Hi there.
I am running webmin 1.470 and virtualmin Version 3.67. I recently realised that I had not configured my proftpd - and as this would not install via webmin I finally followed one of your forums and installed proftpd version 1.30.
This then allowed me full access to proftpd config via webmin and allowed me to telnet to port 21. As well as this a netstat -tanpu told me that port was open and listening. All good so far.
I then entered virtualmin and clicked one one of the virtual sites, and then added a new FTP user. But when I tried to login with the username I keep getting prompted for a password. I had created teh user with a password and so I entered this - but no matter what un/pw variations I try I keep getting blocked via my FTP client:
STATUS:> [2009/06/23 04:21:31 PM] Socket connected. Waiting for welcome message... [2009/06/23 04:21:32 PM] 220 FTP Server ready. STATUS:> [2009/06/23 04:21:32 PM] Connected. Authenticating... COMMAND:> [2009/06/23 04:21:32 PM] USER diankeftp.dianke [2009/06/23 04:21:32 PM] 331 Password required for diankeftp.dianke. COMMAND:> [2009/06/23 04:21:32 PM] PASS ***** [2009/06/23 04:21:35 PM] 530 Login incorrect. ERROR:> [2009/06/23 04:21:35 PM] Not logged in. STATUS:> [2009/06/23 04:21:36 PM] Connection closed.
Looking in /var/log/messages I see:
FTP session opened. PAM(diankeftp.dianke): Authentication failure.
Why is this not authenticating the pw - is there perhaps a path wrong in the config that I have missed (where do virtual hosts add FTP users and pw's)??
Any and all help is much appreciated!
The FTP usernames and passwords are kept with the rest of the system users (in /etc/passwd and shadow by default).
It looks like it doesn't think the username or password is right -- you can verify those by going into Edit Mail and FTP Users, and click the username in question.
I'd verify that the username is spelled correctly in there, and you can also verify the password on that screen.
-Eric
Hi Eric - thanks for the reply.
Unfortunately thats not the solution - I have double and triple checked username and password combos by doing exactly what you suggest - it just wont authenticate!
I had a look in teh /etc/passwd file and I can see the user as well - the line looks like:
diankeftp.dianke:x:508:509:root:/home/dianke/public_html:/bin/false.
So still no luck??
Thanks, Mike
Does /var/log/secure (or /var/log/auth.log) show any further info?
Is it just this user having trouble -- are other users able to log in via FTP?
-Eric
I've occasionally seen third party ProFTPd packages with broken PAM configuration (or other issues). Where did you get your new ProFTPd version from? Our ProFTPd packages are known to work...many others are known to not work.
--
Check out the forum guidelines!
Thanks again for the comments!
Eric : Its all users that I create it's a problem with the full proftpd module....
I checked the /var/log/secure and see:
Jun 23 15:31:17 onduline proftpd: Deprecated pam_stack module called from service "proftpd" Jun 23 15:31:17 onduline unix_chkpwd[27305]: password check failed for user (diankeftp.dianke)
This may be beacuse as Joe says it is an incorrect version. The rpm I think I downloaded from a link in these forums - the rpm name is proftpd-1.3.0a-3.el4.i386.rpm. I have CentOS - can you provide a working FTP rpm that I can try? Also please let me know how I uninstall the non working rpm from webmin and re-install the new one.
Thanks!
Howdy,
Well, ProFTP is normally installed along with the rest of Virtualmin if you use the install.sh script.
If you hadn't installed with the install.sh script, you can retrieve ProFTP from the Virtualmin software repository here:
http://software.virtualmin.com/gpl/centos/
Well somehow with us it wasnt or perhaps we made an error..
In any event how do I uninstall the incorrect proftpd version or do I not need to uninstall the old version?
I am using CentOS 5.2 so will be using proftpd-1.3.0a-3.el4.i386.rpm - which is exactly what I installed the first time????
I am using CentOS 5.2 so will be using proftpd-1.3.0a-3.el4.i386.rpm - which is exactly what I installed the first time????
You have a third party repository configured that we have no control over. Maybe it works, maybe it doesn't. We don't know, and we can't do anything about it, even if it is broken. ;-)
Edit: Oops. Actually, that is our package. Sorry. It should work. ;-)
2nd Edit for clarity: We usually build our packages with a "vm" in the version string, but in the case of straight rebuilds from EPEL we use the normal version string, so I'll know (and others can know) that it's a straight rebuild of the EPEL package with no changes.
