pure-ftpd 530 Login authentication failed

Discussion in 'Installation/Configuration' started by adnese, Sep 6, 2011.

  1. adnese

    adnese New Member

    Hello,

    I'm having some auth issues while trying to login via ftp:

    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    220-You are user number 1 of 50 allowed.
    220-Local time is now 12:38. Server port: 21.
    220-This is a private system - No anonymous login
    220 You will be disconnected after 15 minutes of inactivity.
    Name (e-worlds.sk:adrian): eworldsftp
    331 User eworldsftp OK. Password required
    Password:
    530 Login authentication failed
    Login failed.
    Remote system type is UNIX.
    Using binary mode to transfer files.


    My config:

    root@e-worlds:/var/log# cat /etc/default/pure-ftpd-common
    # Configuration for pure-ftpd
    # (this file is sourced by /bin/sh, edit accordingly)

    # STANDALONE_OR_INETD
    # valid values are "standalone" and "inetd".
    # Any change here overrides the setting in debconf.
    STANDALONE_OR_INETD=standalone

    # VIRTUALCHROOT:
    # whether to use binary with virtualchroot support
    # valid values are "true" or "false"
    # Any change here overrides the setting in debconf.
    VIRTUALCHROOT=true

    # UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
    # pure-uploadscript will also be run to spawn the program given below
    # for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
    # pure-uploadscript(8)

    # example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
    UPLOADSCRIPT=

    # if set, pure-uploadscript will spawn $UPLOADSCRIPT running as the
    # given uid and gid
    UPLOADUID=
    UPLOADGID=

    pure-mysql:

    ##############################################
    # #
    # Sample Pure-FTPd Mysql configuration file. #
    # See README.MySQL for explanations. #
    # #
    ##############################################


    # Optional : MySQL server name or IP. Don't define this for unix sockets.

    #MYSQLServer 127.0.0.1
    MYSQLServer localhost


    # Optional : MySQL port. Don't define this if a local unix socket is used.

    # MYSQLPort 3306


    # Optional : define the location of mysql.sock if the server runs on this host.

    # MYSQLSocket /var/run/mysqld/mysqld.sock


    # Mandatory : user to bind the server as.

    MYSQLUser ispconfig


    # Mandatory : user password. You must have a password.

    MYSQLPassword xxxxxxxxxxxxxxxxxxxxxxxxxxx


    # Mandatory : database to open.

    MYSQLDatabase dbispconfig


    # Mandatory : how passwords are stored
    # Valid values are : "cleartext", "crypt", "md5" and "password"
    # ("password" = MySQL password() function)
    # You can also use "any" to try "crypt", "md5" *and* "password"

    MYSQLCrypt crypt


    # In the following directives, parts of the strings are replaced at
    # run-time before performing queries :
    #
    # \L is replaced by the login of the user trying to authenticate.
    # \I is replaced by the IP address the user connected to.
    # \P is replaced by the port number the user connected to.
    # \R is replaced by the IP address the user connected from.
    # \D is replaced by the remote IP address, as a long decimal number.
    #
    # Very complex queries can be performed using these substitution strings,
    # especially for virtual hosting.


    # Query to execute in order to fetch the password

    MYSQLGetPW SELECT password FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="\L"


    # Query to execute in order to fetch the system user name or uid

    MYSQLGetUID SELECT uid FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="\L"


    # Optional : default UID - if set this overrides MYSQLGetUID

    #MYSQLDefaultUID 1000


    # Query to execute in order to fetch the system user group or gid

    MYSQLGetGID SELECT gid FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="\L"


    # Optional : default GID - if set this overrides MYSQLGetGID

    #MYSQLDefaultGID 1000


    # Query to execute in order to fetch the home directory

    MYSQLGetDir SELECT dir FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="\L"


    # Optional : query to get the maximal number of files
    # Pure-FTPd must have been compiled with virtual quotas support.

    MySQLGetQTAFS SELECT quota_files FROM ftp_user WHERE active = 'y' AND server_id = '1' AND quota_files != '-1' AND username="\L"


    # Optional : query to get the maximal disk usage (virtual quotas)
    # The number should be in Megabytes.
    # Pure-FTPd must have been compiled with virtual quotas support.

