For some reason proftpd stopped authentication for users. Anonymous
access still works but when someone tries to access the server via their
login it no longer authenticates them. I recently ran yum where proftpd
was updated (that said, I'm not sure that caused the problem). I
uninstalled the new version and and installed a prior version with no
change. Below is a look at my config, a debug cut and paste and the
current version I am running. This is a production server with a loss
of revenue generation for the company and is imperitive that I get
resolved asap. Any help would be appreciated!
*
Proftpd Conf:*
#
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root at localhost
ServerType standalone
DefaultServer on
AccessGrantMsg "User %u logged in."
DeferWelcome off
DefaultRoot ~ !adm
AuthPAMAuthoritative off
IdentLookups off
UseReverseDNS off
Port 21
Umask 022
ListOptions "-a"
AllowRetrieveRestart on
AllowStoreRestart on
MaxInstances 20
User nobody
Group nobody
ScoreboardFile /var/run/proftpd.score
<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s
%b"
LogFormat auth "%v [%P] %h %t \"%r\"
%s"
# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off
timeout 300
#TLSLog /var/log/proftpd/tls.log
##Anonymous Coop CORS Access##
<Anonymous /var/ftp/gps/cors/rinex/>
<Limit LOGIN>
AllowAll
</Limit>
User ftp
Group ftp
UserAlias anonymous ftp
<Limit WRITE>
DenyAll
</Limit>
<Directory uploads/*>
<Limit READ>
AllowAll
</Limit>
<Limit STOR>
DenyAll
</Limit>
</Directory>
</Anonymous>
#
##
###
#### NetRS Accounts #####
###
##
#
# Local GPS Accounts (Non VRS)
<Anonymous /var/ftp/pub>
AnonRequirePassword on
User gps
Group gps
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/gps/gis>
AnonRequirePassword on
User gis
Group gis
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
# VRS FTP Accounts
<Anonymous /var/ftp/gps/cors>
AnonRequirePassword on
User cors
Group cors
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
<Limit APPEND>
AllowAll
</Limit>
<Limit MODIFY>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/gps/rtknet1h>
AnonRequirePassword on
User rtknet1h
Group rtknet1h
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
<Limit APPEND>
AllowAll
</Limit>
<Limit MODIFY>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/gps/rtknet4h>
AnonRequirePassword on
User rtknet4h
Group rtknet4h
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
<Limit APPEND>
AllowAll
</Limit>
<Limit MODIFY>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/csds>
AnonRequirePassword on
User csds
Group csds
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/gps/cslv>
AnonRequirePassword on
User cslv
Group cslv
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/gps/andregg>
AnonRequirePassword on
User andregg
Group andregg
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/gps/saccity>
AnonRequirePassword on
User saccity
Group saccity
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/gps/yubacity>
AnonRequirePassword on
User yubacity
Group yubacity
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
#
##
###
#### RePro Accounts #####
###
##
#
<Anonymous /var/ftp/repro/teichert>
AnonRequirePassword on
User teichert
Group teichert
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/repro/rexmoore>
AnonRequirePassword on
User rexmoore
Group rexmoore
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/repro/msmith>
AnonRequirePassword on
User msmith
Group msmith
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/repro/grodgers>
AnonRequirePassword on
User grodgers
Group grodgers
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/repro/cimorelli>
AnonRequirePassword on
User cimorelli
Group cimorelli
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/repro/capitoleng>
AnonRequirePassword on
User capitoleng
Group capitaleng
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/repro/bbuehler>
AnonRequirePassword on
User bbuehler
Group bbhueler
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/repro/artegraph>
AnonRequirePassword on
User artegraph
Group artegraph
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/repro/capitoliron>
AnonRequirePassword on
User capitoliron
Group capitoliron
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/repro/abender>
AnonRequirePassword on
User abender
Group abender
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/repro>
AnonRequirePassword on
User repro
Group repro
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/repro/reyeng>
AnonRequirePassword on
User reyeng
Group reyeng
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
<Anonymous /var/ftp/repro/wells>
AnonRequirePassword on
User wells
Group wells
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
# Account for the Marketing Department to upload files
<Anonymous /var/ftp/graphix>
AnonRequirePassword on
User graphix
Group graphix
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
# Account for customers to download files
<Anonymous /var/ftp/customer>
AnonRequirePassword on
User customer
Group customer
#DefaultChdir /var/ftp/pub/
RequireValidShell off
# <Limit LOGIN>
# AllowAll
# </Limit>
<Limit WRITE>
DenyAll
</Limit>
<Limit STOR>
DenyAll
</Limit>
<Limit READ>
AllowAll
</Limit>
</Anonymous>
# Account for staff to upload files
<Anonymous /var/ftp/customer>
AnonRequirePassword on
User staff
Group staff
#DefaultChdir /var/ftp/pub/
RequireValidShell off
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Anonymous>
# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
# User ftp
# Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions
apply."
#
# # We want clients to be able to login with "anonymous" as well as
"ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10 "Sorry, max %m users -- try again
later"
#
# # Put the user into /pub right after login
# #DefaultChdir /pub
#
# # We want 'welcome.msg' displayed at login, '.message'
displayed in
# # each newly chdired directory and tell users to read README* files.
# DisplayLogin /welcome.msg
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftpadm
# DirFakeGroup on ftpadm
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE SITE_CHMOD>
# DenyAll
# </Limit>
#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
# <Directory uploads/*>
# AllowOverwrite no
# <Limit READ>
# DenyAll
# </Limit>
#
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>
#
# # Don't write anonymous accesses to the system wtmp file (good idea!)
# WtmpLog off
#
# # Logging for the anonymous transfers
# ExtendedLog /var/log/proftpd/access.log WRITE,READ default
# ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>
*Debug excerpt:*
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - FTP session opened.
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD
command 'USER repro' to mod_tls
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD
command 'USER repro' to mod_core
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD
command 'USER repro' to mod_core
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD
command 'USER repro' to mod_auth
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching CMD command
'USER repro' to mod_auth
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching LOG_CMD
command 'USER repro' to mod_log
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD
command 'PASS (hidden)' to mod_tls
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD
command 'PASS (hidden)' to mod_core
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD
command 'PASS (hidden)' to mod_core
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching PRE_CMD
command 'PASS (hidden)' to mod_auth
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching CMD command
'PASS (hidden)' to mod_auth
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - PAM(repro):
Authentication failure.
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - USER repro (Login
failed): Incorrect password.
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching LOG_CMD_ERR
command 'PASS (hidden)' to mod_log
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching LOG_CMD_ERR
command 'PASS (hidden)' to mod_auth
ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - FTP session closed.
* /usr/sbin/proftpd -l | sort | grep auth*
mod_auth.c
mod_auth_file.c
mod_auth_pam.c
mod_auth_unix.c
*Proftpd Ver:*
/usr/sbin/proftpd -l | sort | grep auth
mod_auth.c
mod_auth_file.c
mod_auth_pam.c
mod_auth_unix.c
