proftpd 匿名用戶總是提示密碼驗證不過

proftpd 匿名用戶總是提示密碼驗證不過

系統是freebsd 6.2 , proftpd版本 ProFTPD Version 1.3.0，ports安裝的。

1、proftpd.conf


<Anonymous /home/ftp/upload>
   User                         ftp
   #Group                               ftp
  ### We want clients to be able to login with "anonymous" as well as "ftp"
   UserAlias                    anonymous ftp

  ### Limit the maximum number of anonymous logins
   MaxClients                   10

  ### We want 'welcome.msg' displayed at login, and '.message' displayed
  ### in each newly chdired directory.
   DisplayLogin                 welcome.msg
  # DisplayFirstChdir           .message

</Anonymous>


2、匿名用戶目錄


# ll | grep upload
drwxrwxrwt  3 root  operator   512B Dec 22 15:47 upload
#


3、匿名用戶名passwd

# pw usershow -a | grep ftp
ftp:*:14:5::0:0:Anonymous FTP Admin:/home/ftp:/nonexistent
#


4、錯誤日誌message


Dec 22 20:20:17 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:17 fbun proftpd: fbun.com - received SIGHUP -- master server rehashing configuration file
Dec 22 20:20:21 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:27 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:32 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:38 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:44 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:50 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:56 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:21:02 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:21:08 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.


5、實名用戶登錄、上傳下載均正常，日誌

Fri Dec 22 20:36:00 2006 0 201.201.201.72 2548 /home/zhaol/0906mac.txt a _ i r zhaol ftp 1 * c
Fri Dec 22 20:36:24 2006 0 201.201.201.72 3203 /home/zhaol/arp-mac.bat b _ i r zhaol ftp 1 * c
===========================
Mon Jan  1 16:22:25 2007 0 201.201.201.72 2548 /home/zhaol/0906mac.txt a _ o r zhaol ftp 1 * c


[ 本帖最後由 Ericzhao82 於 2007-1-4 16:41 編輯 ]

最好把proftpd.conf完整的貼出來，你這幾項有沒有添加呢？

RequireValidShell off


<Limit LOGIN>
    AllowUser ftp
    ...
    DenyAll
</Limit>



[ 本帖最後由 52BSD 於 2007-1-4 18:16 編輯 ]

原帖由 52BSD 於 2007-1-4 18:14 發表
最好把proftpd.conf完整的貼出來，你這幾項有沒有添加呢？

proftpd.conf



# cat proftpd.conf | grep -v '^#'

ServerName                      "ProFTPD Server By Zhao.L"
ServerType                      standalone
DefaultServer                   on
ScoreboardFile                  /var/run/proftpd.scoreboard

Port                            21

Umask                           022

MaxInstances                    30

User                            nobody
Group                           nogroup

DefaultRoot ~

AllowOverwrite          on

AllowRetrieveRestart on
AllowStoreRestart on

ServerIdent     off

<Limit SITE_CHMOD>
  DenyAll
</Limit>


<Anonymous /home/ftp/upload>
   User                         ftp
   #Group                               ftp
  ### We want clients to be able to login with "anonymous" as well as "ftp"
   UserAlias                    anonymous ftp

  ### Limit the maximum number of anonymous logins
   MaxClients                   10

  ### We want 'welcome.msg' displayed at login, and '.message' displayed
  ### in each newly chdired directory.
   DisplayLogin                 welcome.msg
  # DisplayFirstChdir           .message

  <Limit LOGIN>
    Order deny, allow
    AllowUser ftp
    DenyAll
  </Limit>

  ### Limit WRITE everywhere in the anonymous chroot
  # <Limit WRITE>
  #   DenyAll
  # </Limit>
</Anonymous>


加了limit login也不管用，日誌和昨天一樣，就不重複貼了


ericzhao@laptop:~$ ftp mypc.com
Connected to mypc.com.
220 201.201.201.183 FTP server ready
Name (mypc.com:ericzhao): anonymous
331 Anonymous login ok, send your complete email address as your password.
Password:
530 Login incorrect.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

我看了你的proftpd.conf，你再把RequireValidShell off 加到全局裡看一看,如果還不行，我中午用你的proftpd.conf在我的電腦上測試一下再說。

是驗證方面的錯誤:( 可惜找不到原因在哪裡。

加了RequireValidShell       off，重啟proftpd還是不行，錯誤依舊

我測試過了，如下註釋即可。

<Limit LOGIN>
   # Order deny, allow
    AllowUser ftp
    DenyAll
  </Limit>


或
<Limit LOGIN>
    Order allow, deny
    AllowUser ftp
    DenyAll
  </Limit>

[ 本帖最後由 52BSD 於 2007-1-5 18:09 編輯 ]

建議你加入


UseReverseDNS         off
IdentLookups          off



提高登陸速度

確實好了，多謝呀！

我還一直往PAM驗證方面找原因呢，謝謝

我在freebsd 6.1測試了，不行。麻請貼個完整的出來，謝謝！

#
# To have more informations about Proftpd configuration
# look at : http://www.proftpd.org/
#
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                        "ProFTPD Default Installation"
ServerType                        standalone
DefaultServer                        on
ScoreboardFile                        /var/run/proftpd.scoreboard

# Port 21 is the standard FTP port.
Port                                21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                                022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                        30

UseReverseDNS                          off
IdentLookups                         off
CommandBufferSize                512

# Set the user and group under which the server will run.
User                                nobody
Group                                nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite                on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#########################################################################
#                                                                       #
# Uncomment lines with only one # to allow basic anonymous access       #
#                                                                       #
#########################################################################

<Anonymous /var/ftp>
   User                                ftp
  # Group                        ftp

  ### We want clients to be able to login with "anonymous" as well as "ftp"
   UserAlias                        anonymous   ftp

  ### Limit the maximum number of anonymous logins
   MaxClients                        100

  ### We want 'welcome.msg' displayed at login, and '.message' displayed
  ### in each newly chdired directory.
   DisplayLogin                        welcome.msg
  # DisplayFirstChdir                .message

   <Limit LOGIN>
      # Order deny,allow
       AllowUser ftp
       DenyAll
   </Limit>
  ### Limit WRITE everywhere in the anonymous chroot
  # <Limit WRITE>
  #   DenyAll
  # </Limit>
</Anonymous>

[ 本帖最後由 zhang3784 於 2007-1-10 12:01 編輯 ]

我在freebsd 6.1測試了，不行。麻請貼個完整的出來，謝謝！


這個能夠通過的，你這個目錄「/var/ftp」和用戶ftp有沒有存在？

如果存在實名用戶，請把

RequireValidShell off

加上

請把錯誤貼出來.

[ 本帖最後由 52BSD 於 2007-1-10 14:35 編輯 ]

Tags: