OK,
I shared your pain. I had the same problem a while back actually and if I remember, it all turned out to be issues in the proftpd.conf. I've had it running on FreeBSD 4.x as well as several RH systems.
I installed it recently on a new box with a newer version on a RH7.x system with MySQL 3.x installed. I compiled with this: -
tar –xvzf proftpd-1.2.8rc2.tar.gz
cd proftpd-1.2.8rc2
./configure --with-modules=mod_sql:mod_sql_mysql \
--with-includes=/usr/local/include \
--with-libraries=/usr/local/lib/mysql
make
make install
The following /etc/proftpd.conf file allows PAM auth on ip#1 and MySQL based auth on IP#2. File follows...
"Names have been changed to protect the innocent."
#----------------START----------------
# listen for each (additional) address explicitly that is
# specified (via Bind and Port) in a VirtualHost definition
#
SocketBindTight on
Port 0
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# such as xinetd)
MaxInstances 30
# Performance: skip DNS resolution when we process the logs...
UseReverseDNS on
# Turn off Ident lookups
IdentLookups off
# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled 300
# Where do we put the pid files?
ScoreboardFile /usr/local/var/proftpd.pid
#
# Allow FXP
#
AllowForeignAddress on
PassivePorts 49152 65534
Classes on
Class default limit 5
Class internet limit 2
Class local limit 3
Class internet ip 0.0.0.0/0
Class internet ip 192.168.99.99/24
Class local ip 127.0.0.1/24
Class local ip 192.168.0.0/24
SystemLog /var/log/proftpd.log
# Do not allow to pass printf-Formats (security! see documentation!):
#AllowFilter "^[a-zA-Z0-9@~ /,_.-]*$"
DenyFilter "%"
#
# Logging options
#
TransferLog /var/log/proftpd.xferlog
# Some logging formats
#
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
# Log file/dir access
ExtendedLog /var/log/proftpd.access_log WRITE,READ write
# Record all logins
ExtendedLog /var/log/proftpd.auth_log AUTH auth
# Paranoia logging level....
ExtendedLog /var/log/proftpd.paranoid_log ALL default
# To disable use of system-wide password file
PersistentPasswd off
###############################################################
<Virtualhost 192.168.0.1>
#
# PAM Auth for IP #1
#
ServerName "Standard PAM Auth FTP"
# Define this if you want to prevent your server from displaying what FTP
# server and version you are using.
ServerIdent on "Ready."
#Time out parameters
TimeoutIdle 600
TimeoutNoTransfer 600
TimeoutLogin 300
# Get FXP working...hopefully
AllowForeignAddress on
# Port 21 is the standard FTP port.
Port 21
# Set the user and group that the server normally runs at.
User root
Group root
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# Setting this to 'on' makes PAM the final authority on what gets
# authenticated. Turning this off will tell PAM to allow other
# authentication modules compiled into ProFTPD a chance at the user.
AuthPAMAuthoritative On
# This is the PAM configuration file that will be referenced when
# authenticating. It can be set globally and/or per VirtualHost.
# The default is 'ftp'. Note: all PAM configuration files must be in
# /etc/pam.d
AuthPAMConfig ftp
# Enable resuming of downloads and uploads
AllowOverwrite On
AllowStoreRestart on
AllowRetrieveRestart on
# Don't let people pass % characters to the server and to protect against DoS attacks (Bugzilla ID 1066)
DenyFilter (\*.*/)|%
<Limit SITE_CHMOD>
AllowAll
</Limit>
RequireValidShell on
# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>
#
# FXP Abilities
#
AllowForeignAddress on
</Virtualhost>
###############################################################
<Virtualhost 192.168.0.2>
#
# MySQL Auth for IP #2
#
ServerName "MySQL Auth FTP Site"
ServerAdmin
support@mydomain.com
#
# Debug Level
# emerg, alert, crit (empfohlen), error, warn. notice, info, debug
#
SyslogLevel info
#
# uncomment, if you want to hide the servers name:
#
ServerIdent on "MySQL Auth FTP User Server"
DeferWelcome on
DefaultServer on
#
# Display
#
#DisplayLogin /messages/ftp.motd
#DisplayConnect /net/messages/ftp.pre
#DisplayFirstChdir index.txt
HiddenStor off
DirFakeUser on ftp
DirFakeGroup on ftp
DirFakeMode 0000
# Enable PAM for authentication...
#
AuthPAM off
# Setting this directive to on will cause authentication to fail
# if PAM authentication fails. The default setting, off, allows
# other modules and directives such as AuthUserFile and friends
# to authenticate users.
#
# AuthPAMAuthoritative on
# This directive allows you to specify the PAM service name used
# in authentication (default is "proftpd" on SuSE Linux).
# You have to setup the service in the /etc/pam.d/<other_name>.
#
#AuthPAMConfig <other_name>
# Port 21 is the standard FTP port.
Port 21
#------------------------mysql Module: 4.x
SQLAuthTypes BackEnd Empty
# Use the below line for cleartext mysql passwords rather than PASSWORD() based ones
#SQLAuthTypes Plaintext Empty
SQLAuthenticate on
SQLConnectInfo root@localhost mydbusername mydbpassword PERSESSION
SQLDefaultGID 48
SQLDefaultUID 48
SQLMinUserGID 48
SQLMinUserUID 48
SQLUserInfo members username password ftp_uid ftp_gid ftp_homedir NULL
SQLGroupInfo members_group ftp_groupname ftp_gid members
#------------------------mysql
# Umask 022 is a good standard umask to prevent new dirs
# and files from being group and world writable.
Umask 022
# Set the user and group that the server normally runs at.
User apache
Group apache
# Maximum User/Host configuration
MaxClientsPerHost 2 "Sorry, we only allow %m connections per host!"
MaxClients 50 "The maximum number of clients has been reached. Please try again soon."
#
# Restartability
#
AllowStoreRestart on
AllowRetrieveRestart on
AllowOverwrite On
#DefaultQuota 50000000
#
# Do a chroot for web-users (i.e. public or www group), but
# do not change root if the user is also in the users group...
#
DefaultRoot ~
#
# Limit login attempts
#
MaxLoginAttempts 3
#
# Users needs a valid shell
#
RequireValidShell off
AllowForeignAddress off
</VirtualHost>
#----------------END----------------
BTW, ftp_uid and ftp_gid are basically ignored as they're hardcoded to apache (48) in the configuration. I suggest keeping authentication as "backend" as it authenticates via the MYSQL PASSWORD() function very nicely.
ProFTPD with MySQL rocks.
Good Luck.
TechBrat Out.
