[CentOS] OT - Proftpd Authentication Failure - FIXED
Ed Morrison
edward.morrison at gmail.com
Wed Dec 14 04:48:17 UTC 2005
Mike Kercher wrote:
>centos-bounces at centos.org <> scribbled on Tuesday, December 13, 2005 6:23
>PM:
>
>
>
>>I have installed proftpd on a new x86_64 server:
>>[root at ftp ~]# uname -a
>>Linux ftp.csdsinc.com 2.6.9-22.0.1.ELsmp #1 SMP Thu Oct 27
>>14:49:37 CDT
>>2005 x86_64 x86_64 x86_64 GNU/Linux
>>
>>CentOS release 4.2 (Final)
>>
>>Proftpd Ver:
>>[root at ftp ~]# rpm -q proftpd
>>proftpd-1.2.10-8.2.el4.rf
>>
>>Selinux is disabled
>>
>>Modified debug file excerpt:
>>xxx.xxxxx.com - ProFTPD 1.2.10 (stable) (built Fri Feb 18 05:56:53 CET
>>2005) standalone mode STARTUP
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - FTP session
>>requested from unknown class xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - connected - local :
>>xx.xx.xx.xx:21
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - connected - remote :
>>xx.xx.xx.xx:2208
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - FTP session opened.
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching
>>PRE_CMD command 'USER wells' to mod_tls xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'USER wells' to mod_core xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'USER wells' to mod_core xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'USER wells' to mod_auth xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching CMD command 'USER
>>wells' to mod_auth xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) -
>>dispatching LOG_CMD command 'USER wells' to mod_log
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching
>>PRE_CMD command 'PASS (hidden)' to mod_tls xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'PASS (hidden)' to mod_core xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'PASS (hidden)' to mod_core xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'PASS (hidden)' to mod_auth xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching CMD command 'PASS
>>(hidden)' to mod_auth xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - PAM(wells): Module is unknown.
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - USER wells (Login failed):
>>Incorrect password.
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching
>>LOG_CMD_ERR command 'PASS (hidden)' to mod_log xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching LOG_CMD_ERR command
>>'PASS (hidden)' to mod_auth xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'QUIT' to mod_tls xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) -
>>dispatching PRE_CMD command 'QUIT' to mod_core xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'QUIT' to mod_core xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) -
>>dispatching PRE_CMD command 'QUIT' to mod_log xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching CMD command 'QUIT'
>>to mod_core xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - FTP
>>session closed.
>>
>>
>>This is a copy of a working server i386 running:
>>[em at helpdesk em]$ uname -a
>>Linux helpdesk.csdsinc.com 2.4.21-37.EL #1 Wed Sep 28
>>14:14:23 EDT 2005
>>i686 i686 i386 GNU/Linux
>>CentOS 3.6, proftpd-1.2.10-8.1.el3.dag
>>
>>The 3.6 box works and the 4.2 box will not authenticate any
>>user. I'm
>>concernesd with the "PAM(wells): Module is unknown." Any ideas?
>>
>>
>>
>>
>
>Does the wells user have a valid shell as defined in /etc/shells? Also,
>make sure that wells wasn't added to /etc/ftpusers My wife's name is
>A(a)manda and this has bitten me a few times.
>
>
>
>
>_______________________________________________
>CentOS mailing list
>CentOS at centos.org
>http://lists.centos.org/mailman/listinfo/centos
>
>
>
To fix this issue, I had to create a new /etc/pam.d/ftp file. The file
now reads like this:
#%PAM-1.0
auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so
The original reads like this:
#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user
sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_pwdb.so shadow nullok
# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
#
# If you enable this, it is recommended that you do *not* give the 'ftp'
# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
# add /bin/false to /etc/shells.
#auth required /lib/security/pam_shells.so
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so
I'm not sure what "damage" I've done with mod but it has allowed my ftp
server to start working. Anyone understand what is happening?
Thanks.
More information about the CentOS
mailing list