    MySQLGetQTASZ SELECT quota_size FROM ftp_user WHERE active = 'y' AND server_id = '1' AND quota_size != '-1' AND username="\L"


    # Optional : ratios. The server has to be compiled with ratio support.

    MySQLGetRatioUL SELECT ul_ratio FROM ftp_user WHERE active = 'y' AND server_id = '1' AND ul_ratio != '-1' AND username="\L"
    MySQLGetRatioDL SELECT dl_ratio FROM ftp_user WHERE active = 'y' AND server_id = '1' AND dl_ratio != '-1' AND username="\L"


    # Optional : bandwidth throttling.
    # The server has to be compiled with throttling support.
    # Values are in KB/s .

    MySQLGetBandwidthUL SELECT ul_bandwidth FROM ftp_user WHERE active = 'y' AND server_id = '1' AND ul_bandwidth != '-1' AND username="\L"
    MySQLGetBandwidthDL SELECT dl_bandwidth FROM ftp_user WHERE active = 'y' AND server_id = '1' AND dl_bandwidth != '-1' AND username="\L"

    # Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
    # 1) You know what you are doing.
    # 2) Real and virtual users match.

    # MySQLForceTildeExpansion 1


    # If you upgraded your tables to transactionnal tables (Gemini,
    # BerkeleyDB, Innobase...), you can enable SQL transactions to
    # avoid races. Leave this commented if you are using the
    # traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.

    MySQLTransactions On

    I've tried this one : http://www.howtoforge.com/forums/showthread.php?t=51938

    - edited MYSQLServer 127.0.0.1 to MYSQLServer localhost, but I'm still unable to login via ftp (cli or ftp client, doesn't matter)

    - /var/log/pure-ftpd/ is empty - there is one empty transfer.log file :)

    - I followed http://www.howtoforge.com/perfect-server-debian-squeeze-with-bind-and-dovecot-ispconfig-3-p4

    Any Idea what's wrong with the ftp user authentication ?

    Thanks,

    Adrian
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. adnese

    adnese New Member

    Hi,

    after enabling debug mode for pure-ftpd I get:

    [INFO] New connection from
    [DEBUG] Command [user] [ewolrdsftp]
    [DEBUG] Command [pass] [<*>]
    [INFO] PAM_RHOST enabled. Getting the peer address
    [WARNING] Authentication failed for user [ewolrdsftp]
    [INFO] Logout.
    New connection from
    [DEBUG] Command [user] [eworldsftp]
    [DEBUG] Command [pass] [<*>]
    [WARNING] Authentication failed for user [eworldsftp]
    [INFO] Logout.

    Thanks,

    Adrian
     
  4. adnese

    adnese New Member

  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Check that you are able to login to mysql database with the username and password from the pure-ftpd configuration file. then check that the ftp user is in the ftp user tabel in the ispconfig mysql database.
     
  6. adnese

    adnese New Member

    Hello Till,

    I was able to found an workaround, but that's no solution, just a workaround:

    "echo no > /etc/pure-ftpd/conf/PAMAuthentication"

    that did the trick, after that I was able to login via ftp. But is there a way how to get ftp logins working without disabling PAMAuth for pure-ftpd ?

    I'm a bit confused, 'cause I have 2 virtual servers with the same config (Debian 6 + ISPConfig III) - both had until this workaround same config. One of them is working well, the second one - till the workaround has been applied - didn't work well (ftp login failed - 530)

    Any other hint what could be wrong?

    Thank you,

    Adrian
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Disabling PAM auth is ok, as it is not used anyway. Maybe you have a shell user "eworldsftp" in /etc/passwd on that server, so that the user conflicts with the virtual FTP user with the same name and pure-ftpd tried to authenticate against the shell user instead of the FTP user.
     
  8. adnese

    adnese New Member

    yes, maybe there's a conflict but I cannot confirm we had such ftp (system) user. Ok, thank you so far :)

    Regards,

    Adrian
     
  9. mrmookie

    mrmookie New Member

    Same issues..

