FTP User cannot log-in Proftpd

everisk · August 28, 2013, 11:41am

Hi,

After upgrading to Virtualmin 4.02 gpl, FTP user cannot log-in to Proftpd. I’m using the server administration user to log-in and it looks like the user exists but password is always denied (says wrong password). How do I fix this?


# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
ServerName			“ProFTPD server”

ServerIdent			on “FTP Server ready.”

ServerAdmin			root@localhost

ServerType			standalone

#ServerType			inetd

DefaultServer			on

AccessGrantMsg			“User %u logged in.”

#DisplayConnect			/etc/ftpissue

#DisplayLogin			/etc/ftpmotd

#DisplayGoAway			/etc/ftpgoaway

DeferWelcome			off
Use this to excude users from the chroot
DefaultRoot			~ !adm
Use pam to authenticate (default) and be authoritative
AuthPAMConfig			proftpd

AuthOrder			mod_auth_pam.c* mod_auth_unix.c
Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups			off

UseReverseDNS			off
Port 21 is the standard FTP port.
Port				21
Umask 022 is a good standard umask to prevent new dirs and files
from being group and world writable.
Umask				022
Default to show dot files in directory listings
ListOptions			“-a”
See Configuration.html for these (here are the default values)
#MultilineRFC2228		off

#RootLogin			off

#LoginPasswordPrompt		on

#MaxLoginAttempts		3

#MaxClientsPerHost		none

#AllowForeignAddress		off	# For FXP
Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart		on

AllowStoreRestart		on
To prevent DoS attacks, set the maximum number of child processes
to 30.  If you need to allow more than 30 concurrent connections
at once, simply increase this value.  Note that this ONLY works
in standalone mode, in inetd mode you should use an inetd server
that allows you to limit maximum number of processes per service
(such as xinetd)
MaxInstances			20
Set the user and group that the server normally runs at.
User				nobody

Group				nobody
Disable sendfile by default since it breaks displaying the download speeds in
ftptop and ftpwho
UseSendfile			no
This is where we want to put the pid file
ScoreboardFile			/var/run/proftpd.score
Normally, we want users to do a few things.

  AllowOverwrite		yes
  
    AllowAll
  
RootLogin on

Define the log formats
LogFormat			default	“%h %l %u %t “%r” %s %b”

LogFormat			auth	“%v [%P] %h %t “%r” %s”
TLS
Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html

#TLSEngine			on

#TLSRequired			on

#TLSRSACertificateFile		/etc/pki/tls/certs/proftpd.pem

#TLSRSACertificateKeyFile	/etc/pki/tls/certs/proftpd.pem

#TLSCipherSuite			ALL:!ADH:!DES

#TLSOptions			NoCertRequest

#TLSVerifyClient		off

##TLSRenegotiate		ctrl 3600 data 512000 required off timeout 300

#TLSLog				/var/log/proftpd/tls.log
SQL authentication Dynamic Shared Object (DSO) loading
See README.DSO and howto/DSO.html for more details.
#
LoadModule mod_sql.c
LoadModule mod_sql_mysql.c
LoadModule mod_sql_postgres.c
#
A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
User				ftp
Group				ftp
AccessGrantMsg		“Anonymous login ok, restrictions apply.”

# We want clients to be able to login with “anonymous” as well as “ftp”
UserAlias			anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients			10 “Sorry, max %m users – try again later”

# Put the user into /pub right after login

#DefaultChdir			/pub

# We want ‘welcome.msg’ displayed at login, ‘.message’ displayed in
# each newly chdired directory and tell users to read README* files.
DisplayLogin			/welcome.msg
DisplayFirstChdir		.message
DisplayReadme			README*

# Some more cosmetic and not vital stuff
DirFakeUser			on ftp
DirFakeGroup			on ftp

# Limit WRITE everywhere in the anonymous chroot

DenyAll


# An upload directory that allows storing files but not retrieving
# or creating directories.
<Directory uploads/*>
AllowOverwrite		no

DenyAll



AllowAll



# Don’t write anonymous accesses to the system wtmp file (good idea!)
WtmpLog			off

# Logging for the anonymous transfers
ExtendedLog		/var/log/proftpd/access.log WRITE,READ default
ExtendedLog		/var/log/proftpd/auth.log AUTH auth

#

jimdunn · August 28, 2013, 12:57pm

Maybe try changing “TLSRequired on” to “TLSRequired off”

Maybe try commenting out the “DefaultRoot ~ !adm” line

(also, you have both “RootLogin off” and “RootLogin on”, might want to find a default proftpd.conf file and try it)

These Debian 7.1 conf files (below) work for me.

/etc/proftpd/proftpd.conf

Include /etc/proftpd/modules.conf UseIPv6 off ServerName “example.com” ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayChdir .message true ListOptions “-l” DenyFilter *.*/ Port 21 PassivePorts 35000 35999 MaxInstances 30 User proftpd Group nogroup Umask 022 022 AllowOverwrite on TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log QuotaEngine off Ratios off DelayEngine on ControlsEngine off ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock AdminControlsEngine off Include /etc/proftpd/tls.conf DefaultRoot ~ RootLogin off IdentLookups off ServerIdent on “FTP Server ready.” UseFtpUsers on RequireValidShell on Include /etc/proftpd/conf.d/

/etc/proftpd/tls.conf

TLSEngine on TLSLog /var/log/proftpd/tls.log TLSProtocol SSLv3 TLSv1 TLSRSACertificateFile /etc/proftpd/ftpd-rsa.pem TLSRSACertificateKeyFile /etc/proftpd/ftpd-rsa-key.pem TLSCACertificateFile /etc/ssl/certs/ca-certificates.crt TLSVerifyClient off TLSRenegotiate required off #TLSRequired on TLSOptions AllowClientRenegotiations NoCertRequest NoSessionReuseRequired

Eric · August 28, 2013, 1:26pm

Howdy,

I suspect you’re using CentOS, with a third party repository enabled… ProFTPd from some third party repositories is known to cause the problems you’re seeing.

That issue, and the fix, is described in the section of the following document titled “Why does PHP / ProFTPd no longer work after performing updates? (I’m using CentOS, and enabled third party repositories)”:

https://www.virtualmin.com/documentation/system/faq

everisk · August 29, 2013, 4:29am

Hi Andrey,

That’s fixed it. Thank you!

Another strange thing, I can’t seem to get Virtual server to run as mod_php (there is no mod_php option under Website Option) what do i have to do to see this option or get virtual server to run as mod_php?

I’m on CentOS 6 and Apache version 2.2.15.

Eric · August 29, 2013, 1:27pm

Are you by chance using a third party PHP version as well?

It’s possible that’s related, though there’s a few different things that could cause that.

What output do you see if you run this command:

rpm -qa | grep php5

everisk · August 30, 2013, 3:22am

I ran the command and it outputs nothing

I’m not very good with Linux so I’m not sure what I did when I need something done, usually I just googled what i need and follows the instructions. If I’m running third party PHP, does that mean I need to remove PHP and install it again? will that cos problems with the sites?

Eric · August 30, 2013, 12:39pm

Nuts, I think the command I gave you was slightly incorrect… try this one:

rpm -qa | grep php