FTP Access

Discussion in 'Installation/Configuration' started by ProTrooper, Aug 15, 2005.

  1. ProTrooper

    ProTrooper New Member

    I finally installed ISPConfig and started to play with it. I created a client and a web site with ftp access, but it will not let me log in. It prompts for a user and password and I tried everything.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Have you checked the "FTP" checkbox for this site?

    And have a look at this thread, it may contain the solution:
    http://www.howtoforge.com/forums/showthread.php?t=196
     
  3. ProTrooper

    ProTrooper New Member

    I tried from a non-firewalled computer to a non-firewalled server both passively and actively. It returns "login incorrect." The FTP access check box is enabled. What is the default login/pass?
     
  4. falko

    falko Super Moderator ISPConfig Developer

  5. ProTrooper

    ProTrooper New Member

    Yah, I read that, but it didn't really help. For some reason I can't find the log file (/var/log/proftpd.log) either. The proftpd service is started. If it would help, I can give you access to the server since it is a test server. Here are the listening services:
    Code:
    Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
    tcp        0      0 *:imaps                     *:*                         LISTEN      1911/xinetd
    tcp        0      0 *:32769                     *:*                         LISTEN      1645/rpc.statd
    tcp        0      0 *:pop3s                     *:*                         LISTEN      1911/xinetd
    tcp        0      0 *:mysql                     *:*                         LISTEN      2001/mysqld
    tcp        0      0 *:pop3                      *:*                         LISTEN      1911/xinetd
    tcp        0      0 *:imap                      *:*                         LISTEN      1911/xinetd
    tcp        0      0 *:sunrpc                    *:*                         LISTEN      1628/portmap
    tcp        0      0 *:81                        *:*                         LISTEN      2290/ispconfig_http
    tcp        0      0 *:ftp                       *:*                         LISTEN      2428/proftpd: (acce
    tcp        0      0 wsip-68-110-129-76.g:domain *:*                         LISTEN      2413/named
    tcp        0      0 Canada.oceanave.net:domain  *:*                         LISTEN      2413/named
    tcp        0      0 Canada.oceanave.net:rndc    *:*                         LISTEN      2413/named
    tcp        0      0 *:smtp                      *:*                         LISTEN      2394/master
    tcp        0      0 *:http                      *:*                         LISTEN      2322/httpd
    tcp        0      0 *:ssh                       *:*                         LISTEN      1903/sshd
    tcp        0      0 ::1:rndc                    *:*                         LISTEN      2413/named
    tcp        0   2276 wsip-68-110-129-76.ga.a:ssh adsl-220-146-77.gnv.b:50030 ESTABLISHED 5566/0
    
    There is nothing after "(acce"
     
  6. ProTrooper

    ProTrooper New Member

    I can log into the stats page with my test user account. Should I be able to log in to the ftp with that account?
     
  7. falko

    falko Super Moderator ISPConfig Developer

    Yes, that's right.
     
  8. ProTrooper

    ProTrooper New Member

    Yah okay that's what I thought. But no... it doesn't work. :(
     
  9. ProTrooper

    ProTrooper New Member

    I tried to connect using an FTP client so I can see all the handshakin' and it returns "login incorrect." Is this an ambiguous error or is the login wrong?
     
  10. falko

    falko Super Moderator ISPConfig Developer

    Can you post your /etc/proftpd.conf here?
     
  11. ProTrooper

    ProTrooper New Member

    Okay, here it is. I didn't manually change anything.
    Code:
    # This is the ProFTPD configuration file
    # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
    
    ServerName                      "ProFTPD server"
    ServerIdent                     on "FTP Server ready."
    ServerAdmin                     root@localhost
    ServerType                      standalone
    #ServerType                     inetd
    DefaultServer                   on
    AccessGrantMsg                  "User %u logged in."
    #DisplayConnect                 /etc/ftpissue
    #DisplayLogin                   /etc/ftpmotd
    #DisplayGoAway                  /etc/ftpgoaway
    DeferWelcome                    off
    
    # Use this to excude users from the chroot
    DefaultRoot                     ~ !adm
    
    # Use pam to authenticate (default) and be authoritative
    AuthPAMConfig                   proftpd
    AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
    
    # Do not perform ident nor DNS lookups (hangs when the port is filtered)
    IdentLookups                    off
    UseReverseDNS                   off
    
    # Port 21 is the standard FTP port.
    Port                            21
    
    # Umask 022 is a good standard umask to prevent new dirs and files
    # from being group and world writable.
    Umask                           022
    
    # Default to show dot files in directory listings
    ListOptions                     "-a"
    
    # See Configuration.html for these (here are the default values)
    #MultilineRFC2228               off
    #RootLogin                      off
    #LoginPasswordPrompt            on
    #MaxLoginAttempts               3
    #MaxClientsPerHost              none
    #AllowForeignAddress            off     # For FXP
    
