For some reason proftpd stopped authentication for users. Anonymous access still works but when someone tries to access the server via their login it no longer authenticates them. I recently ran yum where proftpd was updated (that said, I'm not sure that caused the problem). I uninstalled the new version and and installed a prior version with no change. Below is a look at my config, a debug cut and paste and the current version I am running. This is a production server with a loss of revenue generation for the company and is imperitive that I get resolved asap. Any help would be appreciated! * Proftpd Conf:* # # This is the ProFTPD configuration file # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
ServerName "ProFTPD server" ServerIdent on "FTP Server ready." ServerAdmin root@localhost ServerType standalone DefaultServer on AccessGrantMsg "User %u logged in." DeferWelcome off DefaultRoot ~ !adm AuthPAMAuthoritative off IdentLookups off UseReverseDNS off Port 21 Umask 022 ListOptions "-a" AllowRetrieveRestart on AllowStoreRestart on MaxInstances 20 User nobody Group nobody ScoreboardFile /var/run/proftpd.score
<Global> AllowOverwrite yes <Limit ALL SITE_CHMOD> AllowAll </Limit> </Global>
# Define the log formats LogFormat default "%h %l %u %t "%r" %s %b" LogFormat auth "%v [%P] %h %t "%r" %s"
# TLS # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html #TLSEngine on #TLSRequired on #TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem #TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem #TLSCipherSuite ALL:!ADH:!DES #TLSOptions NoCertRequest #TLSVerifyClient off ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 #TLSLog /var/log/proftpd/tls.log
##Anonymous Coop CORS Access##
<Anonymous /var/ftp/gps/cors/rinex/> <Limit LOGIN> AllowAll </Limit> User ftp Group ftp UserAlias anonymous ftp <Limit WRITE> DenyAll </Limit> <Directory uploads/*> <Limit READ> AllowAll </Limit> <Limit STOR> DenyAll </Limit> </Directory> </Anonymous>
# ## ### #### NetRS Accounts ##### ### ## #
# Local GPS Accounts (Non VRS)
<Anonymous /var/ftp/pub> AnonRequirePassword on User gps Group gps #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/gps/gis> AnonRequirePassword on User gis Group gis #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
# VRS FTP Accounts
<Anonymous /var/ftp/gps/cors> AnonRequirePassword on User cors Group cors #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> <Limit APPEND> AllowAll </Limit> <Limit MODIFY> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/gps/rtknet1h> AnonRequirePassword on User rtknet1h Group rtknet1h #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> <Limit APPEND> AllowAll </Limit> <Limit MODIFY> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/gps/rtknet4h> AnonRequirePassword on User rtknet4h Group rtknet4h #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> <Limit APPEND> AllowAll </Limit> <Limit MODIFY> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/csds> AnonRequirePassword on User csds Group csds #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/gps/cslv> AnonRequirePassword on User cslv Group cslv #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/gps/andregg> AnonRequirePassword on User andregg Group andregg #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/gps/saccity> AnonRequirePassword on User saccity Group saccity #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/gps/yubacity> AnonRequirePassword on User yubacity Group yubacity #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
# ## ### #### RePro Accounts ##### ### ## #
<Anonymous /var/ftp/repro/teichert> AnonRequirePassword on User teichert Group teichert #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/repro/rexmoore> AnonRequirePassword on User rexmoore Group rexmoore #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/repro/msmith> AnonRequirePassword on User msmith Group msmith #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/repro/grodgers> AnonRequirePassword on User grodgers Group grodgers #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/repro/cimorelli> AnonRequirePassword on User cimorelli Group cimorelli #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/repro/capitoleng> AnonRequirePassword on User capitoleng Group capitaleng #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/repro/bbuehler> AnonRequirePassword on User bbuehler Group bbhueler #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/repro/artegraph> AnonRequirePassword on User artegraph Group artegraph #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/repro/capitoliron> AnonRequirePassword on User capitoliron Group capitoliron #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/repro/abender> AnonRequirePassword on User abender Group abender #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/repro> AnonRequirePassword on User repro Group repro #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/repro/reyeng> AnonRequirePassword on User reyeng Group reyeng #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
<Anonymous /var/ftp/repro/wells> AnonRequirePassword on User wells Group wells #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
# Account for the Marketing Department to upload files <Anonymous /var/ftp/graphix> AnonRequirePassword on User graphix Group graphix #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
# Account for customers to download files <Anonymous /var/ftp/customer> AnonRequirePassword on User customer Group customer #DefaultChdir /var/ftp/pub/ RequireValidShell off # <Limit LOGIN> # AllowAll # </Limit> <Limit WRITE> DenyAll </Limit> <Limit STOR> DenyAll </Limit> <Limit READ> AllowAll </Limit> </Anonymous>
# Account for staff to upload files <Anonymous /var/ftp/customer> AnonRequirePassword on User staff Group staff #DefaultChdir /var/ftp/pub/ RequireValidShell off <Limit STOR> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous>
# A basic anonymous configuration, with an upload directory. #<Anonymous ~ftp> # User ftp # Group ftp # AccessGrantMsg "Anonymous login ok, restrictions apply." # # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # # Limit the maximum number of anonymous logins # MaxClients 10 "Sorry, max %m users -- try again later" # # # Put the user into /pub right after login # #DefaultChdir /pub # # # We want 'welcome.msg' displayed at login, '.message' displayed in # # each newly chdired directory and tell users to read README* files. # DisplayLogin /welcome.msg # DisplayFirstChdir .message # DisplayReadme README* # # # Some more cosmetic and not vital stuff # DirFakeUser on ftpadm # DirFakeGroup on ftpadm # # # Limit WRITE everywhere in the anonymous chroot # <Limit WRITE SITE_CHMOD> # DenyAll # </Limit> # # # An upload directory that allows storing files but not retrieving # # or creating directories. # <Directory uploads/*> # AllowOverwrite no # <Limit READ> # DenyAll # </Limit> # # <Limit STOR> # AllowAll # </Limit> # </Directory> # # # Don't write anonymous accesses to the system wtmp file (good idea!) # WtmpLog off # # # Logging for the anonymous transfers # ExtendedLog /var/log/proftpd/access.log WRITE,READ default # ExtendedLog /var/log/proftpd/auth.log AUTH auth # #</Anonymous>
*Debug excerpt:*
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - FTP session opened. ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD command 'USER repro' to mod_tls ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD command 'USER repro' to mod_core ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD command 'USER repro' to mod_core ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD command 'USER repro' to mod_auth ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching CMD command 'USER repro' to mod_auth ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching LOG_CMD command 'USER repro' to mod_log ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_tls ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching CMD command 'PASS (hidden)' to mod_auth ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - PAM(repro): Authentication failure. ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - USER repro (Login failed): Incorrect password. ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - FTP session closed.
* /usr/sbin/proftpd -l | sort | grep auth* mod_auth.c mod_auth_file.c mod_auth_pam.c mod_auth_unix.c
*Proftpd Ver:* /usr/sbin/proftpd -l | sort | grep auth mod_auth.c mod_auth_file.c mod_auth_pam.c mod_auth_unix.c