Bonjour,

J’ai installé proftpd, impossible de l’utiliser, j’ai dans les logs de proftpd cette ligne

[quote]Jul 20 09:41:22 server1.nosite.com proftpd[23124] server1.nosite.com (192.168.1.1[192.168.1.1]): PAM(user1): Authentication failure.
[/quote]

Quelqu’un a une idée ?

Librement, Adminlinux.

personne a une idée ?

A part te dire de revoir la configuration proftpd associée à l’authentification de tes utilisateurs je n’ai pas trop d’autres idées !

Est ce que tu as ouvert les bons ports sur le firewall ? Y a t-il une redirection correcte vers le serveur en NAT de ces ports si tu es derriere un routeur ?

ça ferais avancer si tu donnais des précisions.

Le problème est que en local sa ne passe même pas, donc c’est pas une question de firewall.

revoir la config, sa fais 4 fois que je recommence caractère par caractère…

tu ferais voir ton fichier de config ?

Voila mon fichier de conf

[quote]#

/etc/proftpd/proftpd.conf – This is a basic ProFTPD configuration file.

To really apply changes reload proftpd after modifications.

Includes DSO modules

Include /etc/proftpd/modules.conf

#ajout perso
DefaultRoot ~
IdentLookups off
ServerIdent on “FTP Server ready.”

Set off to disable IPv6 support which is annoying on IPv4 only boxes.

UseIPv6 off

ServerName "Debian"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions “-l”

DenyFilter *.*/

Port 21 is the standard FTP port.

Port 21

In some cases you have to specify passive ports range to by-pass

firewall limitations. Ephemeral ports can be used for that, but

feel free to use a more narrow range.

PassivePorts 49152 65534

To prevent DoS attacks, set the maximum number of child processes

to 30. If you need to allow more than 30 concurrent connections

at once, simply increase this value. Note that this ONLY works

in standalone mode, in inetd mode you should use an inetd server

that allows you to limit maximum number of processes per service

(such as xinetd)

MaxInstances 30

Set the user and group that the server normally runs at.

User proftpd
Group nogroup

Umask 022 is a good standard umask to prevent new files and dirs

(second parm) from being group and world writable.

Umask 022 022

Normally, we want files to be overwriteable.

AllowOverwrite on

Uncomment this if you are using NIS or LDAP to retrieve passwords:

PersistentPasswd off

Be warned: use of this directive impacts CPU average load!

Uncomment this if you like to see progress and transfer rate with ftpwho

in downloads. That is not needed for uploads rates.

UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

TLSEngine off QuotaEngine on Ratios on

Delay engine reduces impact of the so-called Timing Attack described in

security.lss.hr/index.php?page=d … 2004-10-02

It is on by default.

DelayEngine on ControlsEngine on ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock AdminControlsEngine on

A basic anonymous configuration, no upload directories.

<Anonymous ~ftp>

User ftp

Group nogroup

# We want clients to be able to login with “anonymous” as well as “ftp”

UserAlias anonymous ftp

# Cosmetic changes, all files belongs to ftp user

DirFakeUser on ftp

DirFakeGroup on ftp

RequireValidShell off

# Limit the maximum number of anonymous logins

MaxClients 10

# We want ‘welcome.msg’ displayed at login, and ‘.message’ displayed

# in each newly chdired directory.

DisplayLogin welcome.msg

DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot

<Directory *>

DenyAll

# Uncomment this if you’re brave.

#

# # Umask 022 is a good standard umask to prevent new files and dirs

# # (second parm) from being group and world writable.

# Umask 022 022

#

# DenyAll

#

#

# AllowAll

#

#

[/quote]

Et bien tu tape pas comme il faut ton mot de passe!

Ta config proftpd semble correcte. Tu dois vouloir utiliser un utilisateur qui ne peut pas faire du FTP, tel que www-data, au hasard

matte /etc/ftpusers, et matte /etc/pam.d/proftpd. Tu verra aussi que les utilisateurs n’ayant pas un shell valide ne sont pas autorisés. (/bin/false n’est pas un shell valide, /bin/sh l’est).

Merci pour ta réponse, j’ai vérifier se que tu me suggère, mais rien n’y fais, en fait j’ai suivi se tuto howtoforge.com/perfect_setup_debian_etch qui permet d’installer ISPConfig sur une debian etch 4.0.

Si quelqu’un connais mieux, je suis preneur

…

dans /etc/default/saslauthd

tu as bien

START=yes MECHANISMS="pam"

un /etc/init.d/saslauthd restart se passe sans message d’erreur ?

tu as quoi dans /etc/pam.d/proftpd ?

Salut,

Dans saslauthd j’ai bien se que tu me montre, voici le contenu de /etc/pam.d/proftpd

[code]@include common-auth

This is disabled because anonymous logins will fail otherwise,

unless you give the ‘ftp’ user a valid shell, or /bin/false and add

/bin/false to /etc/shells.

#auth required pam_shells.so

@include common-account
@include common-session

Use pam to authenticate (default) and be authoritative

#AuthPAMConfig proftpd
#AuthOrder mod_auth_pam.c* mod_auth_unix.c

auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so
[/code]

Merci.