[CentOS] OT Proftpd stopped authenication for users

Tue Feb 21 22:23:06 UTC 2006
Ed Morrison <edward.morrison at gmail.com>

For some reason proftpd stopped authentication for users.  Anonymous 
access still works but when someone tries to access the server via their 
login it no longer authenticates them.  I recently ran yum where proftpd 
was updated (that said, I'm not sure that caused the problem).  I 
uninstalled the new version and and installed a prior version with no 
change.  Below is a look at my config, a debug cut and paste and the 
current version I am running.  This is a production server with a loss 
of revenue generation for the company and is imperitive that I get 
resolved asap.  Any help would be appreciated!
*
Proftpd Conf:*
#
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName                      "ProFTPD server"
ServerIdent                     on "FTP Server ready."
ServerAdmin                     root at localhost
ServerType                      standalone
DefaultServer                   on
AccessGrantMsg                  "User %u logged in."
DeferWelcome                    off
DefaultRoot                     ~ !adm
AuthPAMAuthoritative            off
IdentLookups                    off
UseReverseDNS                   off
Port                            21
Umask                           022
ListOptions                     "-a"
AllowRetrieveRestart            on
AllowStoreRestart               on
MaxInstances                    20
User                            nobody
Group                           nobody
ScoreboardFile                  /var/run/proftpd.score

<Global>
  AllowOverwrite                yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

# Define the log formats
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine                      on
#TLSRequired                    on
#TLSRSACertificateFile          /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile       /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite                 ALL:!ADH:!DES
#TLSOptions                     NoCertRequest
#TLSVerifyClient                off
##TLSRenegotiate                ctrl 3600 data 512000 required off 
timeout 300
#TLSLog                         /var/log/proftpd/tls.log

##Anonymous Coop CORS Access##

<Anonymous /var/ftp/gps/cors/rinex/>
  <Limit LOGIN>
    AllowAll
  </Limit>
  User                          ftp
  Group                         ftp
  UserAlias                     anonymous ftp
  <Limit WRITE>
    DenyAll
  </Limit>
  <Directory uploads/*>
    <Limit READ>
      AllowAll
    </Limit>
    <Limit STOR>
      DenyAll
    </Limit>
  </Directory>
</Anonymous>



#
##
###
#### NetRS Accounts #####
###
##
#


# Local GPS Accounts (Non VRS)

<Anonymous /var/ftp/pub>
AnonRequirePassword             on
User                            gps
Group                           gps
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>


<Anonymous /var/ftp/gps/gis>
AnonRequirePassword             on
User                            gis
Group                           gis
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>


# VRS FTP Accounts

<Anonymous /var/ftp/gps/cors>
AnonRequirePassword             on
User                            cors
Group                           cors
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
<Limit APPEND>
  AllowAll
</Limit>
<Limit MODIFY>
  AllowAll
</Limit>
</Anonymous>


<Anonymous /var/ftp/gps/rtknet1h>
AnonRequirePassword             on
User                            rtknet1h
Group                           rtknet1h
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
<Limit APPEND>
  AllowAll
</Limit>
<Limit MODIFY>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/gps/rtknet4h>
AnonRequirePassword             on
User                            rtknet4h
Group                           rtknet4h
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
<Limit APPEND>
  AllowAll
</Limit>
<Limit MODIFY>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/csds>
AnonRequirePassword             on
User                            csds
Group                           csds
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>


<Anonymous /var/ftp/gps/cslv>
AnonRequirePassword             on
User                            cslv
Group                           cslv
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>


<Anonymous /var/ftp/gps/andregg>
AnonRequirePassword             on
User                            andregg
Group                           andregg
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/gps/saccity>
AnonRequirePassword             on
User                            saccity
Group                           saccity
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/gps/yubacity>
AnonRequirePassword             on
User                            yubacity
Group                           yubacity
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>


#
##
###
#### RePro Accounts #####
###
##
#


<Anonymous /var/ftp/repro/teichert>
AnonRequirePassword             on
User                            teichert
Group                           teichert
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>


