headers
Hal | 1 Jun 2005 02:50
Favicon

Re: [Proftpd-user] Can't list or get?!

Well, your input got me going and I finally tracked it down to a  
combination of several firewall settings/issues on the client side.   
Proftpd works just fine!!!    Thanks for responding.  It was helpful.

On May 31, 2005, at 9:28 AM, TJ Saunders wrote:

>
>
>> Here is the debug info from the server log for when it dies.
>>
>> server1 (64.81.64.38[64.81.64.38]) - dispatching PRE_CMD command
>> 'LIST' to mod_core
>> server1 (64.81.64.38[64.81.64.38]) - dispatching PRE_CMD command
>> 'LIST' to mod_core
>> server1 (64.81.64.38[64.81.64.38]) - dispatching CMD command 'LIST'
>> to mod_ls
>> server1 (64.81.64.38[64.81.64.38]) - ROOT PRIVS: ID switching  
>> disabled
>> server1 (64.81.64.38[64.81.64.38]) - ROOT PRIVS: ID switching  
>> disabled
>> server1 (64.81.64.38[64.81.64.38]) - dispatching LOG_CMD_ERR command
>> 'LIST' to mod_log
>> server1 (64.81.64.38[64.81.64.38]) - dispatching LOG_CMD_ERR command
>> 'LIST' to mod_ls
>> (A longer snip from the log is included at the end.)
>>
>> And, here is what the client OS X 10.4 tells me"
>>
>> ftp> ls
>> 425 Unable to build data connection: Invalid argument
(Continue reading)

Permalink | Reply | 2 comments |
headers
Greg G | 1 Jun 2005 16:54

[Proftpd-user] radius authenication still not working...


OK.  I managed finally to figure out the problem I was having with the 
radius log file not being generated.  I'm still having a problem, 
though.  The RadiusLog is showing me this:

Jun 01 10:48:52 mod_radius/0.8rc2[13951]: sending auth request packet
Jun 01 10:48:52 mod_radius/0.8rc2[13951]: sending packet to 
192.168.250.105:1812
Jun 01 10:48:52 mod_radius/0.8rc2[13951]: receiving auth response packet
Jun 01 10:48:52 mod_radius/0.8rc2[13951]: packet receive succeeded
Jun 01 10:48:52 mod_radius/0.8rc2[13951]: verifying packet
Jun 01 10:48:52 mod_radius/0.8rc2[13951]: authentication successful for 
user 'ggtest103'

but my ftp client says this:
# ftp localhost
Connected to localhost.
220 ProFTPD 1.3.0rc1 Server (ProFTPD Default Installation) [127.0.0.1]
Name (localhost:ggersh): ggtest103
331 Password required for ggtest103.
Password:
530 Login incorrect.
Login failed.
Remote system type is UNIX.
Using ascii mode to transfer files.
ftp>

   What can I look at to figure out why the client isn't getting the 
good authentication?
(Continue reading)

Permalink | Reply | 16 comments |
headers
TJ Saunders | 1 Jun 2005 17:50

Re: [Proftpd-user] mod_sql and unusual passwords


> We are trying to integrate this with mod_sql and mod_sql_mysql, but
> can't find a way to have the entered password hashed to this value
> to test it, or to come up with any other solution to integrate with
> ProFTPD.  Here are our thoughts, and we would appreciate any thoughts
> about how to implement these or any better solutions:

This may be of interest:

  http://bugs.proftpd.org/show_bug.cgi?id=2368

Note that I think a normal auth module can be written for proftpd, without
requiring the extension of mod_sql's API, for this sort of thing.

Hope this helps,
TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   The night has a thousand eyes,
    And the day but one;
   Yet the light of the bright world dies,
    With the dying sun.

   The mind has a thousand eyes,
    And the heart but one;
   Yet the light of a whole life dies,
    When love is done.

   	-F.W. Bourdillon
(Continue reading)

Permalink | Reply | 2 comments |
headers
TJ Saunders | 1 Jun 2005 18:57

Re: [Proftpd-user] Can't list or get?!


> Well, your input got me going and I finally tracked it down to a
> combination of several firewall settings/issues on the client side.
> Proftpd works just fine!!!    Thanks for responding.  It was helpful.

For the benefit of the readers of this list, what were the client and
firewall changes you ended up having to make?

Cheers,
TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Liberty, too, must be limited in order to be possessed.

   	-Edmund Burke

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
(Continue reading)

Permalink | Reply | 1 comment |
headers
TJ Saunders | 1 Jun 2005 19:10

Re: [Proftpd-user] radius authenication still not working...


> OK.  I managed finally to figure out the problem I was having with the
> radius log file not being generated.

What was the issue, and the solution?

> I'm still having a problem, though.  The RadiusLog is showing me this:
>
> Jun 01 10:48:52 mod_radius/0.8rc2[13951]: sending auth request packet
> Jun 01 10:48:52 mod_radius/0.8rc2[13951]: sending packet to
> 192.168.250.105:1812
> Jun 01 10:48:52 mod_radius/0.8rc2[13951]: receiving auth response packet
> Jun 01 10:48:52 mod_radius/0.8rc2[13951]: packet receive succeeded
> Jun 01 10:48:52 mod_radius/0.8rc2[13951]: verifying packet
> Jun 01 10:48:52 mod_radius/0.8rc2[13951]: authentication successful for
> user 'ggtest103'

Does your server debugging output look the same, or does it look different
now?  At debug level 9?

> Also, I'm still trying to find a sample config for how I tell the ftp
> server what the directory is for any given user.

The starting directory for every user is their home directory, by default.

> That is, how do I *really* use RadiusUserInfo and can I get that
> information from the radius attributes?

This depends on your RADIUS server, what attributes it supports, etc.
(Continue reading)

Permalink | Reply | 15 comments |
headers
Greg G | 1 Jun 2005 20:25

Re: [Proftpd-user] radius authenication still not working...

TJ Saunders wrote:

>>OK.  I managed finally to figure out the problem I was having with the
>>radius log file not being generated.
>>    
>>
>
>What was the issue, and the solution?
>
>  
>
   I had "RadiusLog file /var/log/ftpradius" in there.  The "file" was 
an invalid token, but I never saw a message to the effect that I have 
RadiusLog too many tokens.

>>I'm still having a problem, though.  The RadiusLog is showing me this:
>>
>>Jun 01 10:48:52 mod_radius/0.8rc2[13951]: sending auth request packet
>>Jun 01 10:48:52 mod_radius/0.8rc2[13951]: sending packet to
>>192.168.250.105:1812
>>Jun 01 10:48:52 mod_radius/0.8rc2[13951]: receiving auth response packet
>>Jun 01 10:48:52 mod_radius/0.8rc2[13951]: packet receive succeeded
>>Jun 01 10:48:52 mod_radius/0.8rc2[13951]: verifying packet
>>Jun 01 10:48:52 mod_radius/0.8rc2[13951]: authentication successful for
>>user 'ggtest103'
>>    
>>
>
>Does your server debugging output look the same, or does it look different
>now?  At debug level 9?
(Continue reading)

Permalink | Reply | 14 comments |
headers
TJ Saunders | 1 Jun 2005 21:10

Re: [Proftpd-user] radius authenication still not working...


>    I had "RadiusLog file /var/log/ftpradius" in there.  The "file" was
> an invalid token, but I never saw a message to the effect that I have
> RadiusLog too many tokens.

>    Interestingly, proftpd says this:
>
> mothra.int.ctc.net (localhost[127.0.0.1]) - dispatching auth request
> "getpwnam" to module mod_auth_unix
> mothra.int.ctc.net (localhost[127.0.0.1]) - no such user 'ggtest103'
> mothra.int.ctc.net (localhost[127.0.0.1]) - USER ggtest103: no such user
> found from localhost [127.0.0.1] to 127.0.0.1:21
> mothra.int.ctc.net (localhost[127.0.0.1]) - dispatching POST_CMD_ERR
> command 'PASS (hidden)' to mod_delay
> mothra.int.ctc.net (localhost[127.0.0.1]) - mod_delay/0.4: selecting
> median interval from 19 values

Does the debugging output show anything above, anything like:

  dispatching auth request "getpwnam" to module mod_radius

>    Ummm.  Hmmm.  I can put in whatever attributes I want to my Radius
> server, I've got the ones that I expect to be useful, uid, gid, homedir,
> etc.  How to I tell proftpd to actaully get them from the radius server
> (assuming I can get it to do the authentication.)

The RadiusUserInfo directive would look something like:

  RadiusUserInfo $(123:100) $(124:100) $(125:/tmp) $(126:/bin/bash)
(Continue reading)

Permalink | Reply | 13 comments |
headers
Sebastian Fischmeister | 1 Jun 2005 21:11
Favicon

[Proftpd-user] limiting the bandwidth

Hello.

   I use proftpd to run an ftp server with a limited bandwith. Now I  
would like to do it a little more dynamic. So whenever nobody in the  
subnet is online, I swap the configuration files and restart the ftp  
daemon. However, this does not affect the bandwith limits of open  
connections. Is there a way to also affect those connections.

Thanks,
   Sebastian

-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 2 comments |
headers
Greg G | 1 Jun 2005 22:17

Re: [Proftpd-user] radius authenication still not working...

TJ Saunders wrote:

>>   I had "RadiusLog file /var/log/ftpradius" in there.  The "file" was
>>an invalid token, but I never saw a message to the effect that I have
>>RadiusLog too many tokens.
>>    
>>
>
>  
>
>>   Interestingly, proftpd says this:
>>
>>mothra.int.ctc.net (localhost[127.0.0.1]) - dispatching auth request
>>"getpwnam" to module mod_auth_unix
>>mothra.int.ctc.net (localhost[127.0.0.1]) - no such user 'ggtest103'
>>mothra.int.ctc.net (localhost[127.0.0.1]) - USER ggtest103: no such user
>>found from localhost [127.0.0.1] to 127.0.0.1:21
>>mothra.int.ctc.net (localhost[127.0.0.1]) - dispatching POST_CMD_ERR
>>command 'PASS (hidden)' to mod_delay
>>mothra.int.ctc.net (localhost[127.0.0.1]) - mod_delay/0.4: selecting
>>median interval from 19 values
>>    
>>
>
>Does the debugging output show anything above, anything like:
>
>  dispatching auth request "getpwnam" to module mod_radius
>
>  
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Hal | 1 Jun 2005 22:49
Favicon

Re: [Proftpd-user] Can't list or get?!

There were two errors in network configurations that prevented the  
set up of an "active" data connection which is the only kind of  
connection the ISP would allow me to use.

The first error was that statefull packet inspection was turned off  
in my router/firewall which allowed local (e.g. 10.0.1.x) addresses  
to be sent in the port commands.   These commands were then rejected  
by proftpd since they didn't match the real ip used to set up the  
connection.

After that was fixed, the transfers just hung after a request was  
"accepted".  This turned out to be caused by the firewall built into  
OS X being left on after a trip.  The client's (OS X) firewall didn't  
allow an incoming connection.  Once this firewall was turned off,  
everything worked fine.  Interestingly, the data connection didn't  
work with the client firewall turned on and ftp enabled, but I didn't  
investigate why.  Probably due to port forwarding of ftp on the  
router to a server on the local net.

Hope this helps.   Hal

On Jun 1, 2005, at 9:57 AM, TJ Saunders wrote:

>
>
>> Well, your input got me going and I finally tracked it down to a
>> combination of several firewall settings/issues on the client side.
>> Proftpd works just fine!!!    Thanks for responding.  It was helpful.
>>
>
(Continue reading)

Permalink | Reply | 0 comments |

Gmane