    I've having the same issues as described above. This is happening after a dist-upgrade and ISPconfig update.

    Everything worked great before the upgrade. My configs look almost identical.


    Mook
     
  10. mrmookie

    mrmookie New Member

    /etc/pure-ftpd/db/mysql.conf reset..

    I seems after the upgrade the file /etc/pure-ftpd/db/mysql.conf was overwritten with the default?


    # Optional : MySQL server name or IP. Don't define this for unix sockets.

    # MYSQLServer 127.0.0.1


    # Optional : MySQL port. Don't define this if a local unix socket is used.

    # MYSQLPort 3306


    # Optional : define the location of mysql.sock if the server runs on this host.

    MYSQLSocket /var/run/mysqld/mysqld.sock


    # Mandatory : user to bind the server as.

    MYSQLUser root


    # Mandatory : user password. You must have a password.

    MYSQLPassword rootpw


    # Mandatory : database to open.

    MYSQLDatabase pureftpd


    # Mandatory : how passwords are stored
    # Valid values are : "cleartext", "crypt", "sha1", "md5" and "password"
    # ("password" = MySQL password() function)
    # You can also use "any" to try "crypt", "sha1", "md5" *and* "password"

    MYSQLCrypt cleartext



    What should these settings be in order to restore pureftp into ISPconfig? Looks like my DB is setup in dbispconfig correctly.


    Thanks.
     
  11. mrmookie

    mrmookie New Member

    Found it..

    I found the self created backup from the upgrade here:

    /etc/pure-ftpd/db/mysql.conf~

    All I had to do was rename it to mysql.conf and we were back in business.


    Mook
     
  12. peterpetr

    peterpetr Member HowtoForge Supporter

    My ISPconfig 3.1 FTP access issue was resolved by setting the correct local ip address.
    /etc/pure-ftpd/db/mysql.conf was somehow incorrect. Below is the IP address change that fixed

    # Optional : MySQL server name or IP. Don't define this for unix sockets.
    MYSQLServer 127.0.0.1
     
  13. gacuxz

    gacuxz New Member

    pure-ftpd worked using ssh users with TLS provided by OpenSSL until I installed ISPConfig. It is possible I overlooked something by myself. I needed a quick fix on CentOS server so I completely reinstall pure-ftpd.
    Found all pure-ftpd configuration files and removed them manually:
    Code:
    rpm -q --configfiles pure-ftpd
    Removed the pure-ftpd package itself:
    Code:
    yum remove pure-ftpd
    Installed it again:
    Code:
    yum install pure-ftpd
    Now I can connect to pure-ftpd using ssh users but I can't login using users created with ISPConfig web interface.
    I have following settings in /etc/pure-ftpd/pureftpd-mysql.conf
    Code:
    MYSQLUser root
    MYSQLPassword password
    MYSQLDatabase pureftpd
    but I can't login into mysql with such user nor such database exists.
    Could you please point what am I missing?
     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    SSH users should not be able to connect to pure-ftpd on an ISPConfig system. If they are able to connect, then your system config must be damaged badly. Only FTP users should be able to connect by FTP but not SSH users. By removing pure-ftpd, you seem to have removed the whole FTP config. To fix your server, run an ispconfig update and choose to reconfigure services during update.

    As a side note, an ispconfig installation requires it that you start with an empty server. According to your description, you did not follow this requirement when you had pure-ftpd and SSH users on your server at the time you installed ispconfig. Starting with a non-empty setup will result most likely in a non-working system.
     
  15. gacuxz

    gacuxz New Member

    I was told I got empty virtual server preinstalled with CentOS and I followed your tutorial on how to install ISPConfig. It's great and very robust, thank you!
    I followed ISPConfig install section here only in case of
    Code:
    php -q install.php
    I executed
    Code:
    php -q update.php
    Wizard continued only if I accepted with default choises (yes, no). Otherwise wizard was asking the same question in a loop. After wizard completed I still can't see pureftpd database. Anyway now I can't connect to pure-ftpd with SSH users and can connect with new users created in ISPConfig web interface as it should be.
    Thank you!
     

Share This Page