|
Titel: Login Problem Beitrag von: StefanS am 19. Oktober 2006, 12:05:08 Hallo zusammen,
beötige eure Hilfe. Ich habe hier einen RHEL Clone x86_64 (ähnlich wie Centos 4.3). proftp ist Version 1.2.10 von Dag's Repro. Problem: Ich kann mich mit einem am System angelegten User nicht anmelden. Der Login an der shell selbst geht ohne Problem. Ich hatte mal das Problem das in älteren x86_64 Versionen es Probleme mit der "pam" gab, aber das scheint nicht der Fall zu sein. Hier das debug.log [root@vm-sv1 etc]# proftpd -n -d6 - mod_tls/2.0.7: using OpenSSL 0.9.7a Feb 19 2003 - parsing '/etc/proftpd.conf' configuration - <IfModule>: skipping 'mod_delay.c' section - <IfModule>: found 'mod_tls.c' module - dispatching auth request "getpwnam" to module mod_auth_file - dispatching auth request "getpwnam" to module mod_auth_unix - dispatching auth request "getgrnam" to module mod_auth_file - dispatching auth request "getgrnam" to module mod_auth_unix - <IfModule>: found 'mod_sql.c' module - Compiling deny regex '\*.*/'. - Allocated deny regex at location 0x6b24e0. - <Directory /daten/VM-Maschinen/>: adding section for resolved path '/daten/VM-Maschinen' vm-sv1.feltengmbh.de - vm-sv1.feltengmbh.de - Config for TestFTP: vm-sv1.feltengmbh.de - PidFile vm-sv1.feltengmbh.de - RootRevoke vm-sv1.feltengmbh.de - DefaultServer vm-sv1.feltengmbh.de - /daten/VM-Maschinen vm-sv1.feltengmbh.de - Limit vm-sv1.feltengmbh.de - AllowUser vm-sv1.feltengmbh.de - DenyAll vm-sv1.feltengmbh.de - RootRevoke vm-sv1.feltengmbh.de - UseFtpUsers vm-sv1.feltengmbh.de - RequireValidShell vm-sv1.feltengmbh.de - MaxClientsPerHost vm-sv1.feltengmbh.de - DisplayLogin vm-sv1.feltengmbh.de - DisplayFirstChdir vm-sv1.feltengmbh.de - AllowOverride vm-sv1.feltengmbh.de - TimeoutSession vm-sv1.feltengmbh.de - DenyFilter vm-sv1.feltengmbh.de - ListOptions vm-sv1.feltengmbh.de - UseGlobbing vm-sv1.feltengmbh.de - ShowSymlinks vm-sv1.feltengmbh.de - TimesGMT vm-sv1.feltengmbh.de - AllowOverwrite vm-sv1.feltengmbh.de - AllowRetrieveRestart vm-sv1.feltengmbh.de - HiddenStores vm-sv1.feltengmbh.de - DeleteAbortedStores vm-sv1.feltengmbh.de - AllowStoreRestart vm-sv1.feltengmbh.de - Umask vm-sv1.feltengmbh.de - DirUmask vm-sv1.feltengmbh.de - WtmpLog vm-sv1.feltengmbh.de - TransferLog vm-sv1.feltengmbh.de - Limit vm-sv1.feltengmbh.de - DenyGroup vm-sv1.feltengmbh.de - IgnoreHidden vm-sv1.feltengmbh.de - UserID vm-sv1.feltengmbh.de - UserName vm-sv1.feltengmbh.de - GroupID vm-sv1.feltengmbh.de - GroupName vm-sv1.feltengmbh.de - ServerIdent vm-sv1.feltengmbh.de - DeferWelcome vm-sv1.feltengmbh.de - DisplayConnect vm-sv1.feltengmbh.de - IdentLookups vm-sv1.feltengmbh.de - UseFtpUsers vm-sv1.feltengmbh.de - RequireValidShell vm-sv1.feltengmbh.de - TimeoutLogin vm-sv1.feltengmbh.de - MaxLoginAttempts vm-sv1.feltengmbh.de - MaxClientsPerHost vm-sv1.feltengmbh.de - AuthOrder vm-sv1.feltengmbh.de - PassivePorts vm-sv1.feltengmbh.de - DisplayLogin vm-sv1.feltengmbh.de - DisplayFirstChdir vm-sv1.feltengmbh.de - AllowOverride vm-sv1.feltengmbh.de - TimeoutIdle vm-sv1.feltengmbh.de - TimeoutNoTransfer vm-sv1.feltengmbh.de - TimeoutStalled vm-sv1.feltengmbh.de - TimeoutSession vm-sv1.feltengmbh.de - DefaultRoot vm-sv1.feltengmbh.de - DenyFilter vm-sv1.feltengmbh.de - ListOptions vm-sv1.feltengmbh.de - UseGlobbing vm-sv1.feltengmbh.de - ShowSymlinks vm-sv1.feltengmbh.de - TimesGMT vm-sv1.feltengmbh.de - AllowOverwrite vm-sv1.feltengmbh.de - AllowRetrieveRestart vm-sv1.feltengmbh.de - HiddenStores vm-sv1.feltengmbh.de - DeleteAbortedStores vm-sv1.feltengmbh.de - AllowStoreRestart vm-sv1.feltengmbh.de - Umask vm-sv1.feltengmbh.de - DirUmask vm-sv1.feltengmbh.de - DebugLevel vm-sv1.feltengmbh.de - ServerLog vm-sv1.feltengmbh.de - WtmpLog vm-sv1.feltengmbh.de - TransferLog vm-sv1.feltengmbh.de - ExtendedLog vm-sv1.feltengmbh.de - ExtendedLog vm-sv1.feltengmbh.de - ExtendedLog vm-sv1.feltengmbh.de - dispatching auth request "getgroups" to module mod_auth_file vm-sv1.feltengmbh.de - dispatching auth request "getgroups" to module mod_auth_unix vm-sv1.feltengmbh.de - ProFTPD 1.2.10 (stable) (built Fri Feb 10 17:30:26 CET 2006) standalone mode STARTUP vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - FTP session requested from unknown class vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - AuthOrder