ProFTPD authentication failure

Sure, I can login and take a look - my IP is 98.210.100.7.

What is your system's IP?

Are you using LDAP to store users on this system?

I have seen issues in the past where ProFTPd doesn't want to authenticate using LDAP, but have been unable to resolve them .. it feels like some internal error in ProFTPd.

If vsftpd works for you, it is actually quite safe to use it ..

Sorry, I was wrong about LDAP .. it isn't actually being used.

If you like, I can switch your system back to proftpd and take another look?

Ok, I re-enabled proftpd and was able to get authentication working by commenting out the following line in /etc/proftpd.conf

Let me know if it works OK for you ..

Yeah, that's part of the default proftpd config .. oddly, it usually works fine.

Automatically closed -- issue fixed for 2 weeks with no activity.

Hi guys. I have this exact problem. I commented out teh line :

But still no luck. My logs show 'no such user' and :

Deprecated pam_stack module called from service "proftpd" Sep 21 13:28:33 onduline unix_chkpwd[12561]: password check failed for user (dianke)

Any ideas?

mikelawford - did you restart proftpd after making this change?

Yeah course I did!

No change at all....

Also, check that in proftpd.conf the AuthPAMConfig directive is set to a PAM service that has a file under /etc/pam.d .

Yip that seems to check out as well. /etc/proftpd.conf looks like:

AuthPAMConfig proftpd

There is a file called proftpd in /etc/pam.d/.

So what next?

What does the /etc/pam.d/proftpd file contain on your system?

It should have the same contents as other files under /etc/pam.d .. typically something like :

Yeah it looks OK as follows:

#%PAM-1.0 auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required pam_stack.so service=system-auth auth required pam_shells.so account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth

Can u see any errors? If not - can you also log into my server and check this please? How should I enable remote SSH for your IP?

Sure, I'd be happy to login and take a look .. you can set this up as documented at : http://www.virtualmin.com/documentation/id,support_requests_and_remote_l...

OK im happy to do this but the instructions make no sense.

"On the System Information page, click on the optional Virtualmin packages link." My system info page has no links - except upgrade webmin (which doesnt work in any event). It just shows the webmin info and version number - 1.470.

There is also a ref to "Open the System Settings link on the left menu, and click on Support Login Privileges." There is a system settings tab but there is no support login within there?

What am I doing wrong?

Are you logged in a root? The system information page should have a line like :

Package updates There are 15 optional Virtualmin packages that you can install

Yip definately logged in as root. When I click on the system information page (second option above logout on the LHS) it shows me the same details as when I login - i.e. all my system information (time, system uptime, memory diskspace etc). The only functions are buttons to update the OS (really dont want to do that) and upgrade webmin - which throws an error "Failed to upgrade from www.webmin.com : Missing Location header".

I even tried with yum (yum install wbm-virtualmin-support) and get an error saying "No package wbm-virtualmin-support available. Nothing to do"

So where to from here....

It sounds like you aren't actually using the Virtualmin theme, which is odd as the installer sets that up by default. Go to Webmin -> Change Language and Theme, and select the "Virtualmin Framed Theme", then click "Save".

Then logout and login in, and re-check the System Information page.

ha - no change im afraid. The theme is set as default to Global theme (Blue Framed Theme). This is the correct one? I have a choice of old webmin, Caldera or MSC linux?

Next suggestion...

Actually, I just realized that it would be easier to by-pass any theme issues for now, and instead just SSH in and run :

yum install wbm-virtualmin-support

Then go to https://yourserver:10000/virtualmin-support/ in your browser.

Tried that alreoady - as per my abve post in #23 "I even tried with yum (yum install wbm-virtualmin-support) and get an error saying "No package wbm-virtualmin-support available. Nothing to do"

Going to 'https://yourserver:10000/virtualmin-support/' just brings me to the standard login page?

So again - where to from here?

I guess instead you could just send me an email at jcameron@virtualmin.com with your SSH login details. If you are concerned about security, it can be GPG encrypted with my key from http://www.webmin.com/jcameron-key.asc

Thanks Jamie. U got mail...

Ok, I logged in, and found the following issues :

1) You weren't running the Virtualmin theme or the latest version of Webmin, so I upgraded them

2) The support module isn't available as this isn't a Virtualmin Pro install..

However, proftpd is still unabled to accept logins .. because users can't access /home

Are you running SElinux there?

Thanks for having a look and running the upgrades. Would you recommend that next time we rather install just Virtualmin then? I thought that installing Webmin would be better as it includes Virtualmin?

Nope not running SElinux. Its just a basic CentOS install with Webmain on top of it - pretty straight forward.

So why would access to /home be blocked?

The best way to install Virtualmin is to run it's install script, which brings in Webmin and a number of other dependencies. This is only really suited to a fresh system though.

Regarding selinux, you can check if it is enabled with the selinuxenabled command, as documented at http://linux.die.net/man/8/selinuxenabled

To turn it off , edit /etc/sysconfig/selinux and change the SELINUX= line to SELINUX=disabled , then reboot.

Cant seem to get the selinuxenabled command to work though - script keeps returning nothing and not a 1 or a 0 as it does.

But SELinux must be installed then as when I edit the file '/etc/sysconfig/selinux' I see the line :

SELINUX=enforcing

I can set this to disabled if you like but am not keen to do this long term - are their security risks? Are you saying that FTP will only work with SELinux disabled?

Feel free to test it if you wish.

Thanks, Mike

I'd recommend disabling selinux support, as it provides a level of security that most people really don't need. And it appears to be incompatible with proftpd, which I can't really do much about ..

Ok I have disabled it. Does that make any difference?

Thanks for your help thus far.

Can you FTP in now?

Nope - same thing. Logging into the IP with username 'diankeftp.dianke' and the listed password. Still bombs same as it did....

I will login again and take another look ..

Ok, it should be working now .. there were two issues :

1) /etc/pam.d/proftpd didn't match the rest of the system , so I copied /etc/pam.d/sshd 2) The user had a shell of /bin/false, but that wasn't in /etc/shells. This is now fixed.

Awesome thanks - confirmed its fine again now. Can I set SSELinux back to on?

Give it a try .. I'm not sure if it will break ProFTPd though, as it seemed to cause problems before.

Hi,

Test all fixes of the thread. None works.

Except install vsftpd, stop proftpd, edit vsftp config file (disable anonymous login and set firewall ports for passive mode), add firewall rules for passive mode and start vsftpd. And now, ftp login works with an user login set with Virtualmin.

Regards, Raphaël Pautasso

There seems to be some proftpd bug that prevents it from working with ldap properly. Oddly, vsftpd works fine..