Proftpd Not starting and subdomain mail not working.

even if i clikc on start or refresh button nothing happens. proftpd remains unstarted

also i could not login to virtualmin with username cejey. i forgot the email on file. so i created this new account.

Status: 
Closed (fixed)

Comments

ronald's picture
Submitted by ronald on Sat, 06/13/2009 - 09:09 Pro Licensee

hints to problems and solutions are found in logs. without logs no one can provide a sane solution.

logs can be found in /var/log directory and in webmin - System - System Logs

per haps you can find some relevant entries?

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 10:08 Pro Licensee

This is what i see with regards to proftpd:

Jun 13 10:05:13 ns1 proftpd[3703]: ns1.bislinks.com - Check the ServerType directive to ensure you are configured correctly.

with regards to mail errors:

Jun 11 00:50:24 ns1 dovecot-auth: pam_ldap: error trying to bind as user "uid=mgideon.rachelmurthy,dc=users,dc=bislinks,dc=com" (Invalid credentials) Jun 11 00:55:37 ns1 dovecot-auth: pam_ldap: error trying to bind as user "uid=mgideon.rachelmurthy,dc=users,dc=bislinks,dc=com" (Invalid credentials) Jun 11 01:11:25 ns1 dovecot-auth: pam_ldap: error trying to bind as user "uid=rg,dc=users,dc=bislinks,dc=com" (Invalid credentials) Jun 12 09:20:53 ns1 dovecot-auth: pam_ldap: error trying to bind as user "uid=wilson,dc=users,dc=bislinks,dc=com" (Invalid credentials) Jun 12 11:32:20 ns1 su: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP server Jun 12 11:32:20 ns1 su: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server

any ideas.

Ahh, so are you using LDAP on your server?

And are services other than FTP having trouble at the moment?

However, I'm curious what happens if you log in on the command line, and restart ProFTP from there. You can do that with something like:

/etc/init.d/proftpd restart

Do you see any errors or warnings?

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 10:26 Pro Licensee

yes. i am using ldap.

not sure if i have trouble with other services.

the trouble with mail started after i restarted the box, it was ok until the machine restart.

this is what i got after running the above command:

Shutting down proftpd: [FAILED] Starting proftpd: [ OK ]

I dont see any obvious warnings but i still see proftpd as not started in the systems info when i logged into webmin

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 10:33 Pro Licensee

i remember now: i also had problems logging in to ssh as a sub domain user

Well, the LDAP errors you're getting suggest that the LDAP server cannot be contacted.

I'm not quite sure whether the two errors your getting are related or not, yet :-)

For FTP -- if you type:

ps auxw | grep ftp

Do you see any results?

Regarding LDAP -- I'd like to verify that it's started up at the moment, it almost sounds like it stopped. What distro/ldap server are you using? How to do that differs.

You aren't by chance running out of disk space are you?

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 10:41 Pro Licensee

ps auxw | grep ftp root 2937 0.0 0.0 5176 520 ? Ss Jun12 0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf root 9440 0.0 0.0 3916 704 pts/2 S+ 10:39 0:00 grep ftp auto 20140 0.0 0.0 6612 1604 ? Ss 08:22 0:00 /usr/libexec/openssh/sftp-server auto 20256 0.0 0.0 6616 1632 ? Ss 08:25 0:00 /usr/libexec/openssh/sftp-server auto 26701 0.0 0.0 6612 1600 ? Ss 09:06 0:00 /usr/libexec/openssh/sftp-server

i am using openldap; installed throug webmin and setup as per ldap documentation on webmin documentation

Aha!

Well, there's the FTP issue.

It looks like VSFTP is running, and that would certainly keep ProFTP from starting up.

Since the vsftp service is normally shut off by Virtualmin at install-time, it looks like something may have re-enabled that. That's okay though, we can fix it! ;-)

To do that, go into Webmin -> System -> Bootup and Shutdown, and set the "vsftp" service to not start at boot (check the box next to the service, and hit the button at the bottom named "Disable on Boot").

Also verify that ProFTP is set to start on bootup.

At this point, see if you can restart FTP.

Oops, in addition to having to select "Disable on Boot" for vsftp, you also have to choose "stop" to actually stop the service, prior to trying to startup proftp.

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 11:06 Pro Licensee

Proftpd started up well and i also set it up to start at bootup and completely disabled vsftpd

However, i could not still login to sftp as e.g.: rg.bislinks.com

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 11:09 Pro Licensee

This is the error i get when i try to create a virtual server: k.bislinks.com

Creating administration group k .. .. done Creating administration user k .. .. administration user was created but does not exist!

Failed to create virtual server : Critical feature Administration user was not properly created - Virtual server creation halted.

Okay, so we're off to a good start with FTP, now to fix the other issues, which appear to be LDAP related.

I suspect your LDAP server is either not functioning properly, or perhaps isn't running.

It sounds like you're running LDAP on this particular server (as opposed to it running on a remote server). If that's the case, what does this command show:

ps auxw | grep slapd

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 11:18 Pro Licensee

ps auxw | grep slapd ldap 2804 0.1 0.3 114336 5940 ? Ssl Jun12 1:30 /usr/sbin/slapd -h ldap:/// ldaps:/// -u ldap root 15528 0.0 0.0 3912 672 pts/2 R+ 11:17 0:00 grep slapd

Okay, so if you run this command:

/etc/init.d/slapd restart

And then attempt logging in over SSH (or SFTP) again, does that work? And if not, what's in the log file regarding ldap/slapd? -Eric

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 11:34 Pro Licensee

/etc/init.d/slapd restart -bash: /etc/init.d/slapd: No such file or directory

also when i log in as a sub user (****.bislinks.com) i get this error: id: cannot find name for user ID 596. however i am able to log into the ssh as **** on ****.bislinks.com

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 11:37 Pro Licensee

I am able to access openldap from webmin under servers.

i am running OpenLDAP 2.3.43

Which distro did you say you're using again?

The startup script is not called "slapd" on all distros apparently :-)

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 11:41 Pro Licensee

/var/webmin/miniserv.error:

[11/Jun/2009:00:57:26 -0500] Reloading configuration [11/Jun/2009:01:01:42 -0500] Reloading configuration [11/Jun/2009:01:06:26 -0500] Reloading configuration Failed to initialize SSL connection [11/Jun/2009:08:34:48 -0500] miniserv.pl started [11/Jun/2009:08:34:48 -0500] PAM authentication enabled Error: Failed to add user to LDAP database : index generation failed Error: Failed to add user to LDAP database : index generation failed Error: Failed to add user to LDAP database : index generation failed [12/Jun/2009:11:39:50 -0500] miniserv.pl started [12/Jun/2009:11:39:50 -0500] PAM authentication enabled Failed to initialize SSL connection Failed to initialize SSL connection Failed to initialize SSL connection Error: '24.121.141.11.' is not a valid nameserver Error: You cannot create a record with the same name as an existing name alias record. [12/Jun/2009:23:09:55 -0500] [212.204.230.201] Bad Request : This web server is running in SSL mode. Try the URL https://ns1.bislinks.com:10000/ instead.
[12/Jun/2009:23:09:56 -0500] [212.204.230.201] /unauthenticated//../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/shells : File not found [13/Jun/2009:11:06:02 -0500] Reloading configuration Error: Critical feature Administration user was not properly created - Virtual server creation halted.

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 11:42 Pro Licensee

i dont know how to find out distro

Alright, give me a moment to throw down some lunch -- but I think it might help if I logged in and poked around a bit if that's okay.

I don't believe the remote support module is working at the moment, the easiest way to do this would simply be to email root login details to eric@virtualmin.com -- and include a link to this bug report in the message body if you can.

Thanks!

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 11:49 Pro Licensee

which slapd gives me /usr/sbin/slapd: will that help in any way

Howdy -- just to make sure you received my email, I'll need your hostname or IP address in addition to the password.

Once I have that, I'll be able to log in and see whats going on there. Thanks!

Alright, I see the errors you're talking about over at bislinks.com -- I also see a minor issue with the ldap config file.

I corrected that, and restarted ldap.

Can you try it again?

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 22:02 Pro Licensee

i tried to create a.bislinks.com and the error i got is

Creating administration group a .. .. done Creating administration user a .. .. administration user was created but does not exist!

Failed to create virtual server : Critical feature Administration user was not properly created - Virtual server creation halted.

i tried to login to ssh as a sub user (wilson.bislinks.com with username wilson)using PUTTY: i got this error Cannot initialize SFTP protocol. Is the host running a SFTP server? this account was created last week

Okay, a few things --

First, SFTP is setup and running on your server. I was able to log in using it.

Second, I see this error in the logs:

Jun 13 22:00:15 ns1 sshd[12462]: Invalid user wilson.bislinks from 24.121.159.127

That suggests someone is trying to log in using wilson.bislinks, rather than just "wilson".

The user "wilson" does exist -- the user "wilson.bislinks" does not.

Third - regarding not being able to add a Virtual Server --

I assume that at one point, you were able to add Virtual Servers with LDAP setup?

That shouldn't just break on it's own -- when did that break? And has something changed recently?

Any system updates? Changes in the server config?

It sounds like your system isn't configured to use the LDAP server for users and groups.

If you go to Webmin -> System -> LDAP Client -> Validate Configuration, does it report that everything is OK?

bislinks's picture
Submitted by bislinks on Sat, 06/13/2009 - 23:42 Pro Licensee

wilson.bislinks.com was created when ldap was running.

validation results: Finding LDAP base for users .. .. found base dc=users,dc=bislinks,dc=com.

Connecting to LDAP server .. .. connected to localhost

Searching for users .. .. found 16 users.

Checking Unix users service .. .. service is setup to query LDAP.

Looking for Unix user example .. .. user found successfully.

Your system has been successfully configured as an LDAP client!

Yeah, LDAP itself seems to be working for reads -- I'm able to query specific users and groups within it.

The LDAP config check runs okay, as does the Virtualmin config check.

However, writes to it seem to be having trouble. In addition to what we already saw, with Virtualmin being unable to create a Virtual Server, if I go into LDAP Users and Groups, and try to modify attributes belonging to a user, I receive:

"Failed to save user : Failed to modify user in LDAP database : Unknown error"

I'll continue to look into what might be causing that.

I logged into your system, and it looks like the LDAP database is corrupt in some way .. reads work, but writes are failing. One possible solution is :

1) Dump the whole database with ldapsearch or slapd_db_dump

2) Remove the LDAP server package and delete all DB data files

3) Re-install the LDAP server

4) Restore all the data.

Let us know if you'd like us to do that..

bislinks's picture
Submitted by bislinks on Mon, 06/15/2009 - 09:31 Pro Licensee

YES, PLEASE DO IT FOR ME

Ok, I am doing this now..

Ok, done .. and domain creation seems to work fine!

For the record, I had to do the following :

/etc/init.d/ldap stop
slapcat >/root/ldap.ldif
rm /var/lib/ldap/*
/etc/init.d/ldap start
/etc/init.d/ldap stop
slapadd </root/ldap.ldif
chown -R ldap: /var/lib/ldap
/etc/init.d/ldap start
bislinks's picture
Submitted by bislinks on Tue, 06/16/2009 - 11:22 Pro Licensee

THANKS VERY MUCH.

i dont know if it is related ldap or not. when i login to usermin as wilson, it says user does not exist. no mail is received by user wilson

What is the exact error you are getting in Usermin?

bislinks's picture
Submitted by bislinks on Tue, 06/16/2009 - 11:33 Pro Licensee

the same thing is happenning to another user too.

bislinks's picture
Submitted by bislinks on Tue, 06/16/2009 - 12:34 Pro Licensee

this is what is coming on the left side of usermin.

wilson wilson@ns1.bislinks.com Inbox Sent mail Drafts Sent Search: Manage Folders Address Book Mail Preferences The Unix user wilson does not exist.

Return to previous page

IN HORDE: i can login to horde as wilson but no mail can be received to wilson@wilson.bislinks.com

Well, the user "wilson" does exist, and shows up as being in LDAP.

However, looking at the secure log, when attempting to authenticate over Dovecot, it says:

Jun 16 01:32:45 ns1 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:213.10.55.189 user=wilson Jun 16 01:32:45 ns1 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown

That may mean there's a problem with the PAM setup for Dovecot.

bislinks's picture
Submitted by bislinks on Tue, 06/16/2009 - 12:57 Pro Licensee

pls let me know what to do about it

Fixed - the issue was that your LDAP server wasn't allowing non-root users to read data, so the 'wilson' user could not determine that he existed! This probably broke mail too.

The fix was to edit /etc/openldap/slapd.conf and change the line :

access to * by users read to :

access to * by users read by anonymous read

bislinks's picture
Submitted by bislinks on Tue, 06/16/2009 - 18:55 Pro Licensee

THANK YOU SO MUCH

No probs .. I will mark this bug as fixed.

Automatically closed -- issue fixed for 2 weeks with no activity.