c.hermann | 30 Oct 17:49 2014
Picon

[Proftpd-user] SFTPDigests: unsupported digest algorithm: hmac-sha2-256

Hello i`am trying to configure proftpd with hmac-sha2-256 as 
SFTPDigests.

But when i try to restart the server i get an error: fatal: SFTPDigests: 
unsupported digest algorithm: hmac-sha2-256 on line 25 of 
'/etc/proftpd/proftpd.conf'

Ubuntu 14.04
OpenSSL 1.0.1f 6 Jan 2014
ProFTPD 1.3.6rc1 (git) (built Mi Okt 29 2014 20:07:14 CET) standalone 
mode STARTUP

When i write:

MACs hmac-sha2-256

into the sshd_config, there are noe errors.

Anybody knows a solution or maybe a way to find the problem?

thank you!

------------------------------------------------------------------------------
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Thomas Chitwood | 23 Oct 22:10 2014
Picon

[Proftpd-user] User can't create a directory

I have a chrooted user that can't create a directory in his home directory. We are running ProFTPD Version 1.3.4e on a set of new virtual RedHat Enterprise 6 Linux server. The old servers was running  ProFTPD Version 1.2.10 on RedHat Enterprise 5 Linux serves and this function worked perfectly. Does anyone have any suggestions?

"Why is there never enough time to do it right, but always enough time to do it over?"

Tom Chitwood
------------------------------------------------------------------------------
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Andreas Meyer | 23 Oct 16:08 2014

[Proftpd-user] 425 Unable to build data connection

Hello!

Having trouble to get a FTPS-Session. This the part of proftpd.conf:

<IfModule mod_tls.c>
TLSEngine                  on
TLSLog                     /var/log/proftpd/tls.log
#TLSProtocol                TLSv1 SSLv23
TLSProtocol                SSLv23
TLSOptions                 NoCertRequest NoSessionReuseRequired AllowClientRenegotiations
TLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile   /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient            off
TLSRequired                on
</IfModule>

With ssldump I see this after a successfull login:

    230 User andreas logged in
    ---------------------------------------------------------------
1 34 61.0096 (4.4745)  C>S  application_data
    ---------------------------------------------------------------
    FEAT
    ---------------------------------------------------------------
1 35 61.0111 (0.0015)  S>C  application_data
    ---------------------------------------------------------------
    211-Features:
     MDTM
     MFMT
     TVFS
     AUTH TLS
     UTF8
     MFF modify;UNIX.group;UNIX.mode;
     MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
     PBSZ
     PROT
     LANG it-IT;es-ES;zh-CN;en-US;ru-RU;fr-FR;zh-TW
     REST STREAM
     SIZE
    ---------------------------------------------------------------
1 36 61.0117 (0.0006)  S>C  application_data
    ---------------------------------------------------------------
    211 End
    ---------------------------------------------------------------
1 37 65.5082 (4.4964)  C>S  application_data
    ---------------------------------------------------------------
    PBSZ 0
    ---------------------------------------------------------------
1 38 65.5095 (0.0013)  S>C  application_data
    ---------------------------------------------------------------
    200 PBSZ 0 successful
    ---------------------------------------------------------------
1 39 69.2263 (3.7168)  C>S  application_data
    ---------------------------------------------------------------
    PROT P
    ---------------------------------------------------------------
1 40 69.2320 (0.0057)  S>C  application_data
    ---------------------------------------------------------------
    200 Protection set to Private
    ---------------------------------------------------------------
1 41 73.6404 (4.4083)  C>S  application_data
    ---------------------------------------------------------------
    PWD
    ---------------------------------------------------------------
1 42 73.6419 (0.0015)  S>C  application_data
    ---------------------------------------------------------------
    257 "/" is the current directory
    ---------------------------------------------------------------
1 43 78.0670 (4.4250)  C>S  application_data
    ---------------------------------------------------------------
    NOOP
    ---------------------------------------------------------------
1 44 78.0683 (0.0013)  S>C  application_data
    ---------------------------------------------------------------
    200 NOOP command successful
    ---------------------------------------------------------------
1 45 81.4609 (3.3926)  C>S  application_data
    ---------------------------------------------------------------
    CWD /
    ---------------------------------------------------------------
1 46 81.4627 (0.0017)  S>C  application_data
    ---------------------------------------------------------------
    250 CWD command successful
    ---------------------------------------------------------------
1 47 85.0136 (3.5509)  C>S  application_data
    ---------------------------------------------------------------
    PASV
    ---------------------------------------------------------------
1 48 85.0153 (0.0016)  S>C  application_data
    ---------------------------------------------------------------
    227 Entering Passive Mode (192,168,0,3,157,134).
    ---------------------------------------------------------------
1 49 90.6388 (5.6235)  C>S  application_data
    ---------------------------------------------------------------
    MLSD
    ---------------------------------------------------------------
1 50 90.6404 (0.0015)  S>C  application_data
    ---------------------------------------------------------------
    150 Opening ASCII mode data connection for MLSD
    ---------------------------------------------------------------
1 51 96.9419 (6.3015)  S>C  application_data
    ---------------------------------------------------------------
    425 Unable to build data connection: Die Operation ist nicht erlaubt
    ---------------------------------------------------------------

