ml ml 4096 Jan 4 08:36 ml
drwxr-xr-x 2 rwil rwil 4096 May 7 08:47 rwil
drwx------ 3 shari shari 4096 Sep 21 2006 shari
drwx------ 3 sherrie sherrie 4096 Sep 21 2006 sherrie
drwx------ 3 tom tom 4096 Sep 21 2006 tom
drwx------ 3 wanttobuy wanttobuy 4096 Dec 8 10:07 wanttobuy
drwx------ 2 wanttosell wanttosell 4096 Sep 19 2006 wanttosell
drwx------ 3 waynepugh waynepugh 4096 Sep 21 2006 waynepugh
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
proftpd tell me can not login namit Linux - Software 5 12-11-2005 10:24 AM
Can't login to ProFTPd Martin Strand Linux - Networking 8 07-11-2005 09:59 PM
can't login proftpd pipio Linux - General 0 04-19-2004 12:55 PM
Why my proftpd sometimes can't login? itebooks Linux - Software 0 03-29-2004 09:48 PM
proftpd can't login nocturnal Linux - Software 3 12-15-2003 05:33 PM


All times are GMT -5. The time now is 03:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration