ProFTPD authentication failure

mikelawford · June 23, 2009, 2:27pm

Hi there.

I am running webmin 1.470 and virtualmin Version 3.67. I recently realised that I had not configured my proftpd - and as this would not install via webmin I finally followed one of your forums and installed proftpd version 1.30.

This then allowed me full access to proftpd config via webmin and allowed me to telnet to port 21. As well as this a netstat -tanpu told me that port was open and listening. All good so far.

I then entered virtualmin and clicked one one of the virtual sites, and then added a new FTP user. But when I tried to login with the username I keep getting prompted for a password. I had created teh user with a password and so I entered this - but no matter what un/pw variations I try I keep getting blocked via my FTP client:

STATUS:> [2009/06/23 04:21:31 PM] Socket connected. Waiting for welcome message…
[2009/06/23 04:21:32 PM] 220 FTP Server ready.
STATUS:> [2009/06/23 04:21:32 PM] Connected. Authenticating…
COMMAND:> [2009/06/23 04:21:32 PM] USER diankeftp.dianke
[2009/06/23 04:21:32 PM] 331 Password required for diankeftp.dianke.
COMMAND:> [2009/06/23 04:21:32 PM] PASS *****
[2009/06/23 04:21:35 PM] 530 Login incorrect.
ERROR:> [2009/06/23 04:21:35 PM] Not logged in.
STATUS:> [2009/06/23 04:21:36 PM] Connection closed.

Looking in /var/log/messages I see:

FTP session opened.
PAM(diankeftp.dianke): Authentication failure.

Why is this not authenticating the pw - is there perhaps a path wrong in the config that I have missed (where do virtual hosts add FTP users and pw’s)??

Any and all help is much appreciated!

Eric · June 25, 2009, 2:32pm

The FTP usernames and passwords are kept with the rest of the system users (in /etc/passwd and shadow by default).

It looks like it doesn’t think the username or password is right – you can verify those by going into Edit Mail and FTP Users, and click the username in question.

I’d verify that the username is spelled correctly in there, and you can also verify the password on that screen.

-Eric

mikelawford · June 25, 2009, 2:44pm

Hi Eric - thanks for the reply.

Unfortunately thats not the solution - I have double and triple checked username and password combos by doing exactly what you suggest - it just wont authenticate!

I had a look in teh /etc/passwd file and I can see the user as well - the line looks like:

diankeftp.dianke:x:508:509:root:/home/dianke/public_html:/bin/false.

So still no luck??

Thanks,
Mike

Eric · June 25, 2009, 2:58pm

Does /var/log/secure (or /var/log/auth.log) show any further info?

Is it just this user having trouble – are other users able to log in via FTP?

-Eric

Joe · June 25, 2009, 11:35pm

I’ve occasionally seen third party ProFTPd packages with broken PAM configuration (or other issues). Where did you get your new ProFTPd version from? Our ProFTPd packages are known to work…many others are known to not work.

mikelawford · June 26, 2009, 10:18am

Thanks again for the comments!

Eric : Its all users that I create it’s a problem with the full proftpd module…

I checked the /var/log/secure and see:

Jun 23 15:31:17 onduline proftpd: Deprecated pam_stack module called from service “proftpd”
Jun 23 15:31:17 onduline unix_chkpwd[27305]: password check failed for user (diankeftp.dianke)

This may be beacuse as Joe says it is an incorrect version. The rpm I think I downloaded from a link in these forums - the rpm name is proftpd-1.3.0a-3.el4.i386.rpm. I have CentOS - can you provide a working FTP rpm that I can try? Also please let me know how I uninstall the non working rpm from webmin and re-install the new one.

Thanks!

Eric · June 26, 2009, 1:03pm

Howdy,

Well, ProFTP is normally installed along with the rest of Virtualmin if you use the install.sh script.

If you hadn’t installed with the install.sh script, you can retrieve ProFTP from the Virtualmin software repository here:

http://software.virtualmin.com/gpl/centos/

mikelawford · June 26, 2009, 1:11pm

Well somehow with us it wasnt or perhaps we made an error…

In any event how do I uninstall the incorrect proftpd version or do I not need to uninstall the old version?

I am using CentOS 5.2 so will be using proftpd-1.3.0a-3.el4.i386.rpm - which is exactly what I installed the first time???

Eric · June 26, 2009, 1:55pm

Yeah, if you used the install.sh, and didn’t get ProFTP, something went awry along the way

Hmm, I’m inclined to think at that point that reinstalling ProFTP won’t help – but if you just want to verify you have that straight, you could try:

rpm -Uvh --replacepkgs proftpd-1.3.0a-3.el4.i386.rpm

Joe · June 26, 2009, 3:41pm

I am using CentOS 5.2 so will be using proftpd-1.3.0a-3.el4.i386.rpm - which is exactly what I installed the first time???

