hi,

i have a rough vsftpd configuration. my main problem is that, vsftpd never authenticate the user. it always login as an anonymous.

ftp syproxy
Connected to syproxy.shinyang.com.my.
220 (vsFTPd 1.2.1)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (syproxy:root): yohiu
530 This FTP server is anonymous only.
Login failed.
ftp>


actually, i want to disable the anonymous login. but, it cant make it, eventhough after i had stated "anonymous_enable=NO"

this is my /etc/xinetd.d/vsftpd
service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10
}


this is my vsftpd.conf file.

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
#write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES

pam_service_name=vsftpd
userlist_enable=YES
#enable for standalone mode
listen=YES
tcp_wrappers=YES

pls advise.. thanks.....

you will have to set

LISTEN=no

if you want to run vsftpd under xinetd.

Not sure about the consequenses of vsftpd running as a daemon and as a xinetd subservice simultaneously.

but somehow, i read from here
http://www.vsftpdrocks.org/source/

it stated that LISTEN=YES

am i wrong???pls advise

[root@syproxy vsftpd]# telnet syproxy 21
Trying 172.16.1.53...
Connected to syproxy.shinyang.com.my (172.16.1.53).
Escape character is '^]'.
220 (vsFTPd 1.2.1)
user yohiu
530 This FTP server is anonymous only.

how come it always prompt me "This FTP server is anonymous only"

man vsftpd.conf

listen If enabled, vsftpd will run in standalone mode. This means that
vsftpd must not be run from an inetd of some kind. Instead, the
vsftpd executable is run once directly. vsftpd itself will then
take care of listening for and handling incoming connections.

Default: NO


Please make sure there do not exist 2 copies of vsftpd.conf ... a very wild guess.

no two copies of vsftpd.conf. but, i still cant get the authentication. why?????

[root@syproxy root]# ftp syproxy
Connected to syproxy.shinyang.com.my.
220 (vsFTPd 1.2.1)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (syproxy:root): yohiu
530 This FTP server is anonymous only.
Login failed.
ftp>

why it always complianing about "530 This FTP server is anonymous only".

something to do with KERBEROS??? i am wondering..... pls...advise...

try setting LISTEN = no in vsftpd.conf and restart vsftpd

# kill -1 `pidof xinetd`

to be sure 2 vsftpd servers are not running to ensure your anonymous problem is not due to this.

I just did a clean install of vsftpd 2.0.1 and am able to logon with a local user. I am also running in standalone. I did change my vsftpd.conf to something very similar to yours, but I had to kill vsftpd and then restart it. Another you may want to check is if your local user is a member of the group 'ftp'. This may be only in Slackware, but it works for me.

Here's my vsftpd.conf:

Hope this helps!

Go here:
http://www.vsftpdrocks.org/source/

This page is by far the simplest and most helpful for setting up vsftpd as either standalone or through xinetd and for authenticating users (see the bottom of the page for users).

Hope this helps.