The tls.log says this:

Okt 23 15:57:47 mod_tls/2.4.3[13541]: using default OpenSSL verification locations (see
$SSL_CERT_DIR environment variable)
Okt 23 15:58:22 mod_tls/2.4.3[13541]: TLS/TLS-C requested, starting TLS handshake
Okt 23 15:58:29 mod_tls/2.4.3[13541]: client supports secure renegotiations
Okt 23 15:58:29 mod_tls/2.4.3[13541]: TLSv1/SSLv3 connection accepted, using cipher RC4-MD5 (128 bits)
Okt 23 15:58:49 mod_tls/2.4.3[13541]: Protection set to Private
Okt 23 15:59:10 mod_tls/2.4.3[13541]: starting TLS negotiation on data connection
Okt 23 15:59:17 mod_tls/2.4.3[13541]: TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
Okt 23 15:59:17 mod_tls/2.4.3[13541]: client did not reuse SSL session, rejecting data connection (see
the NoSessionReuseRequired TLSOptions parameter)
Okt 23 15:59:17 mod_tls/2.4.3[13541]: unable to open data connection: TLS negotiation failed

What' wrong? Allthough I set NoSessionReuseRequired in the TLSOptions, there is
this hint in the tls.log?

Greetings

  Andreas

------------------------------------------------------------------------------
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Ezsra McDonald | 22 Oct 20:51 2014
Picon

[Proftpd-user] CoreFTP implicit FTPS - SSLv3 disabled

We want to disable SSLv3 on our Proftpd server. However, after doing so Core-FTP clients are no longer able to connect via Implicit FTPS. Filezilla works just fine.


sslscan of the server shows the following ciphers are accepted:
    Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5



Core-FTP Error:

Connect socket #928 to 192.168.101.10, port 990...
SSL/TLS error - 0, SSL error - 5, error:00000005:lib(0):func(0):DH lib  
SSL Connection not established




The FTPS configuration is below:

# FTPS IMPLICIT MODE Configuration
#
LoadModule mod_tls.c
<IfModule mod_tls.c>
   #TLSProtocol            SSLv3 TLSv1
   TLSProtocol            TLSv1
   <VirtualHost  192.168.101.10>
        Port                    990
        ServerName              "FTPS Server"

       .......................

        TLSEngine on
        TLSLog /var/log/proftpd/proftpd-tls.log

        # Are clients required to use FTP over TLS when talking to this server?
        #TLSRequired on
        TLSRequired auth+data

        # Server's certificate
        TLSRSACertificateFile           /etc/pki/tls/certs/.........
        TLSRSACertificateKeyFile        /etc/pki/tls/certs/.........
        TLSCertificateChainFile         /etc/pki/tls/certs/.........

        # Authenticate clients that want to use FTP over TLS?
        TLSVerifyClient off
        #TLSVerifyClient on

        # Allow SSL/TLS renegotiations when the client requests them, but
        # do not force the renegotations.  Some clients do not support
        # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
        # clients will close the data connection, or there will be a timeout
        # on an idle data connection.
        TLSRenegotiate none

        #TLSCipherSuite              ALL:!ADH:!DES
        TLSCipherSuite               DEFAULT:!EXP:!LOW

        TLSOptions                   NoSessionReuseRequired UseImplicitSSL
   </VirtualHost>
</IfModule>
------------------------------------------------------------------------------
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Andreas Meyer | 19 Oct 15:29 2014

[Proftpd-user] Display Chdir has no effect

Hello!

I configured

DisplayLogin            /etc/proftpd/welcome.msg
DisplayChdir            /etc/proftpd/.message
DisplayQuit             /etc/proftpd/.quit

Yesterday DisplayChdir worked and was displayed everytime a directory
changed. Today it does not work anymore. Could it has something to do
that I installed MySQL-access for Proftpd?

DisplayLogin            /etc/proftpd/welcome.msg
DisplayQuit             /etc/proftpd/.quit

work just fine. I started proftpd in debug mode with proftpd -d9 -n
and proftpd -nd6 but there is nothing to see regarding DisplayChdir.

Greetings

  Andreas

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Andreas Meyer | 18 Oct 13:27 2014

[Proftpd-user] SQL question

Hello!

I setup proftpd to use MySQL and it is not clear to me, what the
coloumn count int(11) default NULL means.

I see this in den SQLLog:

....
Okt 18 13:18:20 mod_sql/4.3[12194]: cache miss for UID '0'
Okt 18 13:18:20 mod_sql/4.3[12194]: entering    mysql cmd_select
Okt 18 13:18:20 mod_sql/4.3[12194]: entering    mysql cmd_open
Okt 18 13:18:20 mod_sql/4.3[12194]: connection 'default' count is now 2
Okt 18 13:18:20 mod_sql/4.3[12194]: exiting     mysql cmd_open
Okt 18 13:18:20 mod_sql/4.3[12194]: query "SELECT username, password, uid, gid, homedir, shell FROM ftp
WHERE (uid = 0) LIMIT 1"
Okt 18 13:18:20 mod_sql/4.3[12194]: entering    mysql cmd_close
Okt 18 13:18:20 mod_sql/4.3[12194]: connection 'default' count is now 1
Okt 18 13:18:20 mod_sql/4.3[12194]: exiting     mysql cmd_close
Okt 18 13:18:20 mod_sql/4.3[12194]: exiting     mysql cmd_select
.....

Can someone explain?

  Andreas

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Andreas Meyer | 17 Oct 21:38 2014

[Proftpd-user] walking up the directory tree

Hello!

Today I installed Proftpd on an opensuse 12.2. The server is running,
configured with DefaultRoot ~ web,!users

I was thinking with this configuration every systemuser logged in is
limited to its home-directory but this is not the case. Logged in I can
walk the systemtree up and down and even visit other home-directories.

What's wrong?

Greetings

  Andreas

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

TJ Saunders | 16 Oct 17:56 2014

[Proftpd-user] mod_tls and the SSLv3 "POODLE" attack


Some of you may have heard about a new SSL/TLS attack, called "POODLE".  
This attack specifically targets the SSL3 protocol; it is a protocol flaw, 
not an implementation bug in OpenSSL:

  http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html

The question thus is: is proftpd (with mod_tls) vulnerable?  Yes -- it is 
as vulnerable as e.g. Apache, since the vulnerability is in the protocol, 
and how OpenSSL deals with the issue.

To mitigate this attack on your proftpd server, you can work around the 
issue by configuring mod_tls to NOT support SSLv3, using:

  TLSProtocol TLSv1

and, if you have OpenSSL-1.0.1 or later, you can/should enable TLSv1.1 and 
TLSv1.2 as well:

  TLSProtocol TLSv1 TLSv1.1 TLSv1.2

If you want to see which TLS protocol version your FTPS clients are using, 
you can check the TLSLog file; it logs the protocol version, as well as 
ciphersuite negotiated.

In the future, I will be changing mod_tls so that it does not support 
SSLv3 by default; see:

  http://bugs.proftpd.org/show_bug.cgi?id=4114

Once that change is merged, sites which need SSLv3 support will need to 
explicitly request it, e.g.:

  # Enable support for SSLv3
  TLSProtocol SSLv3 TLSv1 TLSv1.1 ...

Cheers,
TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Conquer yourself rather than the world.

