LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-14-2008, 01:44 PM   #16
inspiron_Droid
Member
 
Registered: Dec 2006
Distribution: Debian (Wheeze)
Posts: 391

Rep: Reputation: Disabled

IMHO, I'd use sambva on the original machine where you want to store the home directories ant director A pointer on the Active Directory Server to the machine on the network upon which you wish to store the home directories, and onet he windows side point the users C:\Documentsand settings/username folders to the home folders for each user whic you have migrated to the lijux server via a script which is rum at boot on the ms client machiens.
 
Old 03-14-2008, 01:57 PM   #17
richinsc
Member
 
Registered: Mar 2007
Location: Utah
Distribution: Gentoo Linux (3.0.6-gentoo)
Posts: 222

Original Poster
Rep: Reputation: 32
Okay I was able to get vstpd install with mysql database authentication. That all works good and dandy then I went to install and configure ssl support, and now I can login to system but but get denied after TLS/SSL Connection is Established.

Client FTP Log

Code:
Connection established, waiting for welcome message...
Response:	220 (vsFTPd 2.0.5)
Command:	AUTH TLS
Response:	234 Proceed with negotiation.
Status:	Initializing TLS...
Command:	USER testuser
Status:	Verifying certificate...
Status:	TLS/SSL connection established.
Response:	331 Please specify the password.
Command:	PASS ******
Error:	Disconnected from server
Error:	Could not connect to server
Status:	Waiting to retry...
Status:	Connecting to XXX.XXX.XXX.XXX:21...
Status:	Connection established, waiting for welcome message...
Response:	220 (vsFTPd 2.0.5)
Command:	AUTH TLS
Response:	234 Proceed with negotiation.
Status:	Initializing TLS...
Command:	USER testuser
Status:	Verifying certificate...
Status:	TLS/SSL connection established.
Response:	331 Please specify the password.
Command:	PASS ******
Error:	Disconnected from server
Error:	Could not connect to server
Status:	Waiting to retry...
Server Log File

Code:
Fri Mar 14 14:46:45 2008 [pid 28494] [testuser] OK LOGIN: Client "XXX.XXX.XXX.XXX"
Fri Mar 14 14:46:50 2008 [pid 28498] CONNECT: Client "XXX.XXX.XXX.XXX"
Fri Mar 14 14:46:50 2008 [pid 28497] [testuser] OK LOGIN: Client "XXX.XXX.XXX.XXX"
Fri Mar 14 14:52:25 2008 [pid 28503] CONNECT: Client "XXX.XXX.XXX.XXX"
Fri Mar 14 14:52:29 2008 [pid 28502] [testuser] OK LOGIN: Client "XXX.XXX.XXX.XXX"
Fri Mar 14 14:52:34 2008 [pid 28506] CONNECT: Client "XXX.XXX.XXX.XXX"
Fri Mar 14 14:52:34 2008 [pid 28505] [testuser] OK LOGIN: Client "XXX.XXX.XXX.XXX"
Fri Mar 14 14:53:02 2008 [pid 28512] CONNECT: Client "XXX.XXX.XXX.XXX"
Fri Mar 14 14:53:02 2008 [pid 28511] [testuser] OK LOGIN: Client "XXX.XXX.XXX.XXX"
Fri Mar 14 14:53:07 2008 [pid 28515] CONNECT: Client "XXX.XXX.XXX.XXX"
Fri Mar 14 14:53:07 2008 [pid 28514] [testuser] OK LOGIN: Client "XXX.XXX.XXX.XXX"
My Configuration file

Code:
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
nopriv_user=vsftpd
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
guest_enable=NO
#guest_username=vsftpd
local_root=/home/vsftpd/$USER
user_sub_token=$USER
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd_user_conf

Last edited by richinsc; 03-14-2008 at 02:02 PM.
 
Old 03-14-2008, 02:41 PM   #18
weisso5
Member
 
Registered: Oct 2007
Location: New York City
Distribution: Gentoo, FC
Posts: 133

Rep: Reputation: 16
Which Client are you trying it with?


Also as a test try this in a web browser:
Code:
ftp://user:password@XXX.XXX.XXX.XXX
-weisso

Last edited by weisso5; 03-14-2008 at 02:42 PM.
 
Old 03-14-2008, 02:48 PM   #19
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678
Quote:
Originally Posted by linux-Hawk View Post
IMHO, I'd use sambva on the original machine where you want to store the home directories ant director A pointer on the Active Directory Server to the machine on the network upon which you wish to store the home directories, and onet he windows side point the users C:\Documentsand settings/username folders to the home folders for each user whic you have migrated to the lijux server via a script which is rum at boot on the ms client machiens.
I don't think the users are running Windows clients.
 
