Edgar Pettijohn III | 18 Nov 01:46 2014

[Proftpd-user] Proftpd on OpenBSD 5.6

Just installed Proftpd 1.3.5 on Openbsd 5.6 everything works great.  

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Carl Mathews | 13 Nov 21:58 2014
Picon

[Proftpd-user] FW: Solaris 11 debug

Josh,
I added DebugLevel 5 in proftpd.conf then restarted proftpd.  It didn't give any more messages. Do I have the
right syntax?  There weren't any errors on startup. Thanks -Carl Mathews 

>Can you set the "DebugLevel" directive in your proftpd.conf? It should
take precedence.

>>I have proftpd 1.3.3g running on a Solaris 11 server. Each Sunday around 17:25 proftpd will not receive
incoming connections for a short time. This has started about a month ago and nothing has changed.  How do I
increase debugging for proftpd?  Proftpd is started by the Service management facility on Solaris? 

Thanks -Carl Mathews

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Carl Mathews | 10 Nov 21:09 2014
Picon

[Proftpd-user] Solaris 11 debug

I have proftpd 1.3.3g running on a Solaris 11 server. Each Sunday around 17:25 proftpd will not receive
incoming connections for a short time. This has started about a month ago and nothing has changed.  How do I
increase debugging for proftpd?  Proftpd is started by the Service management facility on Solaris? 

Thanks -Carl Mathews

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Steve Allwood | 4 Nov 00:47 2014

[Proftpd-user] pam_mount logout insufficient privileges

I am having a problem where pam_mount is unable to unmount the user share after the user logs out due to insufficient privileges. I compared to OpenSSH and it does not have the same issue.

 

Ubuntu server 14.04, proftpd 1.3.5rc3. I looked through the notes on the newer releases of ProFTPD but I don’t see anything called out.

 

Here are the logs

 

OpenSSH:

Nov  3 15:30:55 ftp01 sshd[2905]: pam_unix(sshd:session): session closed for user returnpath_cmf

Nov  3 15:30:55 ftp01 sshd[2905]: (pam_mount.c:706): received order to close things

Nov  3 15:30:55 ftp01 sshd[2905]: command: 'pmvarrun' '-u' 'returnpath_cmf' '-o' '-1'

Nov  3 15:30:55 ftp01 sshd[2905]: (pam_mount.c:441): pmvarrun says login count is 0

Nov  3 15:30:55 ftp01 sshd[2905]: command: 'pmt-ofl' '-k9' '/home/returnpath_cmf'

Nov  3 15:30:55 ftp01 sshd[2905]: (mount.c:889): going to unmount

Nov  3 15:30:55 ftp01 sshd[2905]: (mount.c:267): Mount info: globalconf, user=returnpath_cmf <volume fstype="cifs" server="fileserver" path="share/ftp/returnpath_cmf" mountpoint="/home/returnpath_cmf" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0

Nov  3 15:30:55 ftp01 sshd[2905]: command: 'pmt-ofl' '-k0' '/home/returnpath_cmf'

Nov  3 15:30:55 ftp01 sshd[2905]: command: 'umount' '/home/returnpath_cmf'

Nov  3 15:30:55 ftp01 sshd[2905]: (pam_mount.c:743): pam_mount execution complete

Nov  3 15:30:55 ftp01 sshd[2905]: pam_winbind(sshd:setcred): user 'returnpath_cmf' OK

Nov  3 15:30:55 ftp01 sshd[2905]: (pam_mount.c:116): Clean global config (0)

Nov  3 15:30:55 ftp01 sshd[2905]: (pam_mount.c:133): clean system authtok=0x7f21fc85c080 (0)

 

ProFTPD:

Nov  3 15:33:01 ftp01 proftpd: pam_unix(proftpd:session): session closed for user returnpath_cmf

Nov  3 15:33:01 ftp01 proftpd: (pam_mount.c:706): received order to close things

Nov  3 15:33:01 ftp01 proftpd: (pam_mount.c:538): *** PAM_MOUNT WAS INVOKED WITH INSUFFICIENT PRIVILEGES. (euid=25509)

Nov  3 15:33:01 ftp01 proftpd: (pam_mount.c:539): *** THIS IS A BUG OF THE CALLER. CONSULT YOUR DISTRO.

