Hello Guys! I dont know what to do. I try to find answers in web, try many manipulations with config files and etc. But I can not connect to FTP. I have Perfect Install Ubunut 12.04 ISPConfig 3 final. In debug mode in pureftpd: Code: May 24 18:13:10 in pure-ftpd: ([email protected]) [INFO] New connection from 192.168.1.102 May 24 18:13:10 in pure-ftpd: ([email protected]) [DEBUG] Command [user] [username] May 24 18:13:10 in pure-ftpd: ([email protected]) [DEBUG] Command [pass] [<*>] May 24 18:13:14 in pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [username] May 24 18:13:14 in pure-ftpd: ([email protected]) [INFO] Logout. User is created in ISPConfig panel. Password in mysql.conf (pureftpd) is right. Try 127.0.0.1 change to localhost. Try encrypt methods. try to recreate ftp users. Try with TLS and without it. TLS accept is ok. Code: Status: Connecting to 192.168.1.101:21... Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 1 of 50 allowed. Response: 220-Local time is now 18:26. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Command: AUTH TLS Response: 234 AUTH TLS OK. Status: Initializing TLS... Status: Verifying certificate... Command: USER username Status: TLS/SSL connection established. Response: 331 User username OK. Password required Command: PASS ****** Response: 530 Login authentication failed Error: Critical error Error: Could not connect to server Iptables: Code: root@in:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination fail2ban-dovecot-pop3imap tcp -- anywhere anywhere multiport dports pop3,pop3s,imap2,imaps fail2ban-pureftpd tcp -- anywhere anywhere multiport dports ftp fail2ban-sasl tcp -- anywhere anywhere multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s fail2ban-courierauth tcp -- anywhere anywhere multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s fail2ban-couriersmtp tcp -- anywhere anywhere multiport dports smtp,ssmtp fail2ban-postfix tcp -- anywhere anywhere multiport dports smtp,ssmtp fail2ban-apache-overflows tcp -- anywhere anywhere multiport dports http,https fail2ban-apache-noscript tcp -- anywhere anywhere multiport dports http,https fail2ban-ssh-ddos tcp -- anywhere anywhere multiport dports ssh fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh DROP tcp -- anywhere 127.0.0.0/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- base-address.mcast.net/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PAROLE (12 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain PUB_IN (5 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:http PAROLE tcp -- anywhere anywhere tcp dpt:pop3 PAROLE tcp -- anywhere anywhere tcp dpt:imap2 PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:imaps PAROLE tcp -- anywhere anywhere tcp dpt:mysql PAROLE tcp -- anywhere anywhere tcp dpt:http-alt PAROLE tcp -- anywhere anywhere tcp dpts:40110:40210 ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:mysql DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (5 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain fail2ban-apache-noscript (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-apache-overflows (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-courierauth (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-couriersmtp (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-dovecot-pop3imap (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-postfix (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-pureftpd (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-sasl (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-ssh-ddos (1 references) target prot opt source destination RETURN all -- anywhere anywhere Please help to solve this problem.
And you are really sure that you usedthe correct username incl. the prefix as it is dosplayed in the ftp user list? If you use the username without the prefix, the login must fail.
yes I use Username from ISPConfig panel - all name with prefix. I have change prefix to inf[CLIENTID]. User name now is inf3ftp. (ftp is entered by hand, in ftp user creation menu) I check it in ISPCOnfig and in DB too.
Connection to MySQL: Code: 120524 19:57:46 109 Connect ispconfig@localhost on dbispconfig 109 Query set autocommit=0 109 Query SELECT password FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="inf3ftp" 109 Query SELECT uid FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="inf3ftp" 109 Query SELECT gid FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="inf3ftp" 109 Query SELECT dir FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="inf3ftp" 109 Query COMMIT 109 Quit I have installed mod_security, and mod_evasive and configure some php disable_functions. PassivePortRange is on. In ISPConfig firewall too. /var is mounted as nodev, nosuid ISPConfig DNS is not configure at this moment. Now I have a fresh install. Add 2 virtual web sites. I dont know what esle to tell. And where can be a problem. Thnk you.
If you disabled e.g. php exec functions in the php that is used for the ispconfig cronjob (php-cli on debian or ubuntu and php-cgi on other distributions), then ipconfig will fails to create websites correctly and this causes ftp to fail.
You must differentiate between the php.ini files. Disabling exec in cli php.ini makes no sense as cli means shell script anyway. In the cgi and apache php.ini files you can disable exec functions as this affects only your websites and not the ispconfig server cronjob.
For other users: Your PHP configuration and its support by ISPConfig you can check execute: /usr/local/ispconfig/server/server.sh If you see any PHP Warning, please check your php configurations.
