Posts Tagged ‘login’
ProFTP configuration is in the details #ftp
I was setting up an anonymous ftp to serve up all my vservers from. (I recently bought 1.5Tb, 1Tb for my PVR and .5Tb for internal storage such as mail, cvs, http, ftp and samba.) I already had a boa web server running on another machine hosting my internal portage tree with overlays, but I preferred ftp for this task as there was no need for a pretty interface and I thought it would be fun to setup.
It had been a while since I configured ProFTPD or any ftp server, and I can only recall setting up one anonymous ftp in 1999. Naturally ftp should be easy to setup with anonymous access, no messing with pam or an authentication stuff. The configuration is pretty much the same as apache, only not as long.
I’m running a really old install of Mandrake, now Mandriva, it was installed in the 25th of December 2001. The machine itself is a laptop Mobile Pentium MMX 200.457Mhz with the original patched/recompiled 2.4.8-26mdk build date Sep 23 17:06:39 CEST 2001. The uptime is back and the main disk is failing, but it has served me well as a web/mail server and development machine. The disk actually comes from a far older machine, which is in my computer cupboard. I’m digressing.
I was installing this ftp server and configured it with the example configs from ProFTP, but it didn’t work. I kept getting:
Connected to localhost.localdomain.
220 ProFTPD 1.2.2 Server (ProFTPD VServer Store) [rphh]
500 AUTH not understood.
500 AUTH not understood.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): ftp
331 Anonymous login ok, send your complete email address as your password.
Password:
530 Login incorrect.
Login failed.
ftp> 221 Goodbye.
User ftp
Group ftp
UserAlias anonymous ftp
RequireValidShell off
So I searched on the internet and read the examples again and the ProFTPD Logins and Authentication howto. I didn’t find the answer until I read the ProFTPD Debugging Problems page and enabled debugging.
proftpd -nd5
The debug outputs:
rphh (127.0.0.1[127.0.0.1]) - connected - local : 127.0.0.1:21
rphh (127.0.0.1[127.0.0.1]) - connected - remote : 127.0.0.1:1525
rphh (127.0.0.1[127.0.0.1]) - FTP session opened.
rphh (127.0.0.1[127.0.0.1]) - received: AUTH GSSAPI
rphh (127.0.0.1[127.0.0.1]) - received: AUTH KERBEROS_V4
rphh (127.0.0.1[127.0.0.1]) - received: USER anonymous
rphh (127.0.0.1[127.0.0.1]) - received: USER anonymous
rphh (127.0.0.1[127.0.0.1]) - received: USER anonymous
rphh (127.0.0.1[127.0.0.1]) - received: USER anonymous
rphh (127.0.0.1[127.0.0.1]) - received: PASS (hidden)
rphh (127.0.0.1[127.0.0.1]) - received: PASS (hidden)
rphh (127.0.0.1[127.0.0.1]) - received: PASS (hidden)
rphh (127.0.0.1[127.0.0.1]) - received: PASS (hidden)
rphh (127.0.0.1[127.0.0.1]) - no supplemental groups found for user 'ftp'
rphh (127.0.0.1[127.0.0.1]) - USER ftp (Login failed): Invalid shell.
rphh (127.0.0.1[127.0.0.1]) - received: SYST
rphh (127.0.0.1[127.0.0.1]) - received: QUIT
rphh (127.0.0.1[127.0.0.1]) - received: QUIT
rphh (127.0.0.1[127.0.0.1]) - FTP session closed.
Which gives me my solution, I don’t have a group ftp or a valid shell. I had changed it previously to nobody:nogroup, which didn’t work. So I changed Group to nogroup, enabled RequireValidShell and restarted the server.
User ftp
Group nogroup
UserAlias anonymous ftp
RequireValidShell off
I ended up spending an hour, where I could have spend 15 minutes because the install added the user ftp, but not the group. Oh well…
Originally posted here.
technorati tags: ftp, ncftp, proftp, boa, http, httpd, debug, authentication, login, server, mandrake, mandriva, chown, nogroup