     -Descartes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Patricio López | 4 Oct 16:42 2014
Picon

[Proftpd-user] Problem with PAM authentication

Hello

I am trying to setup a linux box with an ftp server and i choose proftpd for this but i am running on a problem of PAM authentication (really just need basic auth here the regular linux user on his/her home directory) here are the details:

Proftpd version:

ProFTPD Version: 1.3.3g (maint)
  Scoreboard Version: 01040003
  Built: Fri Jan 18 2013 16:37:04 UTC

Loaded modules:
  mod_lang/0.9
  mod_ctrls/0.9.4
  mod_cap/1.0
  mod_vroot/0.9.2
  mod_tls/2.4.2
  mod_auth_pam/1.1
  mod_readme.c
  mod_ident/1.0
  mod_dso/0.5
  mod_facts/0.1
  mod_delay/0.6
  mod_site.c
  mod_log.c
  mod_ls.c
  mod_auth.c
  mod_auth_file/0.8.3
  mod_auth_unix.c
  mod_xfer.c
  mod_core.c

OS version: Centos 6.5 2.6.32-431.29.2.el6.x86_64


Here is my proftpd.conf:

ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root <at> localhost
DefaultServer on

VRootEngine on
DefaultRoot ~ !adm
VRootAlias /etc/security/pam_env.conf /etc/security/pam_env.conf

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# If you use NIS/YP/LDAP you may need to disable PersistentPasswd
#PersistentPasswd off

# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS off

# Set the user and group that the server runs as
User nobody
Group nobody

MaxInstances 20

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile off


LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"

<IfDefine TLS>
  TLSEngine on
  TLSRequired on
  TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
  TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
  TLSCipherSuite ALL:!ADH:!DES
  TLSOptions NoCertRequest
  TLSVerifyClient off
  #TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
  TLSLog /var/log/proftpd/tls.log
  <IfModule mod_tls_shmcache.c>
    TLSSessionCache shm:/file=/var/run/proftpd/sesscache
  </IfModule>
</IfDefine>



<IfDefine DYNAMIC_BAN_LISTS>
  LoadModule mod_ban.c
  BanEngine on
  BanLog /var/log/proftpd/ban.log
  BanTable /var/run/proftpd/ban.tab

  # If the same client reaches the MaxLoginAttempts limit 2 times
  # within 10 minutes, automatically add a ban for that client that
  # will expire after one hour.
  BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00

  # Allow the FTP admin to manually add/remove bans
  BanControlsACLs all allow user ftpadm
</IfDefine>

# Global Config - config common to Server Config and all virtual hosts
<Global>

  # Umask 022 is a good standard umask to prevent new dirs and files
  # from being group and world writable
  Umask 022

  # Allow users to overwrite files and change permissions
  AllowOverwrite yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
DefaultRoot ~

</Global>
ServerType standalone

# A basic anonymous configuration, with an upload directory
# Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd
<IfDefine ANONYMOUS_FTP>
  <Anonymous ~ftp>
    User ftp
    Group ftp
    AccessGrantMsg "Anonymous login ok, restrictions apply."

    # We want clients to be able to login with "anonymous" as well as "ftp"
    UserAlias anonymous ftp

    # Limit the maximum number of anonymous logins
    MaxClients 10 "Sorry, max %m users -- try again later"

    # Put the user into /pub right after login
    #DefaultChdir /pub

    # We want 'welcome.msg' displayed at login, '.message' displayed in
    # each newly chdired directory and tell users to read README* files. 
    DisplayLogin /welcome.msg
    DisplayChdir .message
    DisplayReadme README*

    # Cosmetic option to make all files appear to be owned by user "ftp"
    DirFakeUser on ftp
    DirFakeGroup on ftp

    # Limit WRITE everywhere in the anonymous chroot
    <Limit WRITE SITE_CHMOD>
      DenyAll
    </Limit>

    # An upload directory that allows storing files but not retrieving
    # or creating directories.
    <Directory uploads/*>
      AllowOverwrite no
      <Limit READ>
        DenyAll
      </Limit>

      <Limit STOR>
        AllowAll
      </Limit>
    </Directory>

    # Don't write anonymous accesses to the system wtmp file (good idea!)
    WtmpLog off

    # Logging for the anonymous transfers
    ExtendedLog /var/log/proftpd/access.log WRITE,READ default
    ExtendedLog /var/log/proftpd/auth.log AUTH auth

  </Anonymous>
</IfDefine>

PAM file in /etc/pam.d/proftpd:

#%PAM-1.0
session    optional     pam_keyinit.so force revoke
auth   required     pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth   required     pam_shells.so
auth   include password-auth
account    include password-auth
session    required     pam_loginuid.so
session    include password-auth

My test user can login via SSH but no luck for ftp session. BTW i really dont need pam to enforce logins i just need my users to be able to login to their home directory.

Thanks for your kind help.

--
Patricio López Salgado

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Chris Lasater | 22 Sep 21:48 2014
Picon

[Proftpd-user] Couldn't stat remote file

Hi,
     I think I found a bug, but I am unsure if it would be a change for 
proftpd.  If I use the sftp command with a Red Hat 5.x Machine I get 
"Couldn't stat remote file: Permission denied"  when I try with the 
below configuration on sftp.  If I use filezilla or the sftp command on 
a newer OS everything works fine.  Also, if I add LSTAT to the allowed 
Limit section, it starts to work fine.  So it appears to be related to 
change in sftp that makes this problem go away.

### Config

LoadModule mod_sftp.c

User                            user
Group                           user

port 10021

<VirtualHost 0.0.0.0>
         SFTPEngine on
         SFTPLog /home/user/logs/sftp.log
         SFTPHostKey /home/user/proftpd/etc/ssh_host_rsa_key
         SFTPHostKey /home/user/proftpd/etc/ssh_host_dsa_key

         ServerLog /home/user/logs/proftpd.log
         TransferLog /home/user/logs/xferlog.log

         Port 10022

         AuthUserFile /home/user/proftpd/etc/proftpd.users
         WtmpLog off

         ### Access Control
         # Bar use of SITE CHMOD by default
         <Limit ALL SITE_CHMOD>
                 DenyAll
         </Limit>

         <Directory /home/user/backups>
                 <Limit READ DIRS>  ### if LSTAT is added here it works
                         AllowAll
                 </Limit>
         </Directory>

</VirtualHost>

### proftpd version

[user <at> server etc]$ proftpd -vv
ProFTPD Version: 1.3.5 (stable)
   Scoreboard Version: 01040003
   Built: Mon Sep 22 2014 14:25:55 EDT

Loaded modules:
   mod_sftp/0.9.9
   mod_ctrls/0.9.5
   mod_cap/1.1
   mod_ident/1.0
   mod_dso/0.5
   mod_facts/0.3
   mod_delay/0.7
   mod_site.c
   mod_log.c
   mod_ls.c
   mod_auth.c
   mod_auth_file/1.0
   mod_auth_unix.c
   mod_rlimit/1.0
   mod_xfer.c
   mod_core.c

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Henning | 22 Sep 14:03 2014
Picon
Picon

[Proftpd-user] Authenticating against LDAP groupofuniquenames


Hi,

I have to use proftpd LDAP authentication not with PosixGroup 
memberships but with uniquemembers in GroupOfUniqueNames, but I do not 
get it working. Is it possible at all?

Here is the principal layout:

dn: cn=datagroup,ou=Groups,dc=domain,dc=eu
cn: datagroup
objectclass: top
objectclass: groupofuniquenames
uniquemember: uid=myuser,ou=People,dc=domain,dc=eu

dn: uid=myuser,ou=People,dc=domain,dc=eu
authorizedservice: service
cn: MyUser
givenname: MyUser
homedirectory: /home/myuser
mail: myuser <at> domain.eu
mailhost: localhost
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: person
objectclass: top
objectclass: authorizedServiceObject
authorizedservice: proftpd
ou: ou=people,dc=domain,dc=eu
sn: MyUser
uid: myuser

The user should be able to authenticate if (authorizedservice=proftpd) 
and the membership in datagroup should be mapped to a proftpd group 
membership to be used with LIMIT directives. homedirectory should be 
recognized as well if possible.

best regards
Henning

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html


Gmane