Hi - me again When I try and log in to the web-ftp area I get an error saying I can log in to ftp fine using CuteFTP and everything works just the way it should. Any suggestions please? Thanks in advance
Maybe your ftp server is not listening on localhost (127.0.0.1). Please post the output of: netstat -tap | grep ftp
This looks fine so far. You are sure you used the same password then in cureftp (sorry for asking , but i want to be sure)? Did you get any error in your syslog or ftp or xfer log?
Thanks for yet helping again Till --->Yes - double and triple checked this. I even changed the password to be certain that I had the right one. --->Nothing of interest in xfer log, but I noticed these: /var/log/messages shows the following: /var/log/secure shows this: Does this help at all?
Maybe this thread helps you: http://www.howtoforge.com/forums/showthread.php?t=1984 Can you post your /etc/proftpd.conf here?
Thanks Falko ---> Code: # This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "ProFTPD Default Installation" ServerType inetd DefaultServer on # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # Disable IdentLookups by default IdentLookups off # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User nobody Group nobody # Normally, we want files to be overwriteable. <Directory /*> AllowOverwrite on AllowStoreRestart on AllowRetrieveRestart on </Directory> # Needed for NIS. PersistentPasswd off # A basic anonymous configuration, no upload directories. # <Anonymous ~ftp> # User ftp # Group ftp # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # # Limit the maximum number of anonymous logins # MaxClients 10 # RequireValidShell off # AnonRequirePassword off # # # We want 'welcome.msg' displayed at login, and '.message' displayed # # in each newly chdired directory. # DisplayLogin welcome.msg # DisplayFirstChdir .message # # # Limit WRITE everywhere in the anonymous chroot # <Limit WRITE> # DenyAll # </Limit> # # </Anonymous> # Default root can be used to put users in a chroot environment. # As an example if you have a user foo and you want to put foo in /home/foo # chroot environment you would do this: # # DefaultRoot /home/foo foo # By default webadmin access to /var/www <Limit LOGIN> AllowGroup ftpusers DenyAll </Limit> DefaultRoot ~ Include /etc/proftpd_ispconfig.conf
Please change this: Code: <Limit LOGIN> AllowGroup ftpusers DenyAll </Limit> to this: Code: #<Limit LOGIN> #AllowGroup ftpusers #DenyAll #</Limit> and restart xinetd: Code: /etc/init.d/xinetd restart
Ok - tried that. Now I no longer get the error. I can (apparently) login successfully but I end up with a blank screen apart from the buttons at the top (File Upload, New Folder, FTP Logout). Clicking any of the buttons just results in the screen sitting there waiting to load the page. I can still get in via CuteFTP by the way. --->Followed that thread - I already have a etc/pam.d/ftp file as follows: Code: #%PAM-1.0 auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required /lib/security/pam_pwdb.so shadow nullok # If this is enabled, anonymous logins will fail because the 'ftp' user does # not have a "valid" shell, as listed in /etc/shells. # # If you enable this, it is recommended that you do *not* give the 'ftp' # user a real shell. Instead, give the 'ftp' user /bin/false for a shell and # add /bin/false to /etc/shells. #auth required /lib/security/pam_shells.so account required /lib/security/pam_pwdb.so session required /lib/security/pam_pwdb.so Should I change that at all? Thanks
This means you can log in with a normal FTP client, but not with Web-FTP? Anything in the log files? Please post the output of Code: netstat -tap and Code: iptables -L
---> Correct. CuteFTP is fine but Web-FTP just wont work ---> Looks like /etc/ftpuser could be the prob - its missing. Any chance you could post an example for me please as I'm not sure what format it should be in. --->netstat -tap Code: [root@median root]# netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:mysql *:* LISTEN 21527/mysqld tcp 0 0 *:pop3 *:* LISTEN 24240/xinetd tcp 0 0 *:imap *:* LISTEN 24240/xinetd tcp 0 0 *:10000 *:* LISTEN 21892/perl tcp 0 0 *:http *:* LISTEN 21808/httpd tcp 0 0 *:81 *:* LISTEN 21784/ispconfig_htt tcp 0 0 *:ftp *:* LISTEN 24240/xinetd tcp 0 0 median.x.xxxxxxx:domain *:* LISTEN 21837/named tcp 0 0 median.x.xxxxxxx:domain *:* LISTEN 21837/named tcp 0 0 *:ssh *:* LISTEN 21379/sshd tcp 0 0 *:smtp *:* LISTEN 24240/xinetd tcp 0 0 median.v.serveloci:rndc *:* LISTEN 21837/named tcp 0 0 *:https *:* LISTEN 21808/httpd tcp 0 0 *:imaps *:* LISTEN 24240/xinetd tcp 0 0 *:pop3s *:* LISTEN 24240/xinetd tcp 0 1356 median.x.xxxxxxx:ssh cpc1-xxxxx-x-x-xxx:4735 ESTABLISHED 4188/0 --->iptables -L Code: [root@median root]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
It's just a plain text file with one user per line, like this: Code: root daemon bin sys sync games man lp mail news uucp nobody
Ok. This seems a bit strange here. Created /etc/ftpusers, tried to log in to Web-FTP, got the original error of Code: Could not connect as user web1_username and got this in /etc/messages Code: Jan 23 20:04:25 median proftpd[21941]: median.x.domain.net (median.x.domain.net[127.0.0.1]) - FTP session opened. Jan 23 20:04:25 median proftpd: PAM-listfile: Refused user web1_username for service ftp Jan 23 20:04:26 median proftpd[21941]: median.x.domain.net (median.x.domain.net[127.0.0.1]) - PAM(web1_username): Authentication failure. Jan 23 20:04:26 median proftpd[21941]: median.x.domain.net (median.x.domain.net[127.0.0.1]) - FTP session closed. So, I deleted /etc/ftpusers again, try and log in and get blank screens on the left and right; and I get this in /etc/messages: Code: Jan 23 20:20:11 median proftpd[26596]: median.x.domain.net (median.x.domain.net[127.0.0.1]) - FTP session opened. Jan 23 20:20:12 median proftpd: PAM-listfile: Couldn't open /etc/ftpusers Jan 23 20:20:13 median PAM_pwdb[26596]: (ftp) session opened for user web1_username by (uid=0) Any more thoughts? By the way, really appreciate your help here - thanks a million.
Did you put web1_username into /etc/ftpusers? /etc/ftpusers contains all the users that are not allowed to login, so don't put web1_username into it.
I tried it both ways to see what happened. Whilst writing this post, it has suddenly started working If it changes again, I'll be back. Meantime, thanks very much for all your help, Falko and Till. This is a great product - looking forward to version 3.