Hi,
I am attempting to get vsftpd working and authenticating against Active Directory. I was able to join my domain during the 10.3 install and am able to login with AD users at the console. That part is working great. What’s not working so good is ftp access.
I am able to connect to ftp no problems but am unable to authenticate with an AD user. I am able to authenticate with a local user so it’s almost as if my vsftpd pam file is incorrect for winbind. I’ve followed various tutorials and how-to’s on vsftpd, winbind, and pam but have not had any success.
I have since went back to the orignal pam.d files and am starting again from square one.
Here is my current vsftpd pam file:
#%PAM-1.0
Uncomment this to achieve what used to be ftpd -A.
auth required pam_listfile.so item=user sense=allow file=/etc/ftpchroot onerr=fail
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
Uncomment the following line for anonymous ftp.
#auth sufficient pam_ftp.so
auth sufficient pam_shells.so debug
auth include common-auth debug
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
common-auth file contains these three lines:
auth required pam_env.so
auth sufficient pam_unix2.so
auth required pam_winbind.so use_first_pass
common-account file:
account requisite pam_unix2.so
account sufficient pam_localuser.so
account required pam_winbind.so use_first_pass
common-password file:
password sufficient pam_winbind.so
password requisite pam_pwcheck.so nullok cracklib
password required pam_unix2.so use_authtok nullok
common-session file:
session optional pam_mkhomedir.so
session required pam_limits.so
session required pam_unix2.so
session required pam_winbind.so
session optional pam_umask.so
I tried tailing /var/messages while attempting to authenticate to vsftp. I can tell that it is successfully searching AD for the username, when I enter a non existent user the log file shows no such user, PAM error was User not know to underlying authentication module, NT error was NT_STATUS_NO_SUCH_USER.
When I try and authenticate with a user that is in AD I get the following:
[pid 4906] CONNECT: Client “127.0.0.1”
[pid 4906] FTP response: Client “127.0.0.1”, “220 Welcom to FTP”
[pid 4906] FTP command: Client “127.0.0.1”, “USER testuser”
[pid 4906] [testuser] FTP response: Client “127.0.0.1”, “331 Please specify the password.”
[pid 4906] [testuser] FTP command: Client “127.0.0.1”, “PASS <password>”
sftp vsftpd: pam_winbind(vsftpd:auth): getting password (0x00000380)
[pid 4905] [testuser] FAIL LOGIN: Client “127.0.0.1”
[pid 4906] [testuser] FTP response: Client “127.0.0.1”, “530 Login incorrect.”
wbinfo -u and wbinfo -g both work and I double check if I had successfully joined the domain with net ads testjoin which returns Join is OK
I’ve also looked at log.winbindd but that file contained nothing indicating any errors.
I’m not sure where or what else to look for. It leaves me scratching my head a bit as gnome is using the same pam.d files and is able to auth against AD just fine.
So at this point any suggestions appreciated!
Thanks,
Cy.