LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 04-20-2010, 04:49 AM   #1
wilku
LQ Newbie
 
Registered: Mar 2005
Distribution: Debian Lenny
Posts: 24

Rep: Reputation: 0
Unhappy Login incorrect with almost default installation of proftpd.


Hi,

I'm trying to set up ftp server in the most simple way possible - login to home directories for existing linux users (except root). I get "Login incorrect" when I try to authenticate, although I am sure it is the right user-password (I even changed it using passwd on server's shell and tried again with the new one). Here's my proftpd.conf:
Code:
#                                                       
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.             
#                                                                         

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6                         off                                    
# If set on you can experience a longer connection delay in many cases.
IdentLookups                    off                                    

ServerName                      "Wilki"
ServerType                      standalone
DeferWelcome                    off       

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    welcome.msg
DisplayChdir                    .message true
ListOptions                     "-l"         

DenyFilter                      \*.*/

# Use this to jail all users in their homes 
# DefaultRoot                   ~           

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.              
RequireValidShell               off                          

# Port 21 is the standard FTP port.
Port                            21 

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but 
# feel free to use a more narrow range.                           
PassivePorts                  60000 65534                         

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
MasqueradeAddress               83.143.44.35                          

# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>                                           
# DynMasqRefresh 28800                                             
</IfModule>                                                        

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections 
# at once, simply increase this value.  Note that this ONLY works  
# in standalone mode, in inetd mode you should use an inetd server 
# that allows you to limit maximum number of processes per service 
# (such as xinetd)                                                 
MaxInstances                    30                                 

# Set the user and group that the server normally runs at.
User                            proftpd                   
Group                           nogroup                   

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.              
Umask                           022  022                          
# Normally, we want files to be overwriteable.                    
AllowOverwrite                  on                                

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd              off                                         

# This is required to use both PAM-based authentication and local passwords
# AuthOrder                     mod_auth_pam.c* mod_auth_unix.c            

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.                     
#                                                                         
# UseSendFile                   off                                       

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off          
</IfModule>              

<IfModule mod_ratio.c>
Ratios off            
</IfModule>           


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02        
# It is on by default.                                                   
<IfModule mod_delay.c>                                                   
DelayEngine on                                                           
</IfModule>                                                              

<IfModule mod_ctrls.c>
ControlsEngine        off
ControlsMaxClients    2  
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5                            
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>                                        

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off     
</IfModule>                 

#
# Alternative authentication frameworks
#                                      
#Include /etc/proftpd/ldap.conf        
#Include /etc/proftpd/sql.conf         

#
# This is used for FTPS connections
#                                  
#Include /etc/proftpd/tls.conf     

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
#   User                                ftp
#   Group                               nogroup
#   # We want clients to be able to login with "anonymous" as well as "ftp"
#   UserAlias                   anonymous ftp                              
#   # Cosmetic changes, all files belongs to ftp user                      
#   DirFakeUser on ftp                                                     
#   DirFakeGroup on ftp                                                    
#                                                                          
#   RequireValidShell           off                                        
#                                                                          
#   # Limit the maximum number of anonymous logins                         
#   MaxClients                  10                                         
#                                                                          
#   # We want 'welcome.msg' displayed at login, and '.message' displayed
#   # in each newly chdired directory.
#   DisplayLogin                        welcome.msg
#   DisplayChdir                .message
#
#   # Limit WRITE everywhere in the anonymous chroot
#   <Directory *>
#     <Limit WRITE>
#       DenyAll
#     </Limit>
#   </Directory>
#
#   # Uncomment this if you're brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   #   Umask                           022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>
#
# </Anonymous>
The funny thing is even if I purge the proftpd package and install vsftpd instead - it doesn't help - I can't log in. But I can log in with ssh.
Any suggestions what to do?

Wilku
 
Old 04-20-2010, 05:24 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Hi,

Try to run proftpd in debug mode and see if you get anything:
Code:
proftpd -n -d5
I guess it's something wrong with PAM since vsftpd is not working too. Maybe adding
Code:
AuthPAM off
should help if that's the case

Regards
 
Old 09-23-2010, 05:12 AM   #3
kostya
Member
 
Registered: Mar 2010
Location: Moscow, Russia
Distribution: Ubuntu Studio, antix(mepis), Fedora, FreeBSD
Posts: 172
Blog Entries: 5

Rep: Reputation: 17
Quote:
Originally Posted by bathory View Post
Hi,

Try to run proftpd in debug mode and see if you get anything:
Code:
proftpd -n -d5
I guess it's something wrong with PAM since vsftpd is not working too. Maybe adding
Code:
AuthPAM off
should help if that's the case

Regards
Yea that helps. I have the same problem on Fedora 12. Although done all the anonymous setup in /etc/proftpd.conf, still it requires passowrd for anonymous user and then says it's "incorrect". What the heck??

BTW, adding "-d5" as argument to proftpd gives NOTHING in the log file.Neither does adding "DebugLevel" into proftpd.conf file. The only thing I see in /var/log/messages is:
ProFTPD killed (signal 15)
ProFTPD 1.3.2d standalone mode SHUTDOWN
(and the like)
Proftpd doesn't say a word about what it's doing, neither does what's expected. That's most annoying. Perhaps I'll end up creating a special user with password and use his homedir for ftp transactions. It's OK, but still, how about anonymous?
 
Old 09-23-2010, 05:29 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
@kostya
You should have started your own thread describing your problem.
Anyway -n -d5 works if you run proftpd directly and not using "service proftpd". So, try:
Code:
/usr/sbin/proftpd -n -d5
to see what you get.
You might need to change the path to proftpd accordingly.

Regards
 
Old 09-25-2010, 08:01 PM   #5
kostya
Member
 
Registered: Mar 2010
Location: Moscow, Russia
Distribution: Ubuntu Studio, antix(mepis), Fedora, FreeBSD
Posts: 172
Blog Entries: 5

Rep: Reputation: 17
Yea, right, I've already got to it !

Part of my problems was solved by removing the rpm-installed version of the proftpd.conf and replacing it with one from the samples. Hope that might help the author of this post, too?

Still, my impression is that the configuration file is quite complicated in that some declarations there may get in conflict with still some other ones, so that the end-result could easily be not what you expected.
On the other hand, the job is non-trivial: we want to give people access to our server, yet remain secure ourselves. This can hardly be done without some more deep study into how this program works...

Last edited by kostya; 09-25-2010 at 08:07 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ProFTPD [530 Login incorrect] dmjendor Linux - General 0 11-11-2008 05:15 PM
Proftpd 530 Login Incorrect error besides correct password imagineers7 Linux - Networking 9 01-07-2008 03:13 AM
yum update proftpd 530 login incorrect westdoor Linux - Networking 1 10-29-2006 07:25 AM
ProFTPd - Login Incorrect exciter Linux - Newbie 1 01-22-2006 07:10 AM
ProFTPd on SuSE 9.1:Error 530 (Login Incorrect) bmctee Linux - Software 0 08-10-2004 01:21 AM


All times are GMT -5. The time now is 05:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration