Also having FTP authentication issues.

Discussion in 'Installation/Configuration' started by jseedev, Mar 24, 2010.

  1. jseedev

    jseedev New Member

    I know there was a recently opened thread about this, but it did not seem to cover my problem, and I didn't want to hijack someones thread. I also receive a 530 Error when trying to connect via FTP using an account I created in ISPConfig 3.

    MySQL server is running properly and FTPd seems to be connecting to it properly (no errors generated).

    So, I have a client named "remarx" with an ftp account "ftp" ... so the username is "remarx_ftp" - still unable to login with it. Verified password and database entry. All look fine.

    Syslog only says:
    Mar 24 06:39:50 dedi144 pure-ftpd: ([email protected]) [INFO] New connection from
    Mar 24 06:39:50 dedi144 pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [remarx_ftp]
    Mar 24 06:39:54 dedi144 pure-ftpd: ([email protected]) [INFO] Logout.
    pureftpd.log is empty. I've turned on verbose logging to no avail. pureftpd.log is still empty. I've also (just to ease my own mind) verified the SQL statements and settings in pureftpd-mysql.conf and all look good.

    So, I'm at a loss with it. Any ideas?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Which Linux distribution?
  3. jseedev

    jseedev New Member

    CentOS 5.4
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The problem that you have can also be caused by failing DNS lookups. Please disable dns resolving by settimg:

    DontResolve yes

    in the pure-ftpd.conf and then restart pure-ftpd.
  5. jseedev

    jseedev New Member

    This was already done in the pure-ftpd.conf file when the fiasco started. Here is my pure-ftpd.conf

    # Cage in every user in his home directory
    ChrootEveryone              yes
    # If the previous option is set to "no", members of the following group
    # won't be caged. Others will be. If you don't want chroot()ing anyone,
    # just comment out ChrootEveryone and TrustedGID.
    # TrustedGID                    100
    # Turn on compatibility hacks for broken clients
    BrokenClientsCompatibility  no
    # Maximum number of simultaneous users
    MaxClientsNumber            50
    # Fork in background
    Daemonize                   yes
    # Maximum number of sim clients with the same IP address
    MaxClientsPerIP             8
    # If you want to log all client commands, set this to "yes".
    # This directive can be duplicated to also log server responses.
    VerboseLog                  yes
    # List dot-files even when the client doesn't send "-a".
    DisplayDotFiles             yes
    # Don't allow authenticated users - have a public anonymous FTP only.
    AnonymousOnly               no
    # Disallow anonymous connections. Only allow authenticated users.
    NoAnonymous                 yes
    # Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
    # The default facility is "ftp". "none" disables logging.
    SyslogFacility              ftp
    # Don't resolve host names in log files. Logs are less verbose, but 
    # it uses less bandwidth. Set this to "yes" on very busy servers or
    # if you don't have a working DNS.
    DontResolve                 yes
    # Maximum idle time in minutes (default = 15 minutes)
    MaxIdleTime                 15
    # MySQL configuration file (see README.MySQL)
    MySQLConfigFile               /etc/pure-ftpd/pureftpd-mysql.conf
    # Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
    # UnixAuthentication can be used only once, but they can be combined
    # together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
    # the SQL server will be asked. If the SQL authentication fails because the
    # user wasn't found, another try # will be done with /etc/passwd and
    # /etc/shadow. If the SQL authentication fails because the password was wrong,
    # the authentication chain stops here. Authentication methods are chained in
    # the order they are given. 
    # 'ls' recursion limits. The first argument is the maximum number of
    # files to be displayed. The second one is the max subdirectories depth
    LimitRecursion              7500 8
    # Are anonymous users allowed to create new directories ?
    AnonymousCanCreateDirs      no
    # If the system is more loaded than the following value,
    # anonymous users aren't allowed to download.
    MaxLoad                     4
    # Disallow downloading of files owned by "ftp", ie.
    # files that were uploaded but not validated by a local admin.
    AntiWarez                   yes
    # Maximum bandwidth for anonymous users in KB/s
    # AnonymousBandwidth            8
    # Maximum bandwidth for *all* users (including anonymous) in KB/s
    # Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.
    # UserBandwidth             8
    # File creation mask. <umask for files>:<umask for dirs> .
    # 177:077 if you feel paranoid.
    Umask                       133:022
    # Minimum UID for an authenticated user to log in.
    MinUID                      500
    # Do not use the /etc/ftpusers file to disable accounts. We're already
    # using MinUID to block users with uid < 500
    UseFtpUsers no
    # Allow FXP transfers for authenticated users.
    AllowUserFXP                no
    # Allow anonymous FXP for anonymous and non-anonymous users.
    AllowAnonymousFXP           no
    # Users can't delete/write files beginning with a dot ('.')
    # even if they own them. If TrustedGID is enabled, this group
    # will have access to dot-files, though.
    ProhibitDotFilesWrite       no
    # Prohibit *reading* of files beginning with a dot (.history, .ssh...)
    ProhibitDotFilesRead        no
    # Never overwrite files. When a file whoose name already exist is uploaded,
    # it get automatically renamed to file.1, file.2, file.3, ...
    AutoRename                  no
    # Disallow anonymous users to upload new files (no = upload is allowed)
    AnonymousCantUpload         yes
    # Create an additional log file with transfers logged in a Apache-like format :
    # - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
    # This log file can then be processed by www traffic analyzers.
    AltLog                     clf:/var/log/pureftpd.log
    # This option is useful with servers where anonymous upload is 
    # allowed. As /var/ftp is in /var, it save some space and protect 
    # the log files. When the partition is more that X percent full,
    # new uploads are disallowed.
    MaxDiskUsage               99
    # Be 'customer proof' : workaround against common customer mistakes like
    # 'chmod 0 public_html', that are valid, but that could cause ignorant
    # customers to lock their files, and then keep your technical support busy
    # with silly issues. If you're sure all your users have some basic Unix
    # knowledge, this feature is useless. If you're a hosting service, enable it.
    CustomerProof              yes
  6. jseedev