Nov  3 15:33:01 ftp01 proftpd: (pam_mount.c:540): *** Also see bugs.txt in the pam_mount source tarball/website documentation.

Nov  3 15:33:01 ftp01 proftpd: command: 'pmvarrun' '-u' 'returnpath_cmf' '-o' '-1'

Nov  3 15:33:01 ftp01 proftpd: (spawn.c:130): error setting uid to 0: Operation not permitted

Nov  3 15:33:01 ftp01 proftpd: (pam_mount.c:439): error reading login count from pmvarrun

Nov  3 15:33:01 ftp01 proftpd: (mount.c:889): going to unmount

Nov  3 15:33:01 ftp01 proftpd: (mount.c:786): Could not get realpath of /home/returnpath_cmf: No such file or directory

Nov  3 15:33:01 ftp01 proftpd: (mount.c:267): Mount info: globalconf, user=returnpath_cmf <volume fstype="cifs" server="fileserver" path="share/ftp/returnpath_cmf" mountpoint="/home/returnpath_cmf" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0

Nov  3 15:33:01 ftp01 proftpd: command: 'umount' '/home/returnpath_cmf'

Nov  3 15:33:01 ftp01 proftpd: (mount.c:61): error opening file: Bad file descriptor

Nov  3 15:33:01 ftp01 proftpd: (pam_mount.c:743): pam_mount execution complete

Nov  3 15:33:01 ftp01 proftpd: pam_systemd(proftpd:session): Failed to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory

Nov  3 15:33:01 ftp01 systemd-logind[435]: Removed session 1.

Nov  3 15:33:01 ftp01 proftpd: (pam_mount.c:116): Clean global config (0)

Nov  3 15:33:01 ftp01 proftpd: (pam_mount.c:133): clean system authtok=0x25ef7c0 (0)

------------------------------------------------------------------------------
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Joel Buhr | 3 Nov 02:42 2014

[Proftpd-user] Centos7 SELinux MySQL

What SELinux changes to I need to make to get proftpd to work on centos7. We are able to get the database
connection to work. But users are not able to list the contents of the folder. When we disable SELinux
everything works. 

Joel 
------------------------------------------------------------------------------
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

c.hermann | 30 Oct 17:49 2014
Picon

[Proftpd-user] SFTPDigests: unsupported digest algorithm: hmac-sha2-256

Hello i`am trying to configure proftpd with hmac-sha2-256 as 
SFTPDigests.

But when i try to restart the server i get an error: fatal: SFTPDigests: 
unsupported digest algorithm: hmac-sha2-256 on line 25 of 
'/etc/proftpd/proftpd.conf'

Ubuntu 14.04
OpenSSL 1.0.1f 6 Jan 2014
ProFTPD 1.3.6rc1 (git) (built Mi Okt 29 2014 20:07:14 CET) standalone 
mode STARTUP

When i write:

MACs hmac-sha2-256

into the sshd_config, there are noe errors.

Anybody knows a solution or maybe a way to find the problem?

thank you!

------------------------------------------------------------------------------
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Thomas Chitwood | 23 Oct 22:10 2014
Picon

[Proftpd-user] User can't create a directory

I have a chrooted user that can't create a directory in his home directory. We are running ProFTPD Version 1.3.4e on a set of new virtual RedHat Enterprise 6 Linux server. The old servers was running  ProFTPD Version 1.2.10 on RedHat Enterprise 5 Linux serves and this function worked perfectly. Does anyone have any suggestions?

"Why is there never enough time to do it right, but always enough time to do it over?"

Tom Chitwood
------------------------------------------------------------------------------
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Andreas Meyer | 23 Oct 16:08 2014

[Proftpd-user] 425 Unable to build data connection

Hello!

