Mike Kercher wrote:
centos-bounces@centos.org <> scribbled on Tuesday, December 13, 2005 6:23 PM:
I have installed proftpd on a new x86_64 server: [root@ftp ~]# uname -a Linux ftp.csdsinc.com 2.6.9-22.0.1.ELsmp #1 SMP Thu Oct 27 14:49:37 CDT 2005 x86_64 x86_64 x86_64 GNU/Linux
CentOS release 4.2 (Final)
Proftpd Ver: [root@ftp ~]# rpm -q proftpd proftpd-1.2.10-8.2.el4.rf
Selinux is disabled
Modified debug file excerpt: xxx.xxxxx.com - ProFTPD 1.2.10 (stable) (built Fri Feb 18 05:56:53 CET 2005) standalone mode STARTUP xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - FTP session requested from unknown class xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - connected - local : xx.xx.xx.xx:21 xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - connected - remote : xx.xx.xx.xx:2208 xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - FTP session opened. xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command 'USER wells' to mod_tls xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command 'USER wells' to mod_core xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command 'USER wells' to mod_core xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command 'USER wells' to mod_auth xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching CMD command 'USER wells' to mod_auth xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching LOG_CMD command 'USER wells' to mod_log xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_tls xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching CMD command 'PASS (hidden)' to mod_auth xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - PAM(wells): Module is unknown. xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - USER wells (Login failed): Incorrect password. xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command 'QUIT' to mod_tls xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command 'QUIT' to mod_core xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command 'QUIT' to mod_core xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command 'QUIT' to mod_log xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching CMD command 'QUIT' to mod_core xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - FTP session closed.
This is a copy of a working server i386 running: [em@helpdesk em]$ uname -a Linux helpdesk.csdsinc.com 2.4.21-37.EL #1 Wed Sep 28 14:14:23 EDT 2005 i686 i686 i386 GNU/Linux CentOS 3.6, proftpd-1.2.10-8.1.el3.dag
The 3.6 box works and the 4.2 box will not authenticate any user. I'm concernesd with the "PAM(wells): Module is unknown." Any ideas?
Does the wells user have a valid shell as defined in /etc/shells? Also, make sure that wells wasn't added to /etc/ftpusers My wife's name is A(a)manda and this has bitten me a few times.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
To fix this issue, I had to create a new /etc/pam.d/ftp file. The file now reads like this:
#%PAM-1.0 auth required pam_unix.so nullok account required pam_unix.so session required pam_unix.so
The original reads like this: #%PAM-1.0 auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required /lib/security/pam_pwdb.so shadow nullok
# If this is enabled, anonymous logins will fail because the 'ftp' user does # not have a "valid" shell, as listed in /etc/shells. # # If you enable this, it is recommended that you do *not* give the 'ftp' # user a real shell. Instead, give the 'ftp' user /bin/false for a shell and # add /bin/false to /etc/shells. #auth required /lib/security/pam_shells.so
account required /lib/security/pam_pwdb.so session required /lib/security/pam_pwdb.so
I'm not sure what "damage" I've done with mod but it has allowed my ftp server to start working. Anyone understand what is happening?
Thanks.