You have a third party repository configured that we have no control over. Maybe it works, maybe it doesn’t. We don’t know, and we can’t do anything about it, even if it is broken.

Edit: Oops. Actually, that is our package. Sorry. It should work.

2nd Edit for clarity: We usually build our packages with a “vm” in the version string, but in the case of straight rebuilds from EPEL we use the normal version string, so I’ll know (and others can know) that it’s a straight rebuild of the EPEL package with no changes.

mikelawford · June 29, 2009, 11:49am

Hi - thanks for the feedback.

just to be be sure I reinstalled the correct version to check if that was where the error crept in:

rpm -Uvh --replacepkgs proftpd-1.3.0a-3.el4.i386.rpm
warning: proftpd-1.3.0a-3.el4.i386.rpm: Header V3 DSA signature: NOKEY, key ID a0bdbcf9
Preparing… ########################################### [100%]
1:proftpd ########################################### [100%]

When I tried again I get the same error. Looking at logs I see:

Deprecated pam_stack module called from service “proftpd”

USER diankeftp.dianke (Login failed): Incorrect password.

I even tried changing the password - its not that.

So what now? I need a working FTP client but cannot reinstall the whole server - i will be here forever reconfiguring…

???

Eric · June 29, 2009, 9:18pm

What do you get when you type these two commands:

grep -i pam /etc/proftpd
cat /etc/pam.d/proftpd

mikelawford · June 30, 2009, 9:40am

Here you go:

grep -i pam /etc/proftpd
grep: /etc/proftpd: No such file or directory


cat /etc/pam.d/proftpd
#%PAM-1.0
auth       required     pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       required     pam_stack.so service=system-auth
auth       required     pam_shells.so
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

mikelawford · July 7, 2009, 9:51am

Hi guys - I posted my output - does this shed any light on this as I need to find a resolution one way or another?

DonPeek · August 17, 2009, 2:06am

I did a yum reinstall proftpd and watch it get it from the VM server…
and a pam reinstall

Still the same issue… I am running Centos 5.3 …

mikelawford · August 17, 2009, 1:23pm

Nope - this was never reesolved. If you find out how please do let me know. I keep hitting blanks!

sfbob · August 17, 2009, 2:23pm

I have had similar problems on several machines. I believe (meaning I have not verified) it is related to some perl updates. Here’s what I did and roughly where it happened:

Build CentOS 5.2 box
yum -y update yum (to get fastest mirror)
yum -y update (brings machine to CentOS 5.3)
wget virtualmin GPL install.sh
run install.sh
run virtualmin updates, brings webmin to 1.480 and virtualmin to 3.72
create bogus domain (to catch invalid http requests, separate topic)
create real domain

At this time I have a working box and proftpd works fine.

Then I wanted to install TWiki and updated perl. I believe something in this list caused proftpd to break.

webmin > system > software packages > install gcc
in shell perl -MCPAN -e script, answer geographic prompts and exit
webmin > others > perl modules >> suggested modules
4 modules not installed, install one at a time, I think order is 4 3 1 2, Authen::PAM gave me a lot of trouble with prerequisites, got past that
Note: updating along the way did result in a mix of perl CPAN updates and yum updates, observed by some to be a bad mix
installed application package (TWiki) that required perl
identified and installed additional perl modules required by the package
started working with the package and otherwise left the update process
went to ftp something to the site and got access denied
checked logs and found authorization message referred to above

Since I’m not a heavy ftp user, this could wait. But I’ve broken 3 machines this way.

Patient: It hurts when I do this

Doctor: Well, don’t do that

Repositories for both yum and perl / CPAN are only what is installed by default, nothing special added.

If I get time, I will try to recreate and identify at what step in the process the proftpd breaks.

mikelawford · August 18, 2009, 1:44pm

OK so we think its because of Perl updates. Either way it doesnt work anymore… Can anyone provide a solution?

DonPeek · August 18, 2009, 3:25pm

I have 2 system each with hundreds and hundreds sites, The systems are as close to mirrors as I can keep…
For issues like this…

I did a compare from system to system and could not an answer after hours…

So now I have one system running vsftpd when I gave up on proftpd and the other still running proftpd…

So – I got a temp fix… Give up and wait

Don

mikelawford · August 19, 2009, 12:40pm

Ok so should I install vsftpd? Is there a quick way (like via webmin or yum) to do so?