Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Nov 1999 08:57:11 +0100 (CET)
From:      Lemle Geza <lemleg@fw.opsys.hu>
To:        Dan Langille <dan@freebsddiary.org>
Cc:        Mitch Collinsworth <mkc@Graphics.Cornell.EDU>, freebsd-questions@FreeBSD.ORG
Subject:   Re: proftpd and authentication failure 
Message-ID:  <Pine.BSF.4.20.9911120822060.747-100000@fw.opsys.hu>
In-Reply-To: <199911102116.KAA20269@freebsddiary.yi.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello,

I have the same problem in 3.3-STABLE. See answers below. And a quick
question: when I make a virtual server with its own password database and
directory, the user (which is only in this database, but not a UNIX user) 
can log in, but can not write, unless 777 permission is granted on the
directory. My question: is there any way to have some more restrictive
permisions on the directory?
Here is the config of the virtual ftp server:

#<VirtualHost somewhere.in.hungary.org>
#
#       ServerName              "Virtual FTP Server"
#       ServerIdent             Off
#       TransferLog             /var/log/asdfgh.ftp.access
#       User                    proftpd
#       Group                   proftpd
#       MaxLoginAttempts        3
#       RequireValidShell       off
#       DefaultRoot             /usr/local/www/data/asdfgh
#       AllowOverwrite          on
#       AuthPAMAuthoritative    off
#       AuthUserFile            /usr/local/etc/proftpd.user
#       AuthGroupFile           /usr/local/etc/proftpd.group
#       DirFakeGroup            On guest
#       DirFakeUser             On root
#       DirFakeMode             755
#
#               <Directory /usr/local/www/data/asdfgh/*>
#                       <Limit ALL>
#                               AllowAll
#                       </Limit>
#               </Directory>
#
#       <Limit LOGIN>
#               Order deny,allow
#               AllowGroup test
#       </Limit>
#
#</VirtualHost>


On Thu, 11 Nov 1999, Dan Langille wrote:

> On 10 Nov 99, at 12:45, Mitch Collinsworth wrote:
> 
> > >ProFTPD Version 1.2.0pre8 is giving me authentication problems.  I've 
> > >been able to get anon ftp running, but if I log in as my regular user id, I 
> > >get invalid password.
> > 
> > You didn't say what version of FBSD.  It matters.  A lot.
> 
> I should not be posting messages after midnight.  FreeBSD 3.1-stable.
> 
> > >Here's the output from running with -d5
> > >
> > >received: USER dan
> > >received: USER dan
> > >received: PASS (hidden)
> > >PAM(dan): Permission denied
> > >USER dan: incorrect password

Use this directive in your config:

AuthPAMAuthoritative            off


> > 
> > I've just been fighting the proftpd/pam/freebsd battle myself today
> > and it is now working.  More interesting than debug output would be
> > to know what is in your log file.
> 
> proftpd[18252]: unable to resolve symbol: pam_sm_acct_mgmt
> proftpd[18253]: unable to resolve symbol: pam_sm_acct_mgmt
> proftpd[18300]: unable to resolve symbol: pam_sm_acct_mgmt
> proftpd[18300]: unable to resolve symbol: pam_sm_open_session
> proftpd[18300]: unable to resolve symbol: pam_sm_close_session
> proftpd[18335]: unable to resolve symbol: pam_sm_acct_mgmt
> proftpd[18338]: unable to resolve symbol: pam_sm_acct_mgmt
> proftpd[18338]: unable to resolve symbol: pam_sm_open_session
> proftpd[18338]: unable to resolve symbol: pam_sm_close_session

Please comment out this line:

ftp session required    pam_unix.so	try_first_pass



> 
> > >If I add these two lines to /etc/pam.conf 
> > >
> > >ftp auth    required    pam_unix.so         try_first_pass 
> > >ftp account required    pam_unix.so         try_first_pass 
> > 
> > This is exactly what I have.
> > 
> > 
> [bad example snipped]
> 
> > What error?
> 
> Hmmm, that's the debug output.  But not enough of it...  See below
> 
> received: USER dan
> received: USER dan
> received: PASS (hidden)
> PAM(dan): Permission denied
> USER dan: incorrect password from [snipped]
> received: QUIT
> FTP session closed.
> 
> > >And the same again if I add this to pam.conf:
> > >
> > >ftp session required    pam_unix.so         try_first_pass
> > 
> > No.  You don't want this.  Well...  That may depend on what version
> > of FreeBSD.  You definitely don't want it with 3.2-R.
> > 
> > 
> > >I have no idea how to get regular logins working.  I'm ready to toss this 
> > >aside and go with ftpd.  Anyone got proftpd running?
> > 
> > me.
> 
> --
> Dan Langille - DVL Software Limited
> The FreeBSD Diary     - http://www.freebsddiary.org/freebsd/
> NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/
> The Racing System     - http://www.racingsystem.com/racingsystem.htm
> unix @ home           - http://www.unixathome.org/
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 

Thanks for your help,

Lemle Geza



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.20.9911120822060.747-100000>