Having trouble to get a FTPS-Session. This the part of proftpd.conf:

<IfModule mod_tls.c>
TLSEngine                  on
TLSLog                     /var/log/proftpd/tls.log
#TLSProtocol                TLSv1 SSLv23
TLSProtocol                SSLv23
TLSOptions                 NoCertRequest NoSessionReuseRequired AllowClientRenegotiations
TLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile   /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient            off
TLSRequired                on
</IfModule>

With ssldump I see this after a successfull login:

    230 User andreas logged in
    ---------------------------------------------------------------
1 34 61.0096 (4.4745)  C>S  application_data
    ---------------------------------------------------------------
    FEAT
    ---------------------------------------------------------------
1 35 61.0111 (0.0015)  S>C  application_data
    ---------------------------------------------------------------
    211-Features:
     MDTM
     MFMT
     TVFS
     AUTH TLS
     UTF8
     MFF modify;UNIX.group;UNIX.mode;
     MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
     PBSZ
     PROT
     LANG it-IT;es-ES;zh-CN;en-US;ru-RU;fr-FR;zh-TW
     REST STREAM
     SIZE
    ---------------------------------------------------------------
1 36 61.0117 (0.0006)  S>C  application_data
    ---------------------------------------------------------------
    211 End
    ---------------------------------------------------------------
1 37 65.5082 (4.4964)  C>S  application_data
    ---------------------------------------------------------------
    PBSZ 0
    ---------------------------------------------------------------
1 38 65.5095 (0.0013)  S>C  application_data
    ---------------------------------------------------------------
    200 PBSZ 0 successful
    ---------------------------------------------------------------
1 39 69.2263 (3.7168)  C>S  application_data
    ---------------------------------------------------------------
    PROT P
    ---------------------------------------------------------------
1 40 69.2320 (0.0057)  S>C  application_data
    ---------------------------------------------------------------
    200 Protection set to Private
    ---------------------------------------------------------------
1 41 73.6404 (4.4083)  C>S  application_data
    ---------------------------------------------------------------
    PWD
    ---------------------------------------------------------------
1 42 73.6419 (0.0015)  S>C  application_data
    ---------------------------------------------------------------
    257 "/" is the current directory
    ---------------------------------------------------------------
1 43 78.0670 (4.4250)  C>S  application_data
    ---------------------------------------------------------------
    NOOP
    ---------------------------------------------------------------
1 44 78.0683 (0.0013)  S>C  application_data
    ---------------------------------------------------------------
    200 NOOP command successful
    ---------------------------------------------------------------
1 45 81.4609 (3.3926)  C>S  application_data
    ---------------------------------------------------------------
    CWD /
    ---------------------------------------------------------------
1 46 81.4627 (0.0017)  S>C  application_data
    ---------------------------------------------------------------
    250 CWD command successful
    ---------------------------------------------------------------
1 47 85.0136 (3.5509)  C>S  application_data
    ---------------------------------------------------------------
    PASV
    ---------------------------------------------------------------
1 48 85.0153 (0.0016)  S>C  application_data
    ---------------------------------------------------------------
    227 Entering Passive Mode (192,168,0,3,157,134).
    ---------------------------------------------------------------
1 49 90.6388 (5.6235)  C>S  application_data
    ---------------------------------------------------------------
    MLSD
    ---------------------------------------------------------------
1 50 90.6404 (0.0015)  S>C  application_data
    ---------------------------------------------------------------
    150 Opening ASCII mode data connection for MLSD
    ---------------------------------------------------------------
1 51 96.9419 (6.3015)  S>C  application_data
    ---------------------------------------------------------------
    425 Unable to build data connection: Die Operation ist nicht erlaubt
    ---------------------------------------------------------------

The tls.log says this:

Okt 23 15:57:47 mod_tls/2.4.3[13541]: using default OpenSSL verification locations (see
$SSL_CERT_DIR environment variable)
Okt 23 15:58:22 mod_tls/2.4.3[13541]: TLS/TLS-C requested, starting TLS handshake
Okt 23 15:58:29 mod_tls/2.4.3[13541]: client supports secure renegotiations
Okt 23 15:58:29 mod_tls/2.4.3[13541]: TLSv1/SSLv3 connection accepted, using cipher RC4-MD5 (128 bits)
Okt 23 15:58:49 mod_tls/2.4.3[13541]: Protection set to Private
Okt 23 15:59:10 mod_tls/2.4.3[13541]: starting TLS negotiation on data connection
Okt 23 15:59:17 mod_tls/2.4.3[13541]: TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
Okt 23 15:59:17 mod_tls/2.4.3[13541]: client did not reuse SSL session, rejecting data connection (see
the NoSessionReuseRequired TLSOptions parameter)
Okt 23 15:59:17 mod_tls/2.4.3[13541]: unable to open data connection: TLS negotiation failed

What' wrong? Allthough I set NoSessionReuseRequired in the TLSOptions, there is
this hint in the tls.log?

