LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Proftpd now allowing PAM+LDAP accouns to log in
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 09-24-2010, 09:35 PM   #1
mago
Member
 
Registered: Apr 2004
Location: Costa Rica
Distribution: slack current with 2.6.16.18 (still off the hook)
Posts: 284

Rep: Reputation: 33
Proftpd now allowing PAM+LDAP accouns to log in

Hi,
I have a strange problem and I think is related to Proftpd and obviously my lack of knowledge on this fine software.

I have a Centos 5.5 server setup with LDAP auth configured and running just fine. Users can login through tty and ssh, home directories get created etc... I can even use the ldap accounts with services such as samba.

Now I need to setup ftp and I choose proftpd because is solid, secure and easy to setup. Well I thought so anyway.

This is the proftpd version info:
Code:
proftpd -v
ProFTPD Version 1.3.2
_______________________
proftpd -vv
ProFTPD Version: 1.3.2 (stable)
  Scoreboard Version: 01040002
  Built: Sun Mar 15 22:00:55 CET 2009

Loaded modules:
  mod_ctrls/0.9.4
  mod_cap/1.0
  mod_tls/2.2.1
  mod_auth_pam/1.1
  mod_readme.c
  mod_ident/1.0
  mod_dso/0.4
  mod_facts/0.1
  mod_delay/0.6
  mod_site.c
  mod_log.c
  mod_ls.c
  mod_auth.c
  mod_auth_file/0.8.3
  mod_auth_unix.c
  mod_xfer.c
  mod_core.c
Relevant info on the conf file for ProFTPd
Code:
ServerType                      standalone
#ServerType                     inetd
DefaultServer                   on
AccessGrantMsg                  "Usuario %u has sido validado."
DeferWelcome                    off

DefaultRoot                     ~ !adm

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_pam.c* mod_auth_unix.c

IdentLookups                    off
UseReverseDNS                   off
Port                            21
Umask                           022
ListOptions                     "-a"
AllowRetrieveRestart            on
AllowStoreRestart               on
MaxInstances                    10
User                            nobody
Group                           nobody
UseSendFile                     no
ScoreboardFile                  /var/run/proftpd.score

<Global>
  AllowOverwrite                yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>
The /etc/pam.d/proftpd looks like this:
Code:
#%PAM-1.0
auth       required     pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       required     pam_stack.so service=system-auth
auth       required     pam_shells.so
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
And this is the error I get:
Code:
proftpd -nd4

tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching PRE_CMD command 'USER userx' to mod_tls
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching PRE_CMD command 'USER userx' to mod_core
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching PRE_CMD command 'USER userx' to mod_core
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching PRE_CMD command 'USER userx' to mod_delay
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching PRE_CMD command 'USER userx' to mod_auth
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching CMD command 'USER userx' to mod_auth
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - no supplemental groups found for user 'userx'
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching POST_CMD command 'USER userx' to mod_delay
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching LOG_CMD command 'USER userx' to mod_log
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_tls
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching CMD command 'PASS (hidden)' to mod_auth
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - no supplemental groups found for user 'userx'
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - USER userx: no such user found from ::ffff:201.193.245.122 [::ffff:201.193.245.122] to ::ffff:192.168.100.21:21
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log
tostadora (::ffff:201.193.245.122[::ffff:201.193.245.122]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth

As far as I can tell the mod_auth_pam is not being invoked and I just have no idea why or how to force it.

All input is welcome, thanks in advanced.
 
Old 09-24-2010, 10:20 PM   #2
quanta
Member
 
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724

Rep: Reputation: 101Reputation: 101
You didn't load the mod_ldap module: http://forum.zentyal.org/index.php?topic=441.0
 
Old 09-24-2010, 10:31 PM   #3
mago
Member
 
Registered: Apr 2004
Location: Costa Rica
Distribution: slack current with 2.6.16.18 (still off the hook)
Posts: 284

Original Poster
Rep: Reputation: 33
Well, should it use the pam module since is specified there and the system recognize the accounts?
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Openssh + PAM + LDAP fails only with LDAP users asimula Linux - Newbie 2 04-01-2010 07:10 AM
Using PAM: Allowing access to 'poweroff' while logged out. Borax_Man Linux - Security 3 04-17-2009 02:30 AM
PAM -- Allowing only certain users access DennisC31 Linux - Security 1 01-05-2008 06:26 PM
Failing to log into ssh via ldap auth. Pam Problem? cehlers Linux - Security 1 10-10-2004 07:55 AM
Allowing Uploads - ProFTPd hypokondriak Linux - General 0 09-20-2001 11:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:35 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration