MOLLE Thomas | 27 Mar 10:37 2015

[Proftpd-user] unable to create namebind for No such file or directory

Hello guys,

 

I encounter an error when launching proftpd 1.3.5 with my sftp vhost on Solaris 9 SPARC.

Following the error :

 

2015-03-26 16:36:55,974 myhost proftpd[1712] 192.168.0.224: unable to create namebind for 'myhost' to 192.168.0.224#2222: No such file or directory

 

I have no more information when the debug mode is enabled.

sftp seems to works correctly.

 

Anyone have an idea? Or where search for?

 

Thx for your help.

 

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Tim Dunphy | 16 Mar 17:36 2015
Picon

[Proftpd-user] Error: Failed to retrieve directory listing

Hello list,

I am getting a failure to list a directory using proftpd:

Error:         Failed to retrieve directory listing

It seems like it may be a passive ports issue. However I have both the masquerade address and passive ports enabled in the config:

[root <at> web1:~] #egrep -i "masquerade|passive" /etc/proftpd.conf

MasqueradeAddress               web1.jokefire.com

  PassivePorts                  65435 65535

And the firewall has been opened for both port 21 as well as the passive ports you see listed here. 

I'm using proftpd version 1.3.5

I'm including my full proftpd.conf below:


ServerName                      "JF web1 ProFTPD server"

ServerIdent                     on "Jokefire web1 FTP Server ready."

ServerAdmin                     bluethundr <at> jokefire.com

DefaultServer                   on

DefaultRoot                     /var/www

MasqueradeAddress               web1.jokefire.com



<IfModule mod_vroot.c>

VRootEngine                     off

VRootAlias                      /etc/security/pam_env.conf /etc/security/pam_env.conf

</IfModule>


  LogFormat                     default "%h %l %u %t \"%r\" %s %b"

  LogFormat                     auth    "%v [%P] %h %t \"%r\" %s"




UseReverseDNS                   off


User                            nobody

Group                           nobody



MaxInstances                    20


UseSendfile                     off


 LoadModule mod_sql.c

 LoadModule mod_sql_mysql.c



 LoadModule mod_quotatab.c



 LoadModule mod_quotatab_sql.c



<IfDefine TLS>

  TLSEngine                     on

  TLSRequired                   on

  TLSRSACertificateFile         /etc/pki/tls/certs/proftpd.pem

  TLSRSACertificateKeyFile      /etc/pki/tls/certs/proftpd.pem

  TLSCipherSuite                ALL:!ADH:!DES

  TLSOptions                    NoCertRequest

  TLSVerifyClient               off

  TLSLog                        /var/log/proftpd/tls.log

  <IfModule mod_tls_shmcache.c>

    TLSSessionCache             shm:/file=/var/run/proftpd/sesscache

  </IfModule>

</IfDefine>


<IfDefine DYNAMIC_BAN_LISTS>

  LoadModule                    mod_ban.c

  BanEngine                     on

  BanLog                        /var/log/proftpd/ban.log

  BanTable                      /var/run/proftpd/ban.tab


  BanOnEvent                    MaxLoginAttempts 2/00:10:00 01:00:00


  BanControlsACLs               all allow user ftpadm

</IfDefine>


<Global>


  Umask                         022

  PassivePorts                  65435 65535



  AllowOverwrite                yes

  <Limit ALL SITE_CHMOD>

    AllowAll

  </Limit>




 SQLAuthTypes            Plaintext Crypt

 SQLAuthenticate         users groups


 SQLConnectInfo  ftp <at> localhost proftpd Duk30fZh0u


 SQLUserInfo     ftpuser userid passwd uid gid homedir shell


 SQLGroupInfo    ftpgroup groupname gid members


 SQLGroupInfo    ftpgroup groupname gid members


 SQLMinID        500


 SQLLog PASS updatecount

 SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser


 SQLLog  STOR,DELE modified

 SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser


 QuotaEngine on

 QuotaDirectoryTally on

 QuotaDisplayUnits Mb

 QuotaShowQuotas on

 QuotaLog   /home/bluethundr/proftpd.quota.log


 SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"


 SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"


 SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies


 SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies


 SQLLogFile                     /var/log/proftpd/proftpd.sql.log


 QuotaLimitTable sql:/get-quota-limit

 QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally


 RootLogin off

 RequireValidShell off


</Global>


I'm including verbose log entries as an attachment. Can someone please give some advice on how to solve this problem?


Thanks,
Tim



--
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

Attachment (logs): application/octet-stream, 28 KiB
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
ekodo | 17 Feb 14:06 2015
Picon

[Proftpd-user] How to add a user to mysql with SQLPasswordPBKDF2

Hello,

is there a script or something to add new users with PBKDF2 Support?

If have the following settings in my config (example):

   SQLAuthTypes pbkdf2
   SQLPasswordPBKDF2 sha512 5000 32
   SQLPasswordSaltFile /etc/proftpd/proftpd.salt

And now i don`t know how i add a user with the correct data into my 
mysql table ...

Is there any documentation on this part? Or a tutorial/example?

thank you! :)

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Stefano Radaelli | 17 Feb 10:19 2015
Picon

[Proftpd-user] Usage of mod_exec with <IfUser> statement

Is there a way to enable the module 'mod_exec' only with a certain user?

I've compiled proftp with --with-modules=mod_exec:mod_ifsession and
then configured in this way...

<IfModule mod_exec.c>
    <IfUser stefano>
        ExecEngine on
        ExecLog /opt/proftpd-master/logs/proftpd_mod_exec.log
        ExecOptions logStderr logStdout
        ExecBeforeCommand STOR,RETR /path/to/script.sh
EVENT=BeforeCommand FILE='%f'
        ExecOnCommand STOR,RETR /path/to/script.sh EVENT=OnCommand FILE='%f'
    </IfUser>
</IfModule>

or this:

<IfUser stefano>
    <IfModule mod_exec.c>
        ExecEngine on
        ExecLog /opt/proftpd-master/logs/proftpd_mod_exec.log
        ExecOptions logStderr logStdout
        ExecBeforeCommand STOR,RETR /path/to/handler.sh
EVENT=BeforeCommand FILE='%f'
        ExecOnCommand STOR,RETR /path/to/handler.sh EVENT=OnCommand FILE='%f'
    </IfModule>
</IfUser>

without success. Seems that mod_exec works only if configured outside
the conditional statement.

My goal is to enable mod_exec only for user 'stefano' (for example)
and/or to have several mod_exec configuration accordingly with each
user configured.

Any suggestion?

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

gpeel | 15 Feb 15:15 2015

[Proftpd-user] sftp - anonymous connections

Hi all,

Does anyone have a later version of proftpd with a working anonymous setup WITH mod_sftp compiled in?

-G

Sent from Windows Mail

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Dieter Bloms | 11 Feb 16:58 2015
Picon

[Proftpd-user] use homedir in SQLNamedQuery for SQLLog EXIT ?

Hello,

I use proftpd-1.3.4e with a backend mysql server.
It works good for authentication.
The homedir variable is assigned dynamicly during the login, so it is
different for each login of the same user.

Now I want to execute a SQL statement with the homedir of the user, when
the user does a logout.
This is needed to trigger some further processing of the uploaded files.

Is this possible ?

I can't find any complete list of variablenames like %U and %d for the
SQLNamedQuery.

-- 
Gruß

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Oli Kessler | 4 Feb 15:47 2015
Picon

[Proftpd-user] Fatal: unable to open incoming connection: Transport endpoint is not connected

Hi all,

We are seeing strange log entries recently:

  proftpd[31071]: 192.168.22.104 - Fatal: unable to open incoming connection: Transport endpoint is not connected

This happens when we scan the server with "nmap -sT SERVER" from a fast client, it does however not happen
when being scanned from a slow client or a virtual machine.

Other software (i.e. https://zeromq.jira.com/browse/LIBZMQ-585 or
https://code.google.com/p/pyftpdlib/issues/detail?id=100) say that this is a kind of race
condition  "since the connection is closing before we can get the peername with getpeername()" and only
nmap or similar software is able to close the TCP connection so fast.

The customer thinks that the performance of the server is affected (i.e. normal clients fail to establish a
session) when being scanned

1: As this is a fatal error, our logs are filled with it - we seem to be scanned very often recently. 
   Is there a way to prevent this from being logged at all?

2: Does it affect client limits by IP? I assume this in a very early stage of the protocol handshake
   and thus no client address is even present to work on with mod_limit/mod_ban/..

Cheers,
-ok

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

angeldead95 . | 2 Feb 15:48 2015
Picon

[Proftpd-user] admin global password

Hi, Everyone

I have 3 dedicated servers and lot of clients on them. 
I want to know is there a way to put an admin global password. So every user can have own password (that only my clients see for your own user, which is stored in /etc/passwd and /etc/shadow) and another password "admin global password" that my support will see. 
So when client request something from support, client don't have to tell support own password. And I don't have to change all users password when I fired someone from support team.

Sorry for bad english.
Thanks in advance.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
gpeel | 2 Feb 15:34 2015

[Proftpd-user] Anonymouse broken +sftp

I sent this earlier this week, appears it did not send…

Hi all,

We have been using proftpd for many years and has served us well. Recently, we decided to start making the move to sftp.
Near the end of December, I recompiled our proftpd daemon enabling the sftp module.
We run FreeBSD 8.0 , 9.1 and 9.3, and have compiled proftpd from ports.
Enabling the sftp module was not available through ‘make config’ so I simply added the module to the Makefile.

example in port Makefile

# Always built modules
MODULES+=       mod_ban \
                              …
                             mod_sftp \
                             …

Everything compiled and installed and worked, no issues.

However, I found that even with everything to do with sftp commented out in the config file, the new daemon has a broken anonymous functionality. I will include a full config below.

What happens now, is that when a VirtualHost / Anonymous container exists, even an authenticated user (for that virtual host) logs in, it treat them as anonymous. I have seen some info in this mail list from back in 2009/10 so I figured the bugfix would be included on the version we are using. Or am I missing something?
When I remark out the <VirtualHost>, the user will then be treated correctly and will have all access to his filesspace back.

Again, this issue happens even with sftp turned off, it only started when we compiled in the sftp module.

Any thoughts / hints would be appreciated.

Here is our proftpd.conf:

ServerName                      "ProFTPD mydomain Daemon"
# LoadModule                    mod_sftp.c
ServerType                      standalone
DefaultServer                   on
ScoreboardFile                  /var/run/proftpd/proftpd.scoreboard
ServerAdmin                     me <at> mydomain.com
PidFile                         /var/run/proftpd.pid
Port                            21
MaxInstances                    30
UseReverseDNS                   off
IdentLookups                    off
UseIPv6                         off

<Global>
User                            nobody
Group                           nogroup
DefaultChdir                    ~
DefaultRoot                     ~
Umask                           022
TimesGMT                        off
PassivePorts                    1025 2048
AllowOverwrite                  off
ExtendedLog /var/log/proftpd.log
RequireValidShell               off
RootLogin                       off
AllowStoreRestart               off
SyslogLevel debug
AllowRetrieveRestart            off
AllowOverride                   off
RootRevoke                      on
</Global>

<Directory /*>
  AllowOverwrite                on
</Directory>

#<IfModule mod_sftp.c>
# SFTPEngine on
# SFTPLog /var/log/secureftp.log
# SFTPAuthMethods password
# SFTPMaxChannels 3
# SFTPClientAlive 4 15
# SFTPDisplayBanner /usr/local/etc/proftp-sftp-banner.txt
# SFTPOptions IgnoreSCPUploadPerms IgnoreSFTPSetPerms
# SFTPTrafficPolicy high
# Port 2222
# SFTPHostKey /etc/ssl/private/wildcard.mydomain.com.key
#</IfModule>

#########################################################################
# Uncomment lines with only one # to allow basic anonymous access       #
# IP address inside container will need to be updated as well.          #
#########################################################################

 <VirtualHost nnn.nnn.nnn.nnn>
  <Anonymous ~/ftp>
    User unixuser
    Group unixgroup
    AllowOverwrite on
    UserAlias anonymous unixuser
    AuthAliasOnly on
    AnonRequirePassword off
    RequireValidShell off
    <Directory *>
      <Limit WRITE>
        DenyAll
      </Limit>
    </Directory>
   <Directory incoming/*>
      <Limit STOR>
        AllowAll
      </Limit>
      <Limit WRITE DIRS READ>
        DenyAll
      </Limit>
      <Limit CWD XCWD CDUP>
        AllowAll
      </Limit>
    </Directory>
  </Anonymous>
 </VirtualHost>

