ispCP - Board - Support
FTP Login Issue (Not using MySQL) - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: FTP Login Issue (Not using MySQL) (/thread-6532.html)



FTP Login Issue (Not using MySQL) - brianhill1980 - 04-26-2009 02:33 PM

Hey,

I've used ispCP for a while, and love it. I recently re-installed and I'm having a problem getting the FTP working. ProFTPD is running, but it doesn't seem to use the MySQL database that was setup during the ispCP install.

I'll create an ftp user for my domain, but when I go to login, it says Login Incorrect. Viewing the ProFTPD logs it says that the user does not exist, though I can see it in the list of ftp users in ispCP.

I have looked through some of the other threads on the forums, but can't seem to find any answers on how to fix this.

proftpd.conf
Quote:#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on
# If set on you can experience a longer connection delay in many cases.
IdentLookups off

ServerName "Debian"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"

DenyFilter \*.*/

# Use this to jail all users in their homes
# DefaultRoot ~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off

# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4

# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off

# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
#
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

modules.conf
Quote:#
# This file is used to manage DSO modules and features.
#

# This is the directory where DSO modules reside

ModulePath /usr/lib/proftpd

# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded

ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *

LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c

# Install proftpd-mod-mysql or proftpd-mod-pgsql to use this
#LoadModule mod_sql.c

# Install proftpd-mod-ldap to use this
#LoadModule mod_ldap.c

#
# 'SQLBackend mysql' or 'SQLBackend postgres' directives are required
# to have SQL authorization working. You can also comment out the
# unused module here, in alternative.
#

# Install proftpd-mod-mysql to use this
# LoadModule mod_sql_mysql.c

# Install proftpd-mod-pgsql to use this
#LoadModule mod_sql_postgres.c

LoadModule mod_radius.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c

# Install proftpd-mod-ldap to use this
#LoadModule mod_quotatab_ldap.c

# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
#LoadModule mod_quotatab_sql.c
LoadModule mod_quotatab_radius.c
LoadModule mod_wrap.c
LoadModule mod_rewrite.c
LoadModule mod_load.c
LoadModule mod_ban.c
LoadModule mod_wrap2.c
LoadModule mod_wrap2_file.c
# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
#LoadModule mod_wrap2_sql.c
LoadModule mod_dynmasq.c


# keep this module the last one
LoadModule mod_ifsession.c

sql.conf
Quote:#
# Proftpd sample configuration for SQL-based authentication.
#
# (This is not to be used if you prefer a PAM-based SQL authentication)
#

<IfModule mod_sql.c>
#
# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
#SQLBackend mysql
#
#SQLEngine on
#SQLAuthenticate on
#
# Use both a crypted or plaintext password
#SQLAuthTypes Crypt Plaintext
#
# Use a backend-crypted or a crypted password
#SQLAuthTypes Backend Crypt
#
# Connection
#SQLConnectInfo proftpd@sql.example.com proftpd_user proftpd_password
#
# Describes both users/groups tables
#
#SQLUserInfo users userid passwd uid gid homedir shell
#SQLGroupInfo groups groupname gid members
#
</IfModule>

Any help would be appreciated with this. I have had ispCP installed on other servers and never had this problem after a fresh install. I guess something just went a little wonky. I don't know a ton about linux, just enough to get myself into a lot of trouble.

Server is running Debian Lenny.


RE: FTP Login Issue (Not using MySQL) - kurgans - 04-26-2009 05:26 PM

You are using a configuration of proftpd invalid, please follow this link:

http://www.isp-control.net/forum/thread-6456-post-51717.html#pid51717


RE: FTP Login Issue (Not using MySQL) - brianhill1980 - 04-27-2009 01:38 AM

(04-26-2009 05:26 PM)kurgans Wrote:  You are using a configuration of proftpd invalid, please follow this link:

http://www.isp-control.net/forum/thread-6456-post-51717.html#pid51717

My mistake... I was looking at the wrong proftpd.conf file. This is the proper one I think.

/etc/ispcp/proftpd.conf
Quote:#
# ispCP ω (OMEGA) a Virtual Hosting Control System
#
# @copyright 2001-2006 by moleSoftware GmbH
# @copyright 2006-2008 by ispCP | http://isp-control.net
# @version SVN: $Id$
# @link http://isp-control.net
# @author ispCP Team
#
# @license
# This program is free software; you can redistribute it and/or modify it under
# the terms of the MPL General Public License as published by the Free Software
# Foundation; either version 1.1 of the License, or (at your option) any later
# version.
# You should have received a copy of the MPL Mozilla Public License along with
# this program; if not, write to the Open Source Initiative (OSI)
# http://opensource.org | osi@opensource.org
#
################################################################################​
# Includes DSO modules (this is mandatory in proftpd 1.3)
#Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off

ServerName "{HOST_NAME}"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

AllowOverwrite on
UseReverseDNS off
IdentLookups off
AllowStoreRestart on
AllowForeignAddress on

LogFormat traff "%b %u"

