FTP User cannot log-in Proftpd

7 posts / 0 new
Topic locked
Last post
#1 Wed, 08/28/2013 - 06:41
everisk

FTP User cannot log-in Proftpd

Hi,

After upgrading to Virtualmin 4.02 gpl, FTP user cannot log-in to Proftpd. I'm using the server administration user to log-in and it looks like the user exists but password is always denied (says wrong password). How do I fix this?

# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
ServerType standalone
#ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in."
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome off

# Use this to excude users from the chroot
DefaultRoot ~ !adm

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups off
UseReverseDNS off

# Port 21 is the standard FTP port.
Port 21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# Default to show dot files in directory listings
ListOptions "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
#LoginPasswordPrompt on
#MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20

# Set the user and group that the server normally runs at.
User nobody
Group nobody

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile no

# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
  AllowOverwrite yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
RootLogin on
</Global>

# Define the log formats
LogFormat default "%h %l %u %t "%r" %s %b"
LogFormat auth "%v [%P] %h %t "%r" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
#TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
#TLSLog /var/log/proftpd/tls.log

# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
#<IfModule mod_dso.c>
#   LoadModule mod_sql.c
#   LoadModule mod_sql_mysql.c
#   LoadModule mod_sql_postgres.c
#</IfModule>

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User ftp
#  Group ftp
#  AccessGrantMsg "Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients 10 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir /pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files.
#  DisplayLogin /welcome.msg
#  DisplayFirstChdir .message
#  DisplayReadme README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser on ftp
#  DirFakeGroup on ftp
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog off
#
#  # Logging for the anonymous transfers
#  ExtendedLog /var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>
Wed, 08/28/2013 - 07:57
jimdunn

Maybe try changing "TLSRequired on" to "TLSRequired off"

Maybe try commenting out the "DefaultRoot ~ !adm" line

(also, you have both "RootLogin off" and "RootLogin on", might want to find a default proftpd.conf file and try it)

These Debian 7.1 conf files (below) work for me.

/etc/proftpd/proftpd.conf

Include /etc/proftpd/modules.conf
UseIPv6 off
ServerName "example.com"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
Port 21
PassivePorts 35000 35999
MaxInstances 30
User proftpd
Group nogroup
Umask 022 022
AllowOverwrite on
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

QuotaEngine off

Ratios off

DelayEngine on

ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock

AdminControlsEngine off

Include /etc/proftpd/tls.conf

DefaultRoot ~
RootLogin off
IdentLookups off
ServerIdent on "FTP Server ready."
UseFtpUsers on
RequireValidShell on

Include /etc/proftpd/conf.d/

/etc/proftpd/tls.conf


TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv3 TLSv1
TLSRSACertificateFile /etc/proftpd/ftpd-rsa.pem
TLSRSACertificateKeyFile /etc/proftpd/ftpd-rsa-key.pem
TLSCACertificateFile /etc/ssl/certs/ca-certificates.crt
TLSVerifyClient off
TLSRenegotiate required off
#TLSRequired on
TLSOptions AllowClientRenegotiations NoCertRequest NoSessionReuseRequired

Wed, 08/28/2013 - 08:26
andreychek

Howdy,

I suspect you're using CentOS, with a third party repository enabled... ProFTPd from some third party repositories is known to cause the problems you're seeing.

That issue, and the fix, is described in the section of the following document titled "Why does PHP / ProFTPd no longer work after performing updates? (I'm using CentOS, and enabled third party repositories)":

https://www.virtualmin.com/documentation/system/faq

Wed, 08/28/2013 - 23:29
everisk

Hi Andrey,

That's fixed it. Thank you!

Another strange thing, I can't seem to get Virtual server to run as mod_php (there is no mod_php option under Website Option) what do i have to do to see this option or get virtual server to run as mod_php?

I'm on CentOS 6 and Apache version 2.2.15.

Thu, 08/29/2013 - 08:27
andreychek

Are you by chance using a third party PHP version as well? :-)

It's possible that's related, though there's a few different things that could cause that.

What output do you see if you run this command:

rpm -qa | grep php5

Thu, 08/29/2013 - 22:22
everisk

I ran the command and it outputs nothing :(

I'm not very good with Linux so I'm not sure what I did when I need something done, usually I just googled what i need and follows the instructions. If I'm running third party PHP, does that mean I need to remove PHP and install it again? will that cos problems with the sites?

Fri, 08/30/2013 - 07:39
andreychek

Nuts, I think the command I gave you was slightly incorrect... try this one:

rpm -qa | grep php

Topic locked