Greetings

  Andreas

------------------------------------------------------------------------------
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Ezsra McDonald | 22 Oct 20:51 2014
Picon

[Proftpd-user] CoreFTP implicit FTPS - SSLv3 disabled

We want to disable SSLv3 on our Proftpd server. However, after doing so Core-FTP clients are no longer able to connect via Implicit FTPS. Filezilla works just fine.


sslscan of the server shows the following ciphers are accepted:
    Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5



Core-FTP Error:

Connect socket #928 to 192.168.101.10, port 990...
SSL/TLS error - 0, SSL error - 5, error:00000005:lib(0):func(0):DH lib  
SSL Connection not established




The FTPS configuration is below:

# FTPS IMPLICIT MODE Configuration
#
LoadModule mod_tls.c
<IfModule mod_tls.c>
   #TLSProtocol            SSLv3 TLSv1
   TLSProtocol            TLSv1
   <VirtualHost  192.168.101.10>
        Port                    990
        ServerName              "FTPS Server"

       .......................

        TLSEngine on
        TLSLog /var/log/proftpd/proftpd-tls.log

        # Are clients required to use FTP over TLS when talking to this server?
        #TLSRequired on
        TLSRequired auth+data

        # Server's certificate
        TLSRSACertificateFile           /etc/pki/tls/certs/.........
        TLSRSACertificateKeyFile        /etc/pki/tls/certs/.........
        TLSCertificateChainFile         /etc/pki/tls/certs/.........

        # Authenticate clients that want to use FTP over TLS?
        TLSVerifyClient off
        #TLSVerifyClient on

        # Allow SSL/TLS renegotiations when the client requests them, but
        # do not force the renegotations.  Some clients do not support
        # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
        # clients will close the data connection, or there will be a timeout
        # on an idle data connection.
        TLSRenegotiate none

        #TLSCipherSuite              ALL:!ADH:!DES
        TLSCipherSuite               DEFAULT:!EXP:!LOW

        TLSOptions                   NoSessionReuseRequired UseImplicitSSL
   </VirtualHost>
</IfModule>
------------------------------------------------------------------------------
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Andreas Meyer | 19 Oct 15:29 2014

[Proftpd-user] Display Chdir has no effect

Hello!

I configured

DisplayLogin            /etc/proftpd/welcome.msg
DisplayChdir            /etc/proftpd/.message
DisplayQuit             /etc/proftpd/.quit

Yesterday DisplayChdir worked and was displayed everytime a directory
changed. Today it does not work anymore. Could it has something to do
that I installed MySQL-access for Proftpd?

DisplayLogin            /etc/proftpd/welcome.msg
DisplayQuit             /etc/proftpd/.quit

work just fine. I started proftpd in debug mode with proftpd -d9 -n
and proftpd -nd6 but there is nothing to see regarding DisplayChdir.

Greetings

  Andreas

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Andreas Meyer | 18 Oct 13:27 2014

[Proftpd-user] SQL question

Hello!

I setup proftpd to use MySQL and it is not clear to me, what the
coloumn count int(11) default NULL means.

I see this in den SQLLog:

....
Okt 18 13:18:20 mod_sql/4.3[12194]: cache miss for UID '0'
Okt 18 13:18:20 mod_sql/4.3[12194]: entering    mysql cmd_select
Okt 18 13:18:20 mod_sql/4.3[12194]: entering    mysql cmd_open
Okt 18 13:18:20 mod_sql/4.3[12194]: connection 'default' count is now 2
Okt 18 13:18:20 mod_sql/4.3[12194]: exiting     mysql cmd_open
Okt 18 13:18:20 mod_sql/4.3[12194]: query "SELECT username, password, uid, gid, homedir, shell FROM ftp
WHERE (uid = 0) LIMIT 1"
Okt 18 13:18:20 mod_sql/4.3[12194]: entering    mysql cmd_close
Okt 18 13:18:20 mod_sql/4.3[12194]: connection 'default' count is now 1
Okt 18 13:18:20 mod_sql/4.3[12194]: exiting     mysql cmd_close
Okt 18 13:18:20 mod_sql/4.3[12194]: exiting     mysql cmd_select
.....

Can someone explain?

  Andreas

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html


Gmane