[SOLVED] I give up with vsftpd

Issues related to applications and software problems
Exedore
Posts: 6
Joined: 2011/11/08 03:44:15

[SOLVED] I give up with vsftpd

Post by Exedore » 2011/11/08 03:54:52

Always getting 530 Login failed
This is my .conf

[code]anonymous_enable=NO

local_enable=YES

write_enable=YES

local_umask=022
check_shell=NO

#anon_upload_enable=NO

#anon_mkdir_write_enable=YES
.
dirmessage_enable=YES

xferlog_enable=YES

connect_from_port_20=YES

#chown_uploads=NO
#chown_username=username

#xferlog_file=/var/log/vsftpd.log

xferlog_std_format=YES

#idle_session_timeout=600

data_connection_timeout=20

#nopriv_user=ftpsecure

#async_abor_enable=YES

ascii_upload_enable=YES
ascii_download_enable=YES

ftpd_banner=FTP local.

deny_email_enable=NO
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails

#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list

#ls_recurse_enable=YES

listen=YES
local_root=/home/tati

#listen_ipv6=YES
userlist_deny=NO
userlist_file=/etc/vsftpd/user_list

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES[/code]

This is my all-day-fight.
Any help?
Thanks

scottro
Forum Moderator
Posts: 2461
Joined: 2007/09/03 21:18:09
Location: NYC
Contact:

Re: I give up with vsftpd

Post by scottro » 2011/11/08 12:55:36

I haven't use vsftpd for awhile, but I seem to remember that there will also be a list, /etc/ftp, or maybe /etc/ftpusers? that includes a list of accounts that will not be allowed to log in. Is it possible that you're trying to log in with one of those accounts?

Other possibility is firewall, iptables. Lastly selinux. There should be some log somewhere that gives a clue, in /var/log, possibly messages, secure, or maybe there's an ftp log.


Sorry to be so vague, but as I say, I haven't used it in awhile. I would google something like vsftp on CentOS (or RHEL) and see if you can come up with a clear tutorial.

Exedore
Posts: 6
Joined: 2011/11/08 03:44:15

Re: I give up with vsftpd

Post by Exedore » 2011/11/09 12:02:19

Thanks for your answer scottro.

First:
There is not any file or folder /etc/ftpusers, nor /etc/ftp

SELinux:
[code]# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted[/code]
SetSEBool:
[code]setsebool -P ftp_home_dir on[/code]
IPTABLES Rules:
[code]-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT[/code]

what else...

[b]port scanning detects the ftp server[/b]

let me see..

anon user [b]CAN[/b] login to /pub/

Thanks in advance for any helping hand.

Exedore
Posts: 6
Joined: 2011/11/08 03:44:15

Re: I give up with vsftpd

Post by Exedore » 2011/11/09 12:10:20

With all this, the server say:
[code][tati@local ~]$ ftp 127.0.0.1
Connected to 127.0.0.1 (127.0.0.1).
220 FTP local.
Name (127.0.0.1:tati): tati
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp>[/code]

scottro
Forum Moderator
Posts: 2461
Joined: 2007/09/03 21:18:09
Location: NYC
Contact:

Re: I give up with vsftpd

Post by scottro » 2011/11/09 12:53:06

Have you googled for a tutorial. I see this one, not sure how current it is.

http://www.brennan.id.au/14-FTP_Server.html

Exedore
Posts: 6
Joined: 2011/11/08 03:44:15

Re: I give up with vsftpd

Post by Exedore » 2011/11/09 23:02:00

Again thank you [b]scottro[/b], I check that manual, did some changes, but nothing happen.
I'll still fight.

Thank you.

Exedore
Posts: 6
Joined: 2011/11/08 03:44:15

Re: I give up with vsftpd

Post by Exedore » 2011/11/09 23:36:28

Problem solved.
In this case the problem involves the PAM configuration. (/etc/pam.d/vsftpd)
Original directives:
[code]#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include password-auth
account include password-auth
session required pam_loginuid.so
session include password-auth[/code]
I commented this line:
[code]auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed[/code]
So the directives look like this now:
[code]#%PAM-1.0
session optional pam_keyinit.so force revoke
#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include password-auth
account include password-auth
session required pam_loginuid.so
session include password-auth[/code]

Now start tuning up the server.

Thank you very much [b]scottro[/b]

scottro
Forum Moderator
Posts: 2461
Joined: 2007/09/03 21:18:09
Location: NYC
Contact:

Re: I give up with vsftpd

Post by scottro » 2011/11/10 00:25:52

I think you deserve all the credit, you found and fixed it. :)

r_hartman
Posts: 706
Joined: 2009/03/23 15:08:11
Location: Netherlands
Contact:

Re: I give up with vsftpd

Post by r_hartman » 2011/11/10 08:27:30

[quote][code]auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed[/code][/quote]
You may want to try change that line to[code]auth required pam_listfile.so item=user sense=allow file=/etc/vsftpd/ftpusers onerr=succeed[/code] and verify the contents of /etc/vsftpd/ftpusers

Exedore
Posts: 6
Joined: 2011/11/08 03:44:15

Re: I give up with vsftpd

Post by Exedore » 2011/11/10 20:36:01

Already did that [b]r_hartman[/b] but is not work. Commenting the line solves the 530 error msg.

Thank you!

Post Reply

Return to “CentOS 6 - Software Support”