-G


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Robin Kearney | 2 Feb 11:07 2015

[Proftpd-user] New release schedule

Hi,

I’ve noticed a couple of things which have been fixed in master which I’d like to push into our
production environment. Is there a new release of ProFTPd scheduled for some point or should I go with master?

r.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
gpeel | 31 Jan 16:45 2015

[Proftpd-user] proFTPd 1.3.4d Anon + sftpand

Hi all,

We have been using proftpd for many years and has served us well. Recently, we decided to start making the move to sftp.
Near the end of December, I recompiled our proftpd daemon enabling the sftp module.
We run FreeBSD 8.0 , 9.1 and 9.3, and have compiled proftpd from ports.
Enabling the sftp module was not available through ‘make config’ so I simply added the module to the Makefile.

example in port Makefile

# Always built modules
MODULES+=       mod_ban \
                              …
                             mod_sftp \
                             …

Everything compiled and installed and worked, no issues.

However, I found that even with everything to do with sftp commented out in the config file, the new daemon has a broken anonymous functionality. I will include a full config below.

What happens now, is that when a VirtualHost / Anonymous container exists, even an authenticated user (for that virtual host) logs in, it treat them as anonymous. I have seen some info in this mail list from back in 2009/10 so I figured the bugfix would be included on the version we are using. Or am I missing something?
When I remark out the <VirtualHost>, the user will then be treated correctly and will have all access to his filesspace back.

Again, this issue happens even with sftp turned off, it only started when we compiled in the sftp module.

Any thoughts / hints would be appreciated.

Here is our proftpd.conf:

ServerName                      "ProFTPD mydomain Daemon"
# LoadModule                    mod_sftp.c
ServerType                      standalone
DefaultServer                   on
ScoreboardFile                  /var/run/proftpd/proftpd.scoreboard
ServerAdmin                     me <at> mydomain.com
PidFile                         /var/run/proftpd.pid
Port                            21
MaxInstances                    30
UseReverseDNS                   off
IdentLookups                    off
UseIPv6                         off

<Global>
User                            nobody
Group                           nogroup
DefaultChdir                    ~
DefaultRoot                     ~
Umask                           022
TimesGMT                        off
PassivePorts                    1025 2048
AllowOverwrite                  off
ExtendedLog /var/log/proftpd.log
RequireValidShell               off
RootLogin                       off
AllowStoreRestart               off
SyslogLevel debug
AllowRetrieveRestart            off
AllowOverride                   off
RootRevoke                      on
</Global>

<Directory /*>
  AllowOverwrite                on
</Directory>

#<IfModule mod_sftp.c>
# SFTPEngine on
# SFTPLog /var/log/secureftp.log
# SFTPAuthMethods password
# SFTPMaxChannels 3
# SFTPClientAlive 4 15
# SFTPDisplayBanner /usr/local/etc/proftp-sftp-banner.txt
# SFTPOptions IgnoreSCPUploadPerms IgnoreSFTPSetPerms
# SFTPTrafficPolicy high
# Port 2222
# SFTPHostKey /etc/ssl/private/wildcard.mydomain.com.key
#</IfModule>

#########################################################################
# Uncomment lines with only one # to allow basic anonymous access       #
# IP address inside container will need to be updated as well.          #
#########################################################################

 <VirtualHost nnn.nnn.nnn.nnn>
  <Anonymous ~/ftp>
    User unixuser
    Group unixgroup
    AllowOverwrite on
    UserAlias anonymous unixuser
    AuthAliasOnly on
    AnonRequirePassword off
    RequireValidShell off
    <Directory *>
      <Limit WRITE>
        DenyAll
      </Limit>
    </Directory>
   <Directory incoming/*>
      <Limit STOR>
        AllowAll
      </Limit>
      <Limit WRITE DIRS READ>
        DenyAll
      </Limit>
      <Limit CWD XCWD CDUP>
        AllowAll
      </Limit>
    </Directory>
  </Anonymous>
 </VirtualHost>

-G
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Gmane