Trouble running ProFTP

jkellogg · 05-20-2013, 06:21 PM

I have a strange one for you guys. Im trying to set up ProFTP on my CentOS 6.4 server. Here's my conf file:

Code:

# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName			"ProFTP Server"
ServerIdent			on "FTP Server ready."
ServerAdmin			root@localhost
ServerType			standalone
#ServerType			inetd
DefaultServer			on
AccessGrantMsg			"User %u logged in."
#DisplayConnect			/etc/ftpissue
#DisplayLogin			/etc/ftpmotd
#DisplayGoAway			/etc/ftpgoaway
DeferWelcome			off

# Use this to excude users from the chroot
DefaultRoot			~ !adm

# Use pam to authenticate (default) and be authoritative
 AuthPAMConfig			proftpd
 AuthOrder			mod_auth_pam.c* mod_auth_unix.c
 AuthPAM on
# AuthOrder			mod_sql.c

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups			off
UseReverseDNS			off

# Port 21 is the standard FTP port.
Port				21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask				022

# Default to show dot files in directory listings
ListOptions			"-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228		off
#RootLogin			off
#LoginPasswordPrompt		on
#MaxLoginAttempts		3
#MaxClientsPerHost		none
#AllowForeignAddress		off	# For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart		on
AllowStoreRestart		on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances			20

# Set the user and group that the server normally runs at.
User				nobody
Group				nobody

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile			no

# This is where we want to put the pid file
ScoreboardFile			/var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
  AllowOverwrite		yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
TransferLog /var/log/proftpd/xfer.log
ExtendedLog /var/log/proftpd/proftpd.log
UseFtpUsers on
RootLogin off
AuthAliasOnly off
<Directory /home/ftpshared/anime>
<Limit ALL>
      DenyAll
      Allow jeremy
</Limit>
</Directory>

</Global>

# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
SystemLog /var/log/proftpd/error.log

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine			on
#TLSRequired			on
#TLSRSACertificateFile		/etc/pki/tls/certs/proftpd.pem
#TLSRSACertificateKeyFile	/etc/pki/tls/certs/proftpd.pem
#TLSCipherSuite			ALL:!ADH:!DES
#TLSOptions			NoCertRequest
#TLSVerifyClient		off
##TLSRenegotiate		ctrl 3600 data 512000 required off timeout 300
#TLSLog				/var/log/proftpd/tls.log

# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
#<IfModule mod_dso.c>
#   LoadModule mod_sql.c
#   LoadModule mod_sql_mysql.c
#   LoadModule mod_sql_postgres.c
#</IfModule>

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User				ftp
#  Group				ftp
#  AccessGrantMsg		"Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias			anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients			10 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir			/pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files. 
#  DisplayLogin			/welcome.msg
#  DisplayFirstChdir		.message
#  DisplayReadme			README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser			on ftp
#  DirFakeGroup			on ftp
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite		no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog			off
#
#  # Logging for the anonymous transfers
#  ExtendedLog		/var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog		/var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

Now, with this config, when I try to login using a user I created, I get the following (output from proftpd -nd9):

Code:

largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): FTP session opened.
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching PRE_CMD command 'USER bill' to mod_tls
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching PRE_CMD command 'USER bill' to mod_core
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching PRE_CMD command 'USER bill' to mod_core
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching PRE_CMD command 'USER bill' to mod_delay
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching PRE_CMD command 'USER bill' to mod_auth
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching CMD command 'USER bill' to mod_auth
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching POST_CMD command 'USER bill' to mod_delay
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching LOG_CMD command 'USER bill' to mod_log
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching PRE_CMD command 'PASS (hidden)' to mod_tls
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching CMD command 'PASS (hidden)' to mod_auth
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): ROOT PRIVS at mod_auth_pam.c:311
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): RELINQUISH PRIVS at mod_auth_pam.c:481
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): USER bill (Login failed): Incorrect password.
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth
largo.mydomain.com proftpd[13445] 192.168.11.50 (192.168.11.92[192.168.11.92]): FTP session closed.

The password IS correct, I have triple checked it. Now, if I comment out the lines in the conf relating to PAM auth and then run proftpd -nd9 from the command line, I can login without issue with my created users. Here's the weird part. If I then run the server using "service proftpd start", I get the following when I log in with my created user (this is from the error log):

Code:

May 20 14:25:12 largo.mydomain.com proftpd[11003] 192.168.11.50 (192.168.11.92[192.168.11.92]): FTP session opened.
May 20 14:25:12 largo.mydomain.com proftpd[11003] 192.168.11.50 (192.168.11.92[192.168.11.92]): USER bill (Login failed): No such user found.
May 20 14:25:12 largo.mydomain.com proftpd[11003] 192.168.11.50 (192.168.11.92[192.168.11.92]): FTP session closed.

This is seriously confusing. Why would it work when run in debug mode but not when run as a service? Any ideas?

jkellogg · 05-21-2013, 04:50 PM

No one?

bloodstreetboy · 05-25-2013, 08:35 AM

In webmin, go to your ProFTPD module and look for an icon/option of Denied FTP Users. Remove any users from that list, that you want access to the FTP server.