<Anonymous /var/ftp/repro/rexmoore>
AnonRequirePassword             on
User                            rexmoore
Group                           rexmoore
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/repro/msmith>
AnonRequirePassword             on
User                            msmith
Group                           msmith
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/repro/grodgers>
AnonRequirePassword             on
User                            grodgers
Group                           grodgers
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/repro/cimorelli>
AnonRequirePassword             on
User                            cimorelli
Group                           cimorelli
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/repro/capitoleng>
AnonRequirePassword             on
User                            capitoleng
Group                           capitaleng
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/repro/bbuehler>
AnonRequirePassword             on
User                            bbuehler
Group                           bbhueler
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/repro/artegraph>
AnonRequirePassword             on
User                            artegraph
Group                           artegraph
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/repro/capitoliron>
AnonRequirePassword             on
User                            capitoliron
Group                           capitoliron
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/repro/abender>
AnonRequirePassword             on
User                            abender
Group                           abender
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/repro>
AnonRequirePassword             on
User                            repro
Group                           repro
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/repro/reyeng>
AnonRequirePassword             on
User                            reyeng
Group                           reyeng
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/repro/wells>
AnonRequirePassword             on
User                            wells
Group                           wells
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

# Account for the Marketing Department to upload files
<Anonymous /var/ftp/graphix>
AnonRequirePassword             on
User                            graphix
Group                           graphix
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>

# Account for customers to download files
<Anonymous /var/ftp/customer>
AnonRequirePassword             on
User                            customer
Group                           customer
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
#  <Limit LOGIN>
#    AllowAll
#  </Limit>
  <Limit WRITE>
    DenyAll
  </Limit>
  <Limit STOR>
    DenyAll
  </Limit>
  <Limit READ>
    AllowAll
  </Limit>
</Anonymous>

# Account for staff to upload files
<Anonymous /var/ftp/customer>
AnonRequirePassword             on
User                            staff
Group                           staff
#DefaultChdir                    /var/ftp/pub/
RequireValidShell               off
<Limit STOR>
  AllowAll
</Limit>
<Limit WRITE>
  AllowAll
</Limit>
</Anonymous>



# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User                         ftp
#  Group                                ftp
#  AccessGrantMsg               "Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias                    anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients                   10 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir                        /pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files.
#  DisplayLogin                 /welcome.msg
#  DisplayFirstChdir            .message
#  DisplayReadme                        README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser                  on ftpadm
#  DirFakeGroup                 on ftpadm
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite             no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog                      off
#
#  # Logging for the anonymous transfers
#  ExtendedLog          /var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog          /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>



*Debug excerpt:*

ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - FTP session opened.
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD 
command 'USER repro' to mod_tls
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD 
command 'USER repro' to mod_core
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD 
command 'USER repro' to mod_core
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD 
command 'USER repro' to mod_auth
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching CMD command 
'USER repro' to mod_auth
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching LOG_CMD 
command 'USER repro' to mod_log
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD 
command 'PASS (hidden)' to mod_tls
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD 
command 'PASS (hidden)' to mod_core
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD 
command 'PASS (hidden)' to mod_core
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD 
command 'PASS (hidden)' to mod_auth
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching CMD command 
'PASS (hidden)' to mod_auth
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - PAM(repro): 
Authentication failure.
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - USER repro (Login 
failed): Incorrect password.
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching LOG_CMD_ERR 
command 'PASS (hidden)' to mod_log
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching LOG_CMD_ERR 
command 'PASS (hidden)' to mod_auth
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - FTP session closed.


* /usr/sbin/proftpd -l | sort | grep auth*
  mod_auth.c
  mod_auth_file.c
  mod_auth_pam.c
  mod_auth_unix.c



*Proftpd Ver:*
 /usr/sbin/proftpd -l | sort | grep auth
  mod_auth.c
  mod_auth_file.c
  mod_auth_pam.c
  mod_auth_unix.c