    # Allow to resume not only the downloads but the uploads too
    AllowRetrieveRestart            on
    AllowStoreRestart               on
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances                    20
    
    # Set the user and group that the server normally runs at.
    User                            nobody
    Group                           nobody
    
    # This is where we want to put the pid file
    ScoreboardFile                  /var/run/proftpd.score
    
    # Normally, we want users to do a few things.
    <Global>
      AllowOverwrite                yes
      <Limit ALL SITE_CHMOD>
        AllowAll
      </Limit>
    </Global>
    
    # Define the log formats
    LogFormat                       default "%h %l %u %t \"%r\" %s %b"
    LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"
    
    # TLS
    # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
    #TLSEngine                      on
    #TLSRequired                    on
    #TLSRSACertificateFile          /usr/share/ssl/certs/proftpd.pem
    #TLSRSACertificateKeyFile       /usr/share/ssl/certs/proftpd.pem
    #TLSCipherSuite                 ALL:!ADH:!DES
    #TLSOptions                     NoCertRequest
    #TLSVerifyClient                off
    ##TLSRenegotiate                ctrl 3600 data 512000 required off timeout 300
    #TLSLog                         /var/log/proftpd/tls.log
    
    # A basic anonymous configuration, with an upload directory.
    #<Anonymous ~ftp>
    #  User                         ftp
    #  Group                                ftp
    #  AccessGrantMsg               "Anonymous login ok, restrictions apply."
    #
    #  # We want clients to be able to login with "anonymous" as well as "ftp"
    #  UserAlias                    anonymous ftp
    #
    #  # Limit the maximum number of anonymous logins
    #  MaxClients                   10 "Sorry, max %m users -- try again later"
    #
    #  # Put the user into /pub right after login
    #  #DefaultChdir                        /pub
    #
    #  # We want 'welcome.msg' displayed at login, '.message' displayed in
    #  # each newly chdired directory and tell users to read README* files.
    #  DisplayLogin                 /welcome.msg
    #  DisplayFirstChdir            .message
    #  DisplayReadme                        README*
    #
    #  # Some more cosmetic and not vital stuff
    #  DirFakeUser                  on ftp
    #  DirFakeGroup                 on ftp
    #
    #  # Limit WRITE everywhere in the anonymous chroot
    #  <Limit WRITE SITE_CHMOD>
    #    DenyAll
    #  </Limit>
    #
    #  # An upload directory that allows storing files but not retrieving
    #  # or creating directories.
    #  <Directory uploads/*>
    #    AllowOverwrite             no
    #    <Limit READ>
    #      DenyAll
    #    </Limit>
    #
    #    <Limit STOR>
    #      AllowAll
    #      AllowAll
    #    </Limit>
    #  </Directory>
    #
    #  # Don't write anonymous accesses to the system wtmp file (good idea!)
    #  WtmpLog                      off
    #
    #  # Logging for the anonymous transfers
    #  ExtendedLog          /var/log/proftpd/access.log WRITE,READ default
    #  ExtendedLog          /var/log/proftpd/auth.log AUTH auth
    #
    #</Anonymous>
    
    
    DefaultRoot ~
    
    Include /etc/proftpd_ispconfig.conf
    
    And in case you want to see /etc/proftpd_ispconfig.conf
    Code:
    ###################################
    #
    # ISPConfig proftpd Configuration File
    #         Version 1.0
    #
    ###################################
    <VirtualHost 68.110.129.76>
            DefaultRoot             ~
            AllowOverwrite          on
            Umask                   002
    </VirtualHost>
    
    Hope this helps!
     
  12. falko

    falko Super Moderator ISPConfig Developer

    Looks good.
    Can you also post /etc/pam.d/ftp here?
     
  13. ProTrooper

    ProTrooper New Member

    Okay hmmm... no /etc/pam.d/ftp but there is a /etc/pam.d/proftpd. Here is what it has:
    Code:
    #%PAM-1.0
    auth       required     pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
    auth       required     pam_stack.so service=system-auth
    auth       required     pam_shells.so
    account    required     pam_stack.so service=system-auth
    session    required     pam_stack.so service=system-auth
    
     
  14. falko

    falko Super Moderator ISPConfig Developer

    Can you create /etc/pam.d/ftp and put this into it?

    Code:
    #%PAM-1.0
    auth    required        pam_unix.so     nullok
    account required        pam_unix.so
    session required        pam_unix.so
    Then restart proftpd:
    Code:
    /etc/init.d/proftpd restart
     
  15. ProTrooper

    ProTrooper New Member

    What.... it worked! Thanks falko. Any ideas what could have happened?
     
  16. falko

    falko Super Moderator ISPConfig Developer

  17. ProTrooper

    ProTrooper New Member

    Oh man... I didn't see page 2... and it was right there. :eek: Sorry about that falko, I really did read it.
     
  18. falko

    falko Super Moderator ISPConfig Developer

    No problem at all! :)
     

Share This Page