Old 03-14-2008, 02:56 PM   #20
richinsc
Member
 
Registered: Mar 2007
Location: Utah
Distribution: Gentoo Linux (3.0.6-gentoo)
Posts: 222

Original Poster
Rep: Reputation: 32
Working with FileZilla and also tried FireFTP (Firefox SSL FTP Extension) When I try login regular in browser as you say I get the following mesg which is what I want because I want to force ssl. Mesg is "530 Non-anonymous sessions must use encryption". I expected this msg.
 
Old 03-14-2008, 03:11 PM   #21
richinsc
Member
 
Registered: Mar 2007
Location: Utah
Distribution: Gentoo Linux (3.0.6-gentoo)
Posts: 222

Original Poster
Rep: Reputation: 32
Well I have changed out my configuration and am now using vsftp over ssl for simplicity's sake and enabled mysql authentication so they don't require local accounts.
 
Old 03-14-2008, 03:55 PM   #22
richinsc
Member
 
Registered: Mar 2007
Location: Utah
Distribution: Gentoo Linux (3.0.6-gentoo)
Posts: 222

Original Poster
Rep: Reputation: 32
It's possible it may be my firewall blocking the SSL. If so any suggestions? What ports do I need to allow besides 21?
 
Old 03-14-2008, 04:00 PM   #23
weisso5
Member
 
Registered: Oct 2007
Location: New York City
Distribution: Gentoo, FC
Posts: 133

Rep: Reputation: 16
SSH - 22
FTP - 21
FTPS - 989/990
HTTPS - 443
LDAP/LDAPs - 389/636


What kind of firewall do you have?


-weisso

Last edited by weisso5; 03-14-2008 at 04:02 PM.
 
Old 03-14-2008, 04:01 PM   #24
richinsc
Member
 
Registered: Mar 2007
Location: Utah
Distribution: Gentoo Linux (3.0.6-gentoo)
Posts: 222

Original Poster
Rep: Reputation: 32
Custom iptables

Currently allow all connections regardless of port for test machine and still can't log in.

Last edited by richinsc; 03-14-2008 at 04:03 PM.
 
Old 03-14-2008, 04:05 PM   #25
weisso5
Member
 
Registered: Oct 2007
Location: New York City
Distribution: Gentoo, FC
Posts: 133

Rep: Reputation: 16
basic iptables rules:

# accept all from localhost
-A INPUT -s 127.0.0.1 -j ACCEPT

# accept all previously established connections
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# ssh
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

# ftp / webserver related
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

# Windows / Samba
-A INPUT -p tcp -m state --state NEW -m tcp --dport 137:139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 426 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
 
Old 03-14-2008, 04:09 PM   #26
richinsc
Member
 
Registered: Mar 2007
Location: Utah
Distribution: Gentoo Linux (3.0.6-gentoo)
Posts: 222

Original Poster
Rep: Reputation: 32
Currently allowing this for my test machine to work.. Just to try and trouble shoot.

iptables -A INPUT -s xxx.xxx.xxx.xxx -j ACCEPT
iptables -A OUTPUT -d xxx.xxx.xxx.xxx -j ACCEPT

This should allow anything from my test machine but I am still not able to connect...

I set the following to no and still couldn't get to connect

force_local_data_ssl=NO
force_local_logins_ssl=NO

Still unable to connect... It has to do with something at SSL level.
 
Old 03-14-2008, 04:24 PM   #27
richinsc
Member
 
Registered: Mar 2007
Location: Utah
Distribution: Gentoo Linux (3.0.6-gentoo)
Posts: 222

Original Poster
Rep: Reputation: 32
Now a weird issue. If I disable SSL I can't even get connection and says that can't find the user. I think something more changed when enabled ssl. Going to recheck connection to db... Any way I can monitor DB connections and transactions as their happening?

This is what I get after disabling SSL

Code:
tatus:	Connection established, waiting for welcome message...
Response:	220 (vsFTPd 2.0.5)
Command:	USER testuser
Response:	331 Please specify the password.
Command:	PASS ******
Response:	500 OOPS: cannot locate user entry:testuser
Error:	Could not connect to server

Last edited by richinsc; 03-14-2008 at 04:43 PM.
 
Old 03-17-2008, 07:25 AM   #28
richinsc
Member
 
Registered: Mar 2007
Location: Utah
Distribution: Gentoo Linux (3.0.6-gentoo)
Posts: 222

Original Poster
Rep: Reputation: 32
Sorry to have to bump this thread, but I am still working on the issue and in need of assistance.
 
Old 03-17-2008, 09:49 AM   #29
weisso5
Member
 
Registered: Oct 2007
Location: New York City
Distribution: Gentoo, FC
Posts: 133

Rep: Reputation: 16
Hello,

The error you posted clearly says:
Quote:
Response: 500 OOPS: cannot locate user entry:testuser
meaning you are using a not valid user.

Repost your vstfpd config.


Roll back to when you got it to work with FileZilla, and let's try a few things.

1. Make sure all services are running.
2. use NMAP on another station to determine if the correct ports are open
3. Try and login using an FTP client, make sure you use correct user and password
4. Check the logs for specific errors, not client side errors.

-weisso
 
Old 03-17-2008, 10:09 AM   #30
richinsc
Member
 
Registered: Mar 2007
Location: Utah
Distribution: Gentoo Linux (3.0.6-gentoo)
Posts: 222

Original Poster
Rep: Reputation: 32
weisso5,

I only get the following when I disable SSL,

Code:
Status:	Resolving IP-Address for dragon
Status:	Connecting to 10.4.10.114:21...
Status:	Connection established, waiting for welcome message...
Response:	220-Test Banner
Response:	220 
Command:	USER testuser
Response:	331 Please specify the password.
Command:	PASS ******
Response:	500 OOPS: cannot locate user entry:testuser
Error:	Could not connect to server
To disable SSL I edit /etc/vsftpd.conf and comment out SSL parts as shown below...

Code:
# cat /etc/vsftpd.conf
listen=YES
ftpd_banner=Authorized Users Only! All others will be prosecuted to the full extent of the Law!
banner_file=/home/vsftpd/welcome.banner
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
nopriv_user=vsftpd
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
#ssl_enable=YES
#allow_anon_ssl=NO
#force_local_data_ssl=YES
#force_local_logins_ssl=YES
#ssl_tlsv1=YES
#ssl_sslv2=NO
#ssl_sslv3=NO
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
guest_enable=NO
#guest_username=vsftpd
local_root=/home/vsftpd/$USER
user_sub_token=$USER
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd_user_conf
When I enable SSL I get the following message

Code:
Status:	Resolving IP-Address for dragon
Status:	Connecting to 10.4.10.114:21...
Status:	Connection established, waiting for welcome message...
Response:	220-Test Banner
Response:	220 
Command:	AUTH TLS
Response:	234 Proceed with negotiation.
Status:	Initializing TLS...
Command:	USER testuser
Status:	Verifying certificate...
Status:	TLS/SSL connection established.
Response:	331 Please specify the password.
Command:	PASS ******
Error:	Disconnected from server
Error:	Could not connect to server
Status:	Waiting to retry...
This is the vsftpd file changes that give the result above

Code:
# cat /etc/vsftpd.conf
listen=YES
ftpd_banner=Authorized Users Only! All others will be prosecuted to the full extent of the Law!
banner_file=/home/vsftpd/welcome.banner
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
nopriv_user=vsftpd
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
guest_enable=NO
#guest_username=vsftpd
local_root=/home/vsftpd/$USER
user_sub_token=$USER
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd_user_conf
The following is my pam.d file for MySQL and vsftp

Code:
# cat /etc/pam.d/vsftpd
auth required pam_mysql.so user=vsftpd passwd=hidden host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=0
account required pam_mysql.so user=vsftpd passwd=hidden host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=0
I have tried setting crypt to both 0 and 2.. 0 being no encryption, plain text and 2 being encrypted password.

Regardless of the message from FileZilla the vsftpd log always states

Code:
# tail -f /var/log/vsftpd.log
Mon Mar 17 09:28:56 2008 [pid 28017] CONNECT: Client "10.4.10.21"
Mon Mar 17 09:29:00 2008 [pid 28016] [testuser] OK LOGIN: Client "10.4.10.21"
Mon Mar 17 09:34:19 2008 [pid 28065] CONNECT: Client "10.4.10.21"
Mon Mar 17 09:34:19 2008 [pid 28064] [testuser] OK LOGIN: Client "10.4.10.21"
Mon Mar 17 10:07:26 2008 [pid 28944] CONNECT: Client "10.4.10.21"
Mon Mar 17 10:07:26 2008 [pid 28943] [testuser] OK LOGIN: Client "10.4.10.21"
Mon Mar 17 10:59:30 2008 [pid 28993] CONNECT: Client "10.4.10.21"
Mon Mar 17 10:59:30 2008 [pid 28992] [testuser] OK LOGIN: Client "10.4.10.21"
Mon Mar 17 10:59:35 2008 [pid 28996] CONNECT: Client "10.4.10.21"
Mon Mar 17 10:59:35 2008 [pid 28995] [testuser] OK LOGIN: Client "10.4.10.21"
Of course I am still unable to login I am storing the home folders over a samba share of course but I doubt that would affect anything. Let me know what you think I will be refreshing the thread constantly looking for your reply.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftp and ssl Ricci Graham Linux - Security 3 12-15-2004 10:04 AM
I can't get my vsftp daemon to work r_squared Linux - Networking 4 12-13-2004 05:38 PM
vsFTP and SSL Help CrackerStealth Linux - Security 8 09-24-2004 02:38 PM
vsftp with SSL support dominant Linux - General 0 07-05-2004 03:24 AM
vsftp & SSL dominant Linux - General 0 04-11-2004 03:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration