I finally installed ISPConfig and started to play with it. I created a client and a web site with ftp access, but it will not let me log in. It prompts for a user and password and I tried everything.
Have you checked the "FTP" checkbox for this site? And have a look at this thread, it may contain the solution: http://www.howtoforge.com/forums/showthread.php?t=196
I tried from a non-firewalled computer to a non-firewalled server both passively and actively. It returns "login incorrect." The FTP access check box is enabled. What is the default login/pass?
Yah, I read that, but it didn't really help. For some reason I can't find the log file (/var/log/proftpd.log) either. The proftpd service is started. If it would help, I can give you access to the server since it is a test server. Here are the listening services: Code: Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:imaps *:* LISTEN 1911/xinetd tcp 0 0 *:32769 *:* LISTEN 1645/rpc.statd tcp 0 0 *:pop3s *:* LISTEN 1911/xinetd tcp 0 0 *:mysql *:* LISTEN 2001/mysqld tcp 0 0 *:pop3 *:* LISTEN 1911/xinetd tcp 0 0 *:imap *:* LISTEN 1911/xinetd tcp 0 0 *:sunrpc *:* LISTEN 1628/portmap tcp 0 0 *:81 *:* LISTEN 2290/ispconfig_http tcp 0 0 *:ftp *:* LISTEN 2428/proftpd: (acce tcp 0 0 wsip-68-110-129-76.g:domain *:* LISTEN 2413/named tcp 0 0 Canada.oceanave.net:domain *:* LISTEN 2413/named tcp 0 0 Canada.oceanave.net:rndc *:* LISTEN 2413/named tcp 0 0 *:smtp *:* LISTEN 2394/master tcp 0 0 *:http *:* LISTEN 2322/httpd tcp 0 0 *:ssh *:* LISTEN 1903/sshd tcp 0 0 ::1:rndc *:* LISTEN 2413/named tcp 0 2276 wsip-68-110-129-76.ga.a:ssh adsl-220-146-77.gnv.b:50030 ESTABLISHED 5566/0 There is nothing after "(acce"
I can log into the stats page with my test user account. Should I be able to log in to the ftp with that account?
I tried to connect using an FTP client so I can see all the handshakin' and it returns "login incorrect." Is this an ambiguous error or is the login wrong?
Okay, here it is. I didn't manually change anything. Code: # This is the ProFTPD configuration file # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $ ServerName "ProFTPD server" ServerIdent on "FTP Server ready." ServerAdmin root@localhost ServerType standalone #ServerType inetd DefaultServer on AccessGrantMsg "User %u logged in." #DisplayConnect /etc/ftpissue #DisplayLogin /etc/ftpmotd #DisplayGoAway /etc/ftpgoaway DeferWelcome off # Use this to excude users from the chroot DefaultRoot ~ !adm # Use pam to authenticate (default) and be authoritative AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c # Do not perform ident nor DNS lookups (hangs when the port is filtered) IdentLookups off UseReverseDNS off # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # Default to show dot files in directory listings ListOptions "-a" # See Configuration.html for these (here are the default values) #MultilineRFC2228 off #RootLogin off #LoginPasswordPrompt on #MaxLoginAttempts 3 #MaxClientsPerHost none #AllowForeignAddress off # For FXP # Allow to resume not only the downloads but the uploads too AllowRetrieveRestart on AllowStoreRestart on # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 20 # Set the user and group that the server normally runs at. User nobody Group nobody # This is where we want to put the pid file ScoreboardFile /var/run/proftpd.score # Normally, we want users to do a few things. <Global> AllowOverwrite yes <Limit ALL SITE_CHMOD> AllowAll </Limit> </Global> # Define the log formats LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" # TLS # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html #TLSEngine on #TLSRequired on #TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem #TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem #TLSCipherSuite ALL:!ADH:!DES #TLSOptions NoCertRequest #TLSVerifyClient off ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 #TLSLog /var/log/proftpd/tls.log # A basic anonymous configuration, with an upload directory. #<Anonymous ~ftp> # User ftp # Group ftp # AccessGrantMsg "Anonymous login ok, restrictions apply." # # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # # Limit the maximum number of anonymous logins # MaxClients 10 "Sorry, max %m users -- try again later" # # # Put the user into /pub right after login # #DefaultChdir /pub # # # We want 'welcome.msg' displayed at login, '.message' displayed in # # each newly chdired directory and tell users to read README* files. # DisplayLogin /welcome.msg # DisplayFirstChdir .message # DisplayReadme README* # # # Some more cosmetic and not vital stuff # DirFakeUser on ftp # DirFakeGroup on ftp # # # Limit WRITE everywhere in the anonymous chroot # <Limit WRITE SITE_CHMOD> # DenyAll # </Limit> # # # An upload directory that allows storing files but not retrieving # # or creating directories. # <Directory uploads/*> # AllowOverwrite no # <Limit READ> # DenyAll # </Limit> # # <Limit STOR> # AllowAll # AllowAll # </Limit> # </Directory> # # # Don't write anonymous accesses to the system wtmp file (good idea!) # WtmpLog off # # # Logging for the anonymous transfers # ExtendedLog /var/log/proftpd/access.log WRITE,READ default # ExtendedLog /var/log/proftpd/auth.log AUTH auth # #</Anonymous> DefaultRoot ~ Include /etc/proftpd_ispconfig.conf And in case you want to see /etc/proftpd_ispconfig.conf Code: ################################### # # ISPConfig proftpd Configuration File # Version 1.0 # ################################### <VirtualHost 68.110.129.76> DefaultRoot ~ AllowOverwrite on Umask 002 </VirtualHost> Hope this helps!
Okay hmmm... no /etc/pam.d/ftp but there is a /etc/pam.d/proftpd. Here is what it has: Code: #%PAM-1.0 auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required pam_stack.so service=system-auth auth required pam_shells.so account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth
Can you create /etc/pam.d/ftp and put this into it? Code: #%PAM-1.0 auth required pam_unix.so nullok account required pam_unix.so session required pam_unix.so Then restart proftpd: Code: /etc/init.d/proftpd restart
Oh man... I didn't see page 2... and it was right there. Sorry about that falko, I really did read it.