    jseedev New Member

    Just an update. I enabled mysql logging in my.cnf and I can see pure-ftpd running the querys:
    100324 19:57:14	      2 Connect     [email protected] on dbispconfig
    		      2 Query       set autocommit=0
    		      2 Query       SELECT password FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="remarx_ftp"
    		      2 Query       SELECT uid FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="remarx_ftp"
    		      2 Query       SELECT gid FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="remarx_ftp"
    		      2 Query       SELECT dir FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="remarx_ftp"
    		      2 Query       COMMIT
    		      2 Quit   
    I ran them in mysql as the ispconfig user and they produce the correct output:
    [[email protected] ~]# mysql -u ispconfig -p
    Enter password:
    Welcome to the MySQL monitor.  Commands end with ; or \g.
    Your MySQL connection id is 6
    Server version: 5.0.77-log Source distribution
    Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
    mysql> connect
    Connection id:    7
    Current database: *** NONE ***
    mysql> use dbispconfig
    Reading table information for completion of table and column names
    You can turn off this feature to get a quicker startup with -A
    Database changed
    mysql> SELECT password FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="remarx_ftp";
    | password |
    | mypass   |
    1 row in set (0.00 sec)
    mysql> SELECT uid FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="remarx_ftp";
    | uid  |
    | web1 |
    1 row in set (0.00 sec)
    mysql> SELECT gid FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="remarx_ftp";
    | gid     |
    | client1 |
    1 row in set (0.00 sec)
    mysql> SELECT dir FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="remarx_ftp";
    | dir                           |
    | /var/www/clients/client1/web1 |
    1 row in set (0.00 sec)
    So it would seem pure-ftpd is indeed using MySQL properly. Still no luck logging in though.

    The only thing has struck me as strange is the MinUID setting in /etc/pure-ftpd/pure-ftpd.conf - It is set to 500 and the UID on the FTP account is "web1" in the database (a nonexistent system user)
  7. abubin

    abubin New Member

    try looking at /var/log/message

    I think by default pureftp logs into there.
  8. jseedev

    jseedev New Member

    Yes, I can see the same messages in Monitor > View System-Log in ISPConfig. Nothing that really detailed the error I was having (mentioned above).

    What is stranger, is I switched the MYSQLEncrypt setting to 'cleartext' for testing and I still couldn't get any FTP-users authenticated using MySQL (after making the password cleartext in the database, of course). So, I changed it back to 'crypt' and recreated the FTP user, and logged in successfully..Go figure.

    Thanks for all the helpful hints. You are appreciated.

Share This Page