[CentOS] OT - Proftpd Authentication Failure - FIXED

Ed Morrison edward.morrison at gmail.com
Wed Dec 14 04:48:17 UTC 2005


Mike Kercher wrote:

>centos-bounces at centos.org <> scribbled on Tuesday, December 13, 2005 6:23
>PM:
>
>  
>
>>I have installed proftpd on a new x86_64 server:
>>[root at ftp ~]# uname -a
>>Linux ftp.csdsinc.com 2.6.9-22.0.1.ELsmp #1 SMP Thu Oct 27
>>14:49:37 CDT
>>2005 x86_64 x86_64 x86_64 GNU/Linux
>>
>>CentOS release 4.2 (Final)
>>
>>Proftpd Ver:
>>[root at ftp ~]# rpm -q proftpd
>>proftpd-1.2.10-8.2.el4.rf
>>
>>Selinux is disabled
>>
>>Modified debug file excerpt:
>>xxx.xxxxx.com - ProFTPD 1.2.10 (stable) (built Fri Feb 18 05:56:53 CET
>>2005) standalone mode STARTUP
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - FTP session
>>requested from unknown class xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - connected - local  :
>>xx.xx.xx.xx:21
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - connected - remote :
>>xx.xx.xx.xx:2208
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - FTP session opened.
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching
>>PRE_CMD command 'USER wells' to mod_tls xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'USER wells' to mod_core xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'USER wells' to mod_core xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'USER wells' to mod_auth xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching CMD command 'USER
>>wells' to mod_auth xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) -
>>dispatching LOG_CMD command 'USER wells' to mod_log
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching
>>PRE_CMD command 'PASS (hidden)' to mod_tls xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'PASS (hidden)' to mod_core xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'PASS (hidden)' to mod_core xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'PASS (hidden)' to mod_auth xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching CMD command 'PASS
>>(hidden)' to mod_auth xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - PAM(wells): Module is unknown.
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - USER wells (Login failed):
>>Incorrect password.
>>xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching
>>LOG_CMD_ERR command 'PASS (hidden)' to mod_log xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching LOG_CMD_ERR command
>>'PASS (hidden)' to mod_auth xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'QUIT' to mod_tls xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) -
>>dispatching PRE_CMD command 'QUIT' to mod_core xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching PRE_CMD command
>>'QUIT' to mod_core xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) -
>>dispatching PRE_CMD command 'QUIT' to mod_log xxx.xxxxx.com
>>(xx.xx.xx.xx[xx.xx.xx.xx]) - dispatching CMD command 'QUIT'
>>to mod_core xxx.xxxxx.com (xx.xx.xx.xx[xx.xx.xx.xx]) - FTP
>>session closed.
>>
>>
>>This is a copy of a working server i386 running:
>>[em at helpdesk em]$ uname -a
>>Linux helpdesk.csdsinc.com 2.4.21-37.EL #1 Wed Sep 28
>>14:14:23 EDT 2005
>>i686 i686 i386 GNU/Linux
>>CentOS 3.6, proftpd-1.2.10-8.1.el3.dag
>>
>>The 3.6 box works and the 4.2 box will not authenticate any
>>user.   I'm
>>concernesd with the "PAM(wells): Module is unknown."  Any ideas?
>>
>>
>>    
>>
>
>Does the wells user have a valid shell as defined in /etc/shells?  Also,
>make sure that wells wasn't added to /etc/ftpusers  My wife's name is
>A(a)manda and this has bitten me a few times.
>
>
>
>
>_______________________________________________
>CentOS mailing list
>CentOS at centos.org
>http://lists.centos.org/mailman/listinfo/centos
>
>  
>
To fix this issue, I had to create a new /etc/pam.d/ftp file.  The file 
now reads like this:

#%PAM-1.0
auth    required        pam_unix.so     nullok
account required        pam_unix.so
session required        pam_unix.so



The original reads like this:
#%PAM-1.0
auth       required     /lib/security/pam_listfile.so item=user 
sense=deny file=/etc/ftpusers onerr=succeed
auth       required     /lib/security/pam_pwdb.so shadow nullok

# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
#
# If you enable this, it is recommended that you do *not* give the 'ftp'
# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
# add /bin/false to /etc/shells.
#auth       required    /lib/security/pam_shells.so

account    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_pwdb.so


I'm not sure what "damage" I've done with mod but it has allowed my ftp 
server to start working.  Anyone understand what is happening?

Thanks.



More information about the CentOS mailing list