--
Check out the forum guidelines!
Yeah, if you used the install.sh, and didn't get ProFTP, something went awry along the way :-)
Hmm, I'm inclined to think at that point that reinstalling ProFTP won't help -- but if you just want to verify you have that straight, you could try:
rpm -Uvh --replacepkgs proftpd-1.3.0a-3.el4.i386.rpm
Hi - thanks for the feedback.
just to be be sure I reinstalled the correct version to check if that was where the error crept in:
rpm -Uvh --replacepkgs proftpd-1.3.0a-3.el4.i386.rpm warning: proftpd-1.3.0a-3.el4.i386.rpm: Header V3 DSA signature: NOKEY, key ID a0bdbcf9 Preparing... ########################################### [100%] 1:proftpd ########################################### [100%]
When I tried again I get the same error. Looking at logs I see:
Deprecated pam_stack module called from service "proftpd"
USER diankeftp.dianke (Login failed): Incorrect password.
I even tried changing the password - its not that.
So what now? I need a working FTP client but cannot reinstall the whole server - i will be here forever reconfiguring...
???
What do you get when you type these two commands:
grep -i pam /etc/proftpd
cat /etc/pam.d/proftpd
Here you go:
grep -i pam /etc/proftpd grep: /etc/proftpd: No such file or directory
cat /etc/pam.d/proftpd#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
Hi guys - I posted my output - does this shed any light on this as I need to find a resolution one way or another?
I did a yum reinstall proftpd and watch it get it from the VM server.. and a pam reinstall
Still the same issue.. I am running Centos 5.3 ...
Don Peek
Nope - this was never reesolved. If you find out how please do let me know. I keep hitting blanks!
I have had similar problems on several machines. I believe (meaning I have not verified) it is related to some perl updates. Here's what I did and roughly where it happened:
At this time I have a working box and proftpd works fine.
Then I wanted to install TWiki and updated perl. I believe something in this list caused proftpd to break.
4 modules not installed, install one at a time, I think order is 4 3 1 2, Authen::PAM gave me a lot of trouble with prerequisites, got past that
Note: updating along the way did result in a mix of perl CPAN updates and yum updates, observed by some to be a bad mix
Since I'm not a heavy ftp user, this could wait. But I've broken 3 machines this way.
Patient: It hurts when I do this
Doctor: Well, don't do that
Repositories for both yum and perl / CPAN are only what is installed by default, nothing special added.
If I get time, I will try to recreate and identify at what step in the process the proftpd breaks.
Other than normal module updates as recommended by the System Information screen, I have not done any research or worked on this.
FTP is now working. Answers to questions like Who? What? When? Where? Why? and How? are not available at this time.
OK so we think its because of Perl updates. Either way it doesnt work anymore.... Can anyone provide a solution?
I have 2 system each with hundreds and hundreds sites, The systems are as close to mirrors as I can keep.. For issues like this..
I did a compare from system to system and could not an answer after hours..
So now I have one system running vsftpd when I gave up on proftpd and the other still running proftpd...
So -- I got a temp fix... Give up and wait
Don
Don Peek
Ok so should I install vsftpd? Is there a quick way (like via webmin or yum) to do so?
If you must.. . Yum can install vsftpd but it is not shown in the virtualmin status and is is not controlled by the control panel.. But I have 536 website on that server and I HAD to have a running FTP and as I could not find the problem, you do what you have to do... It was not that hard to config, the hardest part was coming up with a users like for the chroot. if you need help with that contact me off the list ...
I am still waiting.. and will check if all the updates.. One it may just start working.. You never know..
Don Peek Admin@coastlandtech.com
Don Peek
Well I have to have a working FTP program?!
Is there any alternative FTP programs that do work with Virtualmins interface that I could easily install?
At times I do... I can not say it is a virtualmin problem.. A new fresh install of everything on a new server would work I am sure. Until someone of my 500 sites must have install something like your TWiki and broke it.. My other one is working.. STILL
I had no clue what broke it and to work on it I have to stop my running FPT program to mess with it.
I hope now you have a way it can be recreated someone may find a way to get it fixed.
Thanks Don
Don Peek
Ok so until someone finds a fix for this there is no ways that I can run FTP from within virtualmin? I have to install something via yum like vsftpd......?