in effect, resetting auth module order vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - ident lookup disabled vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - connected - local : 192.168.1.113:21 vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - connected - remote : 192.168.1.68:3753 vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - FTP session opened. vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'USER vmuser' to mod_tls vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'USER vmuser' to mod_core vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'USER vmuser' to mod_core vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'USER vmuser' to mod_auth vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "endpwent" to module mod_auth_unix vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "endgrent" to module mod_auth_unix vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching CMD command 'USER vmuser' to mod_auth vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "getgroups" to module mod_auth_unix vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching LOG_CMD command 'USER vmuser' to mod_log vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_tls vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "endpwent" to module mod_auth_unix vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "endgrent" to module mod_auth_unix vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching CMD command 'PASS (hidden)' to mod_auth vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "getgroups" to module mod_auth_unix vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "getpwnam" to module mod_auth_unix vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "gid_name" to module mod_auth_unix vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - USER vmuser (Login failed): Limit access denies login vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - FTP login timed out, disconnected vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "endpwent" to module mod_auth_unix vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - dispatching auth request "endgrent" to module mod_auth_unix vm-sv1.feltengmbh.de (192.168.1.68[192.168.1.68]) - FTP session closed. Übrigens Debug Level, obwohl in der *.conf angegeben logt er nicht in das File. Hier meine proftpd.conf: # This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody/nogroup" and "ftp" for normal operation and anon. ServerName TestFTP ServerType standalone PidFile /var/run/proftpd.pid MaxInstances 30 MaxConnectionRate 4 SocketBindTight off UseReverseDNS off RootRevoke on DefaultServer on MultilineRFC2228 on <IfModule mod_delay.c> DelayEngine off #DelayTable var/run/proftpd/proftpd.delay </IfModule> <IfModule mod_tls.c> TLSProtocol SSLv23 </IfModule> # Log-Formate definieren SystemLog NONE LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" LogFormat write "%h %l %u %t \"%r\" %s %b" # -------------------------------------------- # globale Settings # -------------------------------------------- <Global> User nobody Group nobody # -------------------------------------------- # Login # -------------------------------------------- ServerIdent on "FTP server ready." DeferWelcome on DisplayConnect /etc/proftpd.msg IdentLookups off UseFtpUsers off RequireValidShell off TimeoutLogin 60 MaxLoginAttempts 3 MaxClientsPerHost 3 # -------------------------------------------- # Authentifikation: Standard # -------------------------------------------- <IfModule !mod_sql.c> AuthOrder mod_auth_unix.c <Limit LOGIN> DenyGroup !testftpuser IgnoreHidden on </Limit> </IfModule> # -------------------------------------------- # Authentifikation per SQL # -------------------------------------------- #<IfModule mod_sql.c> #AuthOrder mod_sql.c #SQLConnectInfo db@localhost sqluser pass #SQLUserInfo ftp userid passwd uid gid homedir NULL #SQLAuthTypes Plaintext #SQLAuthenticate users #SQLMinUserUID 1024 #SQLMinUserGID 555 #SQLNegativeCache on #</IfModule> # -------------------------------------------- # TLS Standards # -------------------------------------------- #<IfModule mod_tls.c> #TLSEngine off #TLSTimeoutHandshake 60 #TLSRequired off #TLSVerifyClient off #TLSOptions NoCertRequest #TLSLog /var/log/proftpd/tls.log # TLSCACertificateFile /etc/ssl/certs/CA.cert # CA-Cert optional #</IfModule> # -------------------------------------------- # Post-Login, Timeouts # -------------------------------------------- PassivePorts 49152 65534 DisplayLogin welcome.msg DisplayFirstChdir .message AllowOverride off TimeoutIdle 600 TimeoutNoTransfer 3600 TimeoutStalled 300 TimeoutSession 7200 # -------------------------------------------- # Session # -------------------------------------------- DefaultRoot ~ DenyFilter \*.*/ ListOptions "-An +R" strict UseGlobbing off ShowSymlinks on TimesGMT on # -------------------------------------------- # Up- & Download # -------------------------------------------- AllowOverwrite on AllowRetrieveRestart on HiddenStores off DeleteAbortedStores off AllowStoreRestart on # widerspricht sonst "DeleteAbortedStores" # -------------------------------------------- # Datei & Verzeichnis # -------------------------------------------- Umask 0017 0007 ### hierher alle <Directory>-Bloecke #------------------------------------------ # Directory Anweisungen # xxx #<Directory /weg/zum/speziellen/Verzeichnis1/Upload/> #<Limit RETR DELE> #AllowUser user1 #AllowUser user2 #DenyAll #</Limit> #</Directory> # xxx <Directory /daten/VM-Maschinen/> <Limit RETR DELE> AllowUser vmuser DenyAll </Limit> </Directory> #<Directory /weg/zum/speziellen/Verzeichnis3/Upload/> #<Limit RETR DELE> #AllowUser user1 #DenyAll #</Limit> #</Directory> #<Directory /weg/zum/speziellen/Verzeichnis4/Upload/> #<Limit RETR DELE> #AllowUser user1 #DenyAll #</Limit> #</Directory> # -------------------------------------------- # Anonymous FTP # -------------------------------------------- # <Anonymous /home/ftp> # User ftp # Group ftpuser # UserAlias anonymous ftp # # MaxClients 5 # weniger anonymous-User als Reg.User # MaxRetrieveFileSize 512 Mb # max. Downloadgroesse # # # Geschwindigkeit von Up/Downloads # # auf 255 K/sec. beschraenken # TransferRate APPE,RETR,STOR,STOU 255 # # <Directory *> # HideNoAccess on # <Limit WRITE> # DenyAll # IgnoreHidden on # </Limit> # </Directory> # </Anonymous> # -------------------------------------------- # Logging # -------------------------------------------- debugLevel 6 Serverlog /var/log/proftpd.debug.log WtmpLog off TransferLog /var/log/proftpd/xferlog #Record all logins ExtendedLog /var/log/proftpd/auth.log AUTH auth # Logging file/dir access ExtendedLog /var/log/proftpd/access.log WRITE,READ write # Paranoia logging level.... ExtendedLog /var/log/proftpd/paranoid.log ALL default # fuer Debug: alle modMySQL Kommentare (Datenmenge immens!) #SQLLogFile /var/log/proftpd/sql.log </Global> # -------------------------------------------- # Standard-Server # -------------------------------------------- #DefaultAddress xx.xxx.xxx.xx ServerName TestFTP ServerAdmin Administrator@feltengmbh.de #MasqueradeAddress xxx.xxx.xxx #<IfModule mod_tls.c> #TLSEngine on #TLSRSACertificateFile /etc/ssl/certs/meinserver.tld.cert #TLSRSACertificateKeyFile /etc/ssl/certs/meinserver.tld.key #</IfModule> # -------------------------------------------- # Virtuelle Hosts... # -------------------------------------------- #<VirtualHost 192.168.1.101> #ServerName server2.meinserver.tld #ServerAdmin hostmaster@meinserver.tld #<IfModule mod_tls.c> #TLSEngine on #TLSRSACertificateFile /etc/ssl/certs/server2.meinserver.tld.cert #TLSRSACertificateKeyFile /etc/ssl/certs/server2.meinserver.tld.key #</IfModule> #</VirtualHost> Was mache ich falsch ? Irgend eine Idee ? Danke für jede Hilfe Stefan Titel: Re: Login Problem Beitrag von: StefanS am 20. Oktober 2006, 08:53:56 wirklich niemand eine Idee ?
Titel: Re: Login Problem Beitrag von: VolGas am 20. Oktober 2006, 14:41:08 Hallo!
Nur nicht ungeduldig werden - das ist kein Suportforum, hier läuft alles freiwillig und privat. Die Fehlermedung ist klar und deutlich: "USER vmuser (Login failed): Limit access denies login" Das kommt daher: <Limit LOGIN>Dieses "Limit" erlaubt nur das Einloggen der User der Gruppe "testftpuser". Das ist schon äußerst sinnvoll, wenn auch der Gruppenname "testftpuser" nicht sehr glücklich gewählt ist. Wenn der User "vmuser" nicht dieser Gruppe angehört, hat er "gelitten" und kommt erst gar nicht rein. Also: alle User, die per FTP zugreifen können sollen, in diese Gruppe aufnehmen. mfg. VolGas |