proftpd login failed

ilvista · October 7, 2010, 1:10am

hi everyone
i just installed proftpd ,i added a new user called benchabane,but when i try to connect,it keeps telling me login failed

proftpd.conf

# This is a basic ProFTPD configuration file (rename it to 
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName		"ProFTPD on linux-guxt"
ServerType		standalone
DefaultServer		on

# Port 21 is the standard FTP port.
Port			21

# FireWall PortRange for PASV
PassivePorts		40000 40999

# Set DebugLevel to values between 0 and 9
# default is 0
DebugLevel		0

# SystemLog -- Redirect syslogging to a file
SystemLog		/var/log/proftpd/proftpd.log

# Don't use IPv6 support by default.
UseIPv6			off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask			022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances		30

# Set the user and group under which the server will run.
User			ftp
Group			ftp

# Some logging formats
LogFormat default	"%h %l %u %t \"%r\" %s %b"
LogFormat auth		"%v %P] %h %t \"%r\" %s"
LogFormat write		"%h %l %u %t \"%r\" %s %b"

# ------------------------------
# Global Settings
# ------------------------------
<Global>

  # ------------------------------
  # Login
  # ------------------------------

	ServerIdent		on "FTP server ready"
	DeferWelcome		on
	#DisplayConnect		/etc/proftpd/msg

	IdentLookups		off
	UseFtpUsers		off
	RequireValidShell	off

	TimeoutLogin		60
	MaxLoginAttempts	3
	#MaxClientsPerHost	none
	#MaxClientsPerUser	1 "Only one connection at a time."

  # ------------------------------
  # Authentication
  # ------------------------------

	### PAM Authentication
	# AuthPAM: default: on
	AuthPAM			off

	# changed AuthPAMConfig file
	#AuthPAMConfig		proftpd
	### PAM Authentication

	#AuthUserFile		/etc/proftpd/auth/passwd
	#AuthGroupFile		/etc/group

	### order of auth modules
	#AuthOrder		mod_auth_unix.c mod_auth_file.c
	AuthOrder		mod_auth_file.c

  # ------------------------------
  # Post-Login
  # ------------------------------

	DisplayLogin		welcome.msg
	DisplayChdir		.message
	AllowOverride		off

	TimeoutIdle		 600
	TimeoutNoTransfer	 900
	TimeoutStalled		 300
	TimeoutSession		3600

  # ------------------------------
  # Session
  # ------------------------------

	# To cause every FTP user to be "jailed" (chrooted) into their home
	# directory, uncomment this line.
	DefaultRoot		~ web,!users

	DenyFilter              \*.*/
	ListOptions             "-A +R" strict
	UseGlobbing             off

	ShowSymlinks            on
	TimesGMT                on

  # ------------------------------
  # Up- & Download
  # ------------------------------

	# having to delete before uploading is a pain ;)
	AllowOverwrite		on
	AllowRetrieveRestart	on
	HiddenStores		on
	DeleteAbortedStores	on
	#AllowStoreRestart	off	# is contrary to "DeleteAbortedStores"

  # ------------------------------
  # Logging
  # ------------------------------

	WtmpLog			off
	TransferLog		/var/log/proftpd/xferlog

	# Record all logins
	ExtendedLog		/var/log/proftpd/auth.log AUTH auth

	# Logging file/dir access
	ExtendedLog		/var/log/proftpd/access.log WRITE,READ write

	# Paranoia logging level....
	ExtendedLog		/var/log/proftpd/paranoid.log ALL default

	# SQLLogFile
	#SQLLogFile		/var/log/proftpd/SQL.log
</Global>

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

#####
# Include other confs
#Include			/etc/proftpd/conf.d/*.conf

#####

# ------------------------------
# Anonymous Settings
# ------------------------------
# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
	# Limit LOGIN
	#<Limit LOGIN>
	#	Order Allow,Deny
	#	Allow from .examples.net,113.141.114.1
	#	Deny from All
	#</Limit>

	# Limit WRITE everywhere in the anonymous chroot
	<Limit WRITE>
		DenyAll
	</Limit>

	# LoginPasswordPrompt -- Configure to display the passwort prompt or not
	LoginPasswordPrompt off

	# DirFakeMode -- Hide real file/directory permissions
	DirFakeMode 0640

	# DirFakeUser -- Hide real file/directory owner
	DirFakeUser On

	# DirFakeGroup -- Hide real file/directory group
	DirFakeGroup On

  	# We want clients to be able to login with "anonymous" as well as "ftp"
	UserAlias		anonymous ftp

	# Limit the maximum number of anonymous logins
	MaxClients		10
	#MaxRetrieveFileSize	512 Mb

	# Limit Up/Downloads to 255 K/sec
	#TransferRate APPE,RETR,STOR,STOU	255

	# We want 'welcome.msg' displayed at login, and '.message' displayed
	# in each newly chdired directory.
	DisplayLogin		welcome.msg
	DisplayChdir		.message

	#<Directory pub>
	#  <Limit ALL>
	#	Order Allow,Deny
	#	Allow from .examples.net,113.141.114.1
	#	Deny from All
	#  </Limit>
	#</Directory>

	# An upload directory that allows storing files but not retrieving
	# or creating directories.
	#<Directory uploads/*>
	#  <Limit READ>
		DenyAll
	#  </Limit>
	#  <Limit STOR>
		AllowAll
	#  </Limit>
	#</Directory>
</Anonymous>

i didn’t touch the config file ,and i can access the server using the anonymous account "ftp

thx in advance"

ken_yap · October 7, 2010, 1:13am

I think you would need AuthPAM to be on to be able to check against the system password file.