I just did http://www.virtualmin.com/node/11187 and who knows if you do also, we could get something looked at this...
Now, looking at it may have done it wrong, I did a bug report, maybe you should do it as a support request. But the one other time I have a issue they help a lot..
Don
Don Peek
These guys are good. !! .
You can check out what they did for me and see if that helps you.. http://www.virtualmin.com/node/11187
Thanks Don
Don Peek
OK I tried commenting out that line and restarting teh proftpd service. Still no luck. As per my reply:
I commented out teh line :
AuthOrder mod_auth_pam.c* mod_auth_unix.cBut still no luck. My logs show 'no such user' and :
Deprecated pam_stack module called from service "proftpd" Sep 21 13:28:33 onduline unix_chkpwd[12561]: password check failed for user (dianke)
Any ideas?
Have you tried to changed the order of that line.. make unix one first ??
Don
Don Peek
Well we are commenting out the line, Don. So it doesnt even get read....
I assumed you would uncomment it to try that.. I may try uncommenting the line and testing them one at a time.. I would believe that would both be some default or the line would not be used or needed to change something.. Swap order try one and then the other..
We are still assuming that some perl program has changed one of the modules that deals with PAM so getting proftp to use one that had not been changed is what seems like we are doing.. Still guessing.. that is..
Then when all else fails install vsftp and put in a help ticket..
Don ..
Don Peek
Thanks for your suggestions, Don. But that still doesnt solve anything....
I still see:
[root@onduline pam.d]# cat /etc/pam.d/proftpd
%PAM-1.0auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required pam_stack.so service=system-auth auth required pam_shells.so account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth
And when I check /var/log/secure I still get incorrect password. Just cant get this to work.
Next suggestion??
I had the same problem and I finally figured it out.
In Webmin, go to Users and Groups
Click the newly created user
Change their shell from /bin/false to /bin/sh.
Cheers!
I will not use /bin/sh I have hundreds of users and I don't trust any anyone with sh... but me from my IP..
but .... /sbin/nologin is what is in my /etc/passwd and some /dev/null
And seem like that is the setting in the "Custom Shell" has something to do with it.. I not sure where you set the defualt so you don't need to do it all the time.. Don.
Don Peek
I, too, have had difficulties with ProFTPD and CentOS. Some time ago, I ran into this article on setting CentOS up with a different Virtual Server manager. Notice the part about ProFTPD. It appears from the article that CentOS has no ProFTPD package of its own.
(LInk: http://www.howtoforge.org/perfect-server-centos-5.3-i386-ispconfig-2-p6)
I've tried configuring multiple servers as shown in the article. ProFTPD works when I make things myself as shown. It seems that when I yum update, though, things go nutty on me. Right now, I have the same problems on a fresh install of Virtualmin that the rest of you have. I'm using CentOS 5.4. Right now, I'm tempted to try removing the current version of ProFTPD and then build one ... to see if that works.
It may be the way I'm doing it. But I'm getting a bit fed up with CentOS. Time for a breather.
centos has vsftp not proftp. There is nothing wrong with centos.
normally centos and proftp work fine togethere after using the install.sh on a minimal OS installation.
Following the ispconfig tutorial may not be your best option as it is a different panel.
I've been using install.sh since Fedora Core 6.
If I cannot make it work, I will look at any resource I can find.
I met the same problem before.
The reason is simple: SELinx
SELinux is preventing the ftp daemon from reading users home directories (/home)
The fix is simple:
login as root, then
setsebool -P ftp_home_dir 1K - I tried everything I could read about this and finally found a solution. So, I hope this works for all of you who are having the same issue.
I added the following line to the /etc/proftpd.conf file:
<Limit EPSV PASV>DenyAll
</Limit>
I'm using CentOS 5.5 Virtualmin... 3.83.gpl GPL Webmin: 1.530 ProFTPd version 1.32
It was found in the following article:
http://ubuntuforums.org/showthread.php?s=ddb0180d796638d614729e93bedde0c1&t=220071&page=2Thank you Ryan... you were a big help.
please see my answer to your duplicate posting at http://www.virtualmin.com/node/11212#comment-76284
This happen to me now when i updated proftpd to a new version from RPMFORGE. Now i can`t login to ftp anymore. How can i remove the new version and install the old one back?
To fix it i did yum downgrade proftpd then i replaced /etc/proftpd.conf with proftpd.conf.rpmnew