Hello all,

I am trying to connect to the centos 6.0 server via ftp using Filzilla and I get error message 530 Login authentication failed. The pure-ftpd is configured with TLS. Here is the message I get;

Status: Connecting to 192.168.0.110:21...
Status: Connection established, waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 1 of 50 allowed.
Response: 220-Local time is now 22:55. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 15 minutes of inactivity.
Command: USER test
Response: 331 User test OK. Password required
Command: PASS *****
Response: 530 Login authentication failed
Error: Critical error
Error: Could not connect to server

Any idea what the problem could be? Thank you all.

Hi,

Are you sure that the password you're using is correct? You can also take a look at pure-ftpd logs under /var/log to see if you find anything.

Regarding TLS, I guess you're using the "-Y1" option, as I don't see any AUTH TLS reference in the responses you get from the server. If you used "-Y2", you should see something like the following

Hello,

The user name and password are correct. Cat /var/log/pureftpd.log has no output information. I did this before using purftpd;
vi /etc/pure-ftpd/pure-ftpd.conf and commented out the TLS 1'

# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
# including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS 1

I also did this;

mkdir -p /etc/ssl/private/

Then

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Country Name (2 letter code) [XX]: <-- Enter your Country Name (e.g., "US").
State or Province Name (full name) []: <-- Enter your State or Province Name.
Locality Name (eg, city) [Default City]: <-- Enter your City.
Organization Name (eg, company) [Default Company Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: <-- Enter your Email Address.

Change the permissions of the SSL certificate:

chmod 600 /etc/ssl/private/pure-ftpd.pem

/etc/init.d/pure-ftpd restart

Hi,

From your 1st post, it's obvious that you don't use TLS in filezilla, as there is no AUTH TLS in pure-ftpd responses. So TLS is not related to your problem and that's why I told you to look at pure-ftpd logs.
BTW, you should look in /var/log/messages and/or /var/log/syslog

Regards

1 members found this post helpful.

Hello,

There is no syslog file in /var/log folder.
Here is the output for the cat /var/log/messages command;
I am using Filzilla to connect.


[root@server1 log]# cat messages
Dec 5 12:12:37 server1 pure-ftpd: (?@192.168.0.199) [INFO] New connection from 192.168.0.199
Dec 5 12:12:42 server1 pure-ftpd: (?@192.168.0.199) [WARNING] Authentication failed for user [test]
Dec 5 12:12:42 server1 pure-ftpd: (?@192.168.0.199) [INFO] Logout.

Thank you

Are you using real or virtual users? Also do you use PAM or Unix authentication?

1 members found this post helpful.

This a real user. On Linux I added a user called test with password test1. In fact I created another user called joe with password of joe123 and joe cannot login either;

Status: Connecting to 192.168.0.174:21...
Status: Connection established, waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 1 of 50 allowed.
Response: 220-Local time is now 10:20. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 15 minutes of inactivity.
Command: USER joe
Response: 331 User joe OK. Password required
Command: PASS ******
Response: 530 Login authentication failed
Error: Critical error
Error: Could not connect to server

And here is the messages;

[root@server1 ~]#cat /var/log/messages

Dec 6 10:20:40 server1 pure-ftpd: (?@192.168.0.199) [INFO] New connection from 192.168.0.199
Dec 6 10:20:44 server1 pure-ftpd: (?@192.168.0.199) [WARNING] Authentication failed for user [joe]
Dec 6 10:20:44 server1 pure-ftpd: (?@192.168.0.199) [INFO] Logout.
Dec 6 10:20:53 server1 pure-ftpd: (?@192.168.0.199) [INFO] New connection from 192.168.0.199
Dec 6 10:20:56 server1 pure-ftpd: (?@192.168.0.199) [WARNING] Authentication failed for user [joe]
Dec 6 10:20:56 server1 pure-ftpd: (?@192.168.0.199) [INFO] Logout.
[root@server1 ~]#

And what about PAM? Are you using it?
If you use it, change it to unix authentication (i.e. pure-ftpd will use passw/shadow to authenticate users)

Hi,

Where can I see PAM information? How do I find about this info and how do I change it to UNIX Authentication? My objective is that this joe user to be able to connect successfully and upload or download files.

If you're using a configuration file (/etc/pure-ftpd.conf), you should check there about the options used to start the server. Else check the server startup script for "-lpam" and change it to "-lunix"

Regards

Why is this topic marked as SOLVED? This is really misleading and doesn't help anyone..

/etc/pure-ftpd/pure-ftpd.conf contains instructions which authentication to use.

So what was the solution? I have the exact same problem (without using TLS) and it doesn't work at all.

pure-pw useradd doesn't submit the password of the user to the Database.
So afterwards then try this:

pure-pw mkdb

or

pure-pw passwd joe -m

I had the same error which was due to a trailing space on the username. Testing with and without a trailing space I saw the "Response: 331 User username OK. Password required." in my packet capture; however, no joy passing the username with a trailing space.