Cannot log in using web-ftp

Discussion in 'Installation/Configuration' started by Median, Jan 22, 2006.

  1. Median

    Median New Member

    Hi - me again :eek:

    When I try and log in to the web-ftp area I get an error saying
    I can log in to ftp fine using CuteFTP and everything works just the way it should.

    Any suggestions please?

    Thanks in advance
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe your ftp server is not listening on localhost (127.0.0.1). Please post the output of:

    netstat -tap | grep ftp
     
  3. Median

    Median New Member

    Output was:

     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    This looks fine so far. You are sure you used the same password then in cureftp (sorry for asking ;), but i want to be sure)?

    Did you get any error in your syslog or ftp or xfer log?
     
  5. Median

    Median New Member

    Thanks for yet helping again Till

    --->Yes - double and triple checked this. I even changed the password to be certain that I had the right one.

    --->Nothing of interest in xfer log, but I noticed these:

    /var/log/messages shows the following:
    /var/log/secure shows this:
    Does this help at all?
     
  6. falko

    falko Super Moderator Howtoforge Staff

  7. Median

    Median New Member

    Thanks Falko

    --->

    Code:
    # This is a basic ProFTPD configuration file (rename it to 
    # 'proftpd.conf' for actual use.  It establishes a single server
    # and a single anonymous login.  It assumes that you have a user/group
    # "nobody" and "ftp" for normal operation and anon.
    
    ServerName			"ProFTPD Default Installation"
    ServerType			inetd
    DefaultServer			on
    
    # Port 21 is the standard FTP port.
    Port				21
    # Umask 022 is a good standard umask to prevent new dirs and files
    # from being group and world writable.
    Umask				022
    
    # Disable IdentLookups by default
    IdentLookups			off
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances			30
    
    # Set the user and group that the server normally runs at.
    User				nobody
    Group				nobody
    
    # Normally, we want files to be overwriteable.
    <Directory /*>
      AllowOverwrite		on
      AllowStoreRestart             on
      AllowRetrieveRestart          on
    </Directory>
    
    # Needed for NIS.
    PersistentPasswd off
    
    # A basic anonymous configuration, no upload directories.
    # <Anonymous ~ftp>
    #  User				ftp
    #  Group				ftp
    #  # We want clients to be able to login with "anonymous" as well as "ftp"
    #  UserAlias			anonymous ftp
    #
    #  # Limit the maximum number of anonymous logins
    #  MaxClients			10
    #  RequireValidShell 		off
    #  AnonRequirePassword		off
    #
    #  # We want 'welcome.msg' displayed at login, and '.message' displayed
    #  # in each newly chdired directory.
    #  DisplayLogin			welcome.msg
    #  DisplayFirstChdir		.message
    #
    #  # Limit WRITE everywhere in the anonymous chroot
    #  <Limit WRITE>
    #    DenyAll
    #  </Limit>
    #
    # </Anonymous>
    
    # Default root can be used to put users in a chroot environment.
    # As an example if you have a user foo and you want to put foo in /home/foo
    # chroot environment you would do this:
    # 
    # DefaultRoot /home/foo foo
    
    # By default webadmin access to /var/www
    
    
    <Limit LOGIN>
    AllowGroup      ftpusers
    DenyAll
    </Limit>
    
    DefaultRoot ~
    
    Include /etc/proftpd_ispconfig.conf
     
  8. falko

    falko Super Moderator Howtoforge Staff

    Please change this:

    Code:
    <Limit LOGIN>
    AllowGroup      ftpusers
    DenyAll
    </Limit>
    to this:

    Code:
    #<Limit LOGIN>
    #AllowGroup      ftpusers
    #DenyAll
    #</Limit>
    and restart xinetd:
    Code:
    /etc/init.d/xinetd restart
     
  9. Median

    Median New Member

    Ok - tried that. Now I no longer get the error. I can (apparently) login successfully but I end up with a blank screen apart from the buttons at the top (File Upload, New Folder, FTP Logout). Clicking any of the buttons just results in the screen sitting there waiting to load the page.

    I can still get in via CuteFTP by the way.

    --->Followed that thread - I already have a etc/pam.d/ftp file as follows:

    Code:
    #%PAM-1.0
    auth       required	/lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
    auth       required	/lib/security/pam_pwdb.so shadow nullok
    
    # If this is enabled, anonymous logins will fail because the 'ftp' user does
    # not have a "valid" shell, as listed in /etc/shells.
    #
    # If you enable this, it is recommended that you do *not* give the 'ftp'
    # user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
    # add /bin/false to /etc/shells.
    #auth       required	/lib/security/pam_shells.so
    
    account    required	/lib/security/pam_pwdb.so
    session    required	/lib/security/pam_pwdb.so
    Should I change that at all?

    Thanks
     
  10. falko

    falko Super Moderator Howtoforge Staff

    This means you can log in with a normal FTP client, but not with Web-FTP?
    Anything in the log files?
    Please post the output of
    Code:
    netstat -tap
    and
    Code:
    iptables -L
     
  11. Median

    Median New Member

    ---> Correct. CuteFTP is fine but Web-FTP just wont work

    ---> Looks like /etc/ftpuser could be the prob - its missing. Any chance you could post an example for me please as I'm not sure what format it should be in.

    --->netstat -tap
    Code:
    [root@median root]# netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State                               PID/Program name
    tcp        0      0 *:mysql                 *:*                     LISTEN                              21527/mysqld
    tcp        0      0 *:pop3                  *:*                     LISTEN                              24240/xinetd
    tcp        0      0 *:imap                  *:*                     LISTEN                              24240/xinetd
    tcp        0      0 *:10000                 *:*                     LISTEN                              21892/perl
    tcp        0      0 *:http                  *:*                     LISTEN                              21808/httpd
    tcp        0      0 *:81                    *:*                     LISTEN                              21784/ispconfig_htt
    tcp        0      0 *:ftp                   *:*                     LISTEN                              24240/xinetd
    tcp        0      0 median.x.xxxxxxx:domain *:*                     LISTEN                              21837/named
    tcp        0      0 median.x.xxxxxxx:domain *:*                     LISTEN                              21837/named
    tcp        0      0 *:ssh                   *:*                     LISTEN                              21379/sshd
    tcp        0      0 *:smtp                  *:*                     LISTEN                              24240/xinetd
    tcp        0      0 median.v.serveloci:rndc *:*                     LISTEN                              21837/named
    tcp        0      0 *:https                 *:*                     LISTEN                              21808/httpd
    tcp        0      0 *:imaps                 *:*                     LISTEN                              24240/xinetd
    tcp        0      0 *:pop3s                 *:*                     LISTEN                              24240/xinetd
    tcp        0   1356 median.x.xxxxxxx:ssh cpc1-xxxxx-x-x-xxx:4735 ESTABLISHED                         4188/0
    
    --->iptables -L
    Code:
    [root@median root]# iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
     
  12. falko

    falko Super Moderator Howtoforge Staff

    It's just a plain text file with one user per line, like this:

    Code:
    root
    daemon
    bin
    sys
    sync
    games
    man
    lp
    mail
    news
    uucp
    nobody
     
  13. Median

    Median New Member

    Ok. This seems a bit strange here.

    Created /etc/ftpusers, tried to log in to Web-FTP, got the original error of
    Code:
    Could not connect as user web1_username
    and got this in /etc/messages
    Code:
    Jan 23 20:04:25 median proftpd[21941]: median.x.domain.net (median.x.domain.net[127.0.0.1]) - FTP session opened. 
    Jan 23 20:04:25 median proftpd: PAM-listfile: Refused user web1_username for service ftp
    Jan 23 20:04:26 median proftpd[21941]: median.x.domain.net (median.x.domain.net[127.0.0.1]) - PAM(web1_username): Authentication failure. 
    Jan 23 20:04:26 median proftpd[21941]: median.x.domain.net (median.x.domain.net[127.0.0.1]) - FTP session closed.
    
    So, I deleted /etc/ftpusers again, try and log in and get blank screens on the left and right; and I get this in /etc/messages:
    Code:
    Jan 23 20:20:11 median proftpd[26596]: median.x.domain.net (median.x.domain.net[127.0.0.1]) - FTP session opened. 
    Jan 23 20:20:12 median proftpd: PAM-listfile: Couldn't open /etc/ftpusers
    Jan 23 20:20:13 median PAM_pwdb[26596]: (ftp) session opened for user web1_username by (uid=0)
    Any more thoughts?

    By the way, really appreciate your help here - thanks a million.
     
  14. falko

    falko Super Moderator Howtoforge Staff

    Did you put web1_username into /etc/ftpusers? /etc/ftpusers contains all the users that are not allowed to login, so don't put web1_username into it.
     
  15. Median

    Median New Member

    I tried it both ways to see what happened.

    Whilst writing this post, it has suddenly started working :confused:

    If it changes again, I'll be back.

    Meantime, thanks very much for all your help, Falko and Till.

    This is a great product - looking forward to version 3.
     

Share This Page