Bear in mind that FTP sends passwords in plaintext so I would advise not using it over the Internet or an untrusted LAN as it’s your login password you are exposing. Unless you use FTP over SSL.

ilvista · October 7, 2010, 9:17pm

yes i did it but still not working.
here is the log files
auth.log

yes i did it but still not working.
here is the log files
auth.log

and the proftp.log

Oct 08 14:41:12 linux-guxt proftpd[4364] linux-guxt.site: ProFTPD 1.3.3rc3 (devel) (built Sat Apr 10 17:44:09 UTC 2010) standalone mode STARTUP
Oct 08 14:41:14 linux-guxt proftpd[4368] linux-guxt.site (localhost[127.0.0.1]): FTP session opened.
Oct 08 14:41:26 linux-guxt proftpd[4368] linux-guxt.site (localhost[127.0.0.1]): USER benchabane: no such user found from localhost [127.0.0.1] to 127.0.0.1:21
Oct 08 14:42:14 linux-guxt proftpd[4368] linux-guxt.site (localhost[127.0.0.1]): Login timeout exceeded, disconnected
Oct 08 14:42:14 linux-guxt proftpd[4368] linux-guxt.site (localhost[127.0.0.1]): Session timed out, disconnected
Oct 08 14:42:14 linux-guxt proftpd[4368] linux-guxt.site (localhost[127.0.0.1]): FTP session closed.
Oct 08 14:46:17 linux-guxt proftpd[4364] linux-guxt.site: ProFTPD killed (signal 15)

ilvista · October 7, 2010, 9:20pm

sorry
the auth log file



ProFTPD on linux-guxt [4118] localhost [08/Oct/2010:14:24:14 -0400] "PASS (hidden)" 530
ProFTPD on linux-guxt [4368] localhost [08/Oct/2010:14:41:20 -0400] "USER benchabane" 331
ProFTPD on linux-guxt [4368] localhost [08/Oct/2010:14:41:26 -0400] "PASS (hidden)" 530
ProFTPD on linux-guxt [4459] localhost [08/Oct/2010:14:46:27 -0400] "USER benchabane" 331
ProFTPD on linux-guxt [4459] localhost [08/Oct/2010:14:46:33 -0400] "PASS (hidden)" 530
ProFTPD on linux-guxt [4503] localhost [08/Oct/2010:14:47:40 -0400] "USER benchabane" 331

ken_yap · October 8, 2010, 1:12am

You probably need a set of entries for proftpd in /etc/pam.d. I haven’t used proftpd for a long time, so you should probably check its documentation.

ken_yap · October 8, 2010, 1:58am

Don’t forget that if you make any changes to the config file you need to restart the service.

ilvista · October 10, 2010, 6:37pm

hi again
I’m not using the PAM authentification,i’m using /etc/proftpd/auth/passwd.but i learned that the passwords are crypted,and all we can find in /etc/passwd is an “x”.
so i tried to copy the encrypted password from the shadow file /etc/shadow and paste it in proftpd authentification file /auth/passwd,and i still get no result.and now the log file says “incorrect password”

Oct 11 17:12:43 linux-guxt proftpd[6170] linux-guxt.site (localhost[127.0.0.1]): FTP session opened.
Oct 11 17:12:52 linux-guxt proftpd[6170] linux-guxt.site (localhost[127.0.0.1]): USER benchabane (Login failed): Incorrect password.
Oct 11 17:12:54 linux-guxt proftpd[6170] linux-guxt.site (localhost[127.0.0.1]): FTP session closed.
Oct 11 17:12:59 linux-guxt proftpd[6174] linux-guxt.site (localhost[127.0.0.1]): FTP session opened.
Oct 11 17:13:09 linux-guxt proftpd[6174] linux-guxt.site (localhost[127.0.0.1]): USER benchabane (Login failed): Incorrect password.

i also used the crypt function to get the md5 and sha crypted version of the password and still no chance
thx in advance

ilvista · October 10, 2010, 10:37pm

wow it works
copy paste from etc/shadow to etc/proftpd/auth/passwd worked ,the format of etc/shadow and /proftpd/auth/passwd is different,we have just to respect it,that’s all;)

anlu42 · March 25, 2012, 2:21pm

A bit of necroposting here, for which I apologize but I am stuck.
I have tried a simple copy paste of the contents in shadow to passwd but no luck. Otherwise my problem is exactly the same as far as I can see.
Any ideas?