TimeoutLogin 120
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir message

ListOptions "-l"
#LsDefaultOptions "-l"

DenyFilter \*.*/

DefaultRoot ~

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off

# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
#PassivePorts 49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Normally, we want files to be overwriteable.
<Directory /*>
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
HideNoAccess on
</Directory>

<Limit ALL>
IgnoreHidden on
</Limit>

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile off

<Global>
RootLogin off
TransferLog /var/log/proftpd/xferlog
ExtendedLog /var/log/proftpd/ftp_traff.log read,write traff
PathDenyFilter "\.quota$"
</Global>

#
# SSL via TLS
#
#<IfModule mod_tls.c>
# TLSEngine off # on for use of TLS
# TLSLog /var/log/proftpd/ftp_ssl.log # where to log to
# TLSProtocol SSLv23 # SSLv23 or TLSv1
# TLSOptions NoCertRequest # either to request the certificate or not
# TLSRSACertificateFile /etc/proftpd/ssl.crt # SSL certfile
# TLSRSACertificateKeyFile /etc/proftpd/ssl.key # SSL keyfile
# TLSVerifyClient off # client verification
#</IfModule>

#
# ISPCP Quota management;
#
<IfModule mod_quotatab.c>
QuotaEngine on
QuotaShowQuotas on
QuotaDisplayUnits Mb

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND $
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_o$
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies

QuotaLock /var/run/proftpd/tally.lock
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# ispCP SQL Managment
# Activate for proftpd >= 1.3
SQLBackend mysql
SQLAuthTypes Crypt
SQLAuthenticate on
SQLConnectInfo {DATABASE_NAME}@{DATABASE_HOST} {DATABASE_USER} {DATABASE_PASS}
SQLUserInfo ftp_users userid passwd uid gid homedir shell
SQLGroupInfo ftp_group groupname gid members
SQLMinUserUID {FTPD_MIN_UID}
SQLMinUserGID {FTPD_MIN_GID}

# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>
Include /etc/proftpd/ispcp/*

From my /var/log/proftpd/proftpd.log
Quote:Apr 26 08:41:09 brianhillphotography.ca proftpd[16766] http://www.brianhillphotography.ca (S0106001b2fd530df.vs.shawcable.net[::ffff:96.48.209.112]): FTP session opened.
Apr 26 08:41:09 brianhillphotography.ca proftpd[16766] http://www.brianhillphotography.ca (S0106001b2fd530df.vs.shawcable.net[::ffff:96.48.209.112]): no such user 'brian@brianhillphotography.ca'
Apr 26 08:41:09 brianhillphotography.ca proftpd[16766] http://www.brianhillphotography.ca (S0106001b2fd530df.vs.shawcable.net[::ffff:96.48.209.112]): USER brian@brianhillphotography.ca: no such user found from S0106001b2fd530df.vs.shawcable.ne$
Apr 26 08:41:09 brianhillphotography.ca proftpd[16766] http://www.brianhillphotography.ca (S0106001b2fd530df.vs.shawcable.net[::ffff:96.48.209.112]): FTP session closed.



RE: FTP Login Issue (Not using MySQL) - kurgans - 04-27-2009 05:07 AM

Uncomment this lines in modules

# Install proftpd-mod-mysql or proftpd-mod-pgsql to use this
LoadModule mod_sql.c

# Install proftpd-mod-mysql to use this
LoadModule mod_sql_mysql.c

And restart proftpd


RE: FTP Login Issue (Not using MySQL) - brianhill1980 - 04-27-2009 05:32 AM

OK... I've done that and I still can't login. Though it's a little different now. It's not giving me an invalid user message. Nothing shows up in my log file when I shutdown and restart proftpd, and when I try to connect, it says it's connected, then disconnected, and says it's going to wait 30 seconds then try again.

Quote:Looking up brianhillphotography.ca
Trying brianhillphotography.ca:21
Connected to brianhillphotography.ca:21

Disconnecting from site brianhillphotography.ca
Waiting 30 seconds until trying to connect again

Any idea's?

There is nothing in my log files for proftpd that shows anything about login attempts.

/var/log/proftpd/proftpd.log is where I'm looking.

It seems to me that during installation some of the files weren't configured properly, or copied to the correct locations. If I run the installation process again, would that over-write any of the config files and fix this problem? I'm using this for personal purposes, and it's only running one website, so losing data isn't an issue.


RE: FTP Login Issue (Not using MySQL) - brianhill1980 - 04-27-2009 11:33 PM

I'm just going to wipe the system today while at work and re-install. Hopefully the installation process works correctly this time around.

Thanks for trying to help though. If I have any other issues I'll be sure to post them.

I've been using VHCS and ispCP for quite a while now, just over 4 years, and I love it. Keep up the good work guys!


RE: FTP Login Issue (Not using MySQL) - brianhill1980 - 05-03-2009 03:59 AM

I wiped out my server and re-installed everything from scratch, including the OS. It's working fine this time around.