Subject16 |
01-06-2010 08:45 PM |
VSFTPD: Users Can't Log In After Updates
Hi all. Here's the background:
Linux version 2.6.18-164.9.1.el5 (mockbuild@x86-005.build.bos.redhat.com) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) #1 SMP Wed Dec 9 03:27:37 EST 2009
This server runs vsftpd. Prior to running updates on Monday all was working as it should. After running updates (and I updated pretty much everything), it no longer works. Here are the symptoms and relevant log files.
/etc/vsftpd/vsftpd.conf
Quote:
anonymous_enable=NO
local_enable=YES
write_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
chroot_local_user=YES
guest_enable=YES
guest_username=ftpuser
listen=YES
listen_port=21
#pasv_address=IP address here
pasv_min_port=50000
pasv_max_port=60000
pam_service_name=vsftpd
virtual_use_local_privs=YES
local_root=/company/ftp/$USER
user_sub_token=$USER
hide_ids=YES
ftpd_banner=Company FTP
pasv_promiscuous=YES
check_shell=NO
log_ftp_protocol=YES
xferlog_enable=YES
|
/etc/pam.d/vsftpd
Quote:
#%PAM-1.0
#session optional pam_keyinit.so force revoke
auth required pam_pwdfile.so pwdfile /etc/vsftpd/passwd
account required pam_permit.so
account required pam_lsass.so unknown_ok
account sufficient pam_lsass.so
#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth required pam_shells.so
#auth include system-auth
#account include system-auth
#session include system-auth
#session required pam_loginuid.so
|
When I try to log in locally this is the response:
Quote:
Connected to 127.0.0.1.
220 Our FTP
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): igi
331 Please specify the password.
Password:
421 Service not available, remote server has closed connection
Login failed.
No control connection for command: No such file or directory
ftp>
|
I enabled verbose logging and this is the result of /var/log/vsftpd.log:
Quote:
Connected to 127.0.0.1.
220 Company FTP
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): igi
331 Please specify the password.
Password:
421 Service not available, remote server has closed connection
Login failed.
No control connection for command: No such file or directory
ftp>
|
I am not getting anything in /var/log/secure or /var/log/messages any more. I used to alternately get
Jan 6 19:51:19 server pam_pwdfile[16863]: user not found in password database
and
Jan 5 21:06:53 server vsftpd[22074]: PAM unable to resolve symbol: pam_sm_acct_mgmt
Lastly, on the user side when I try to log externally I get the following two errors:
If I enter a known good username and password
Quote:
421 Service not available, remote server has closed connection.
ftp: Login failed.
|
If I enter a bad password for a known user, or just make up a user
Quote:
530 Login incorrect.
ftp: Login failed.
|
I'm open to just about all suggestions at this point. I have tried many different variations on the vsftpd file in pam.d to no avail. I'm not even sure that I think it's a PAM issue any more because the vsftpd.log file seems to indicate that the authentication is going through. This is my first vsftpd experience; it was not originally configured by me so I'm picking up the details as I go.
Thanks in advance.
|