proftpd 匿名用戶總是提示密碼驗證不過
系統是freebsd 6.2 , proftpd版本 ProFTPD Version 1.3.0,ports安裝的。
1、proftpd.conf
<Anonymous /home/ftp/upload>
User ftp
#Group ftp
### We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
### Limit the maximum number of anonymous logins
MaxClients 10
### We want 'welcome.msg' displayed at login, and '.message' displayed
### in each newly chdired directory.
DisplayLogin welcome.msg
# DisplayFirstChdir .message
</Anonymous>
2、匿名用戶目錄
# ll | grep upload
drwxrwxrwt 3 root operator 512B Dec 22 15:47 upload
#
3、匿名用戶名passwd
# pw usershow -a | grep ftp
ftp:*:14:5::0:0:Anonymous FTP Admin:/home/ftp:/nonexistent
#
4、錯誤日誌message
Dec 22 20:20:17 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:17 fbun proftpd: fbun.com - received SIGHUP -- master server rehashing configuration file
Dec 22 20:20:21 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:27 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:32 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:38 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:44 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:50 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:20:56 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:21:02 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
Dec 22 20:21:08 fbun proftpd: fbun.com (201.201.201.72) - PAM(ftp): authentication error.
5、實名用戶登錄、上傳下載均正常,日誌
Fri Dec 22 20:36:00 2006 0 201.201.201.72 2548 /home/zhaol/0906mac.txt a _ i r zhaol ftp 1 * c
Fri Dec 22 20:36:24 2006 0 201.201.201.72 3203 /home/zhaol/arp-mac.bat b _ i r zhaol ftp 1 * c
===========================
Mon Jan 1 16:22:25 2007 0 201.201.201.72 2548 /home/zhaol/0906mac.txt a _ o r zhaol ftp 1 * c
[ 本帖最後由 Ericzhao82 於 2007-1-4 16:41 編輯 ]
《解決方案》
最好把proftpd.conf完整的貼出來,你這幾項有沒有添加呢?
RequireValidShell off
<Limit LOGIN>
AllowUser ftp
...
DenyAll
</Limit>
[ 本帖最後由 52BSD 於 2007-1-4 18:16 編輯 ]
《解決方案》
原帖由 52BSD 於 2007-1-4 18:14 發表
最好把proftpd.conf完整的貼出來,你這幾項有沒有添加呢?
proftpd.conf
# cat proftpd.conf | grep -v '^#'
ServerName "ProFTPD Server By Zhao.L"
ServerType standalone
DefaultServer on
ScoreboardFile /var/run/proftpd.scoreboard
Port 21
Umask 022
MaxInstances 30
User nobody
Group nogroup
DefaultRoot ~
AllowOverwrite on
AllowRetrieveRestart on
AllowStoreRestart on
ServerIdent off
<Limit SITE_CHMOD>
DenyAll
</Limit>
<Anonymous /home/ftp/upload>
User ftp
#Group ftp
### We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
### Limit the maximum number of anonymous logins
MaxClients 10
### We want 'welcome.msg' displayed at login, and '.message' displayed
### in each newly chdired directory.
DisplayLogin welcome.msg
# DisplayFirstChdir .message
<Limit LOGIN>
Order deny, allow
AllowUser ftp
DenyAll
</Limit>
### Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE>
# DenyAll
# </Limit>
</Anonymous>
加了limit login也不管用,日誌和昨天一樣,就不重複貼了
ericzhao@laptop:~$ ftp mypc.com
Connected to mypc.com.
220 201.201.201.183 FTP server ready
Name (mypc.com:ericzhao): anonymous
331 Anonymous login ok, send your complete email address as your password.
Password:
530 Login incorrect.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
《解決方案》
我看了你的proftpd.conf,你再把RequireValidShell off 加到全局裡看一看,如果還不行,我中午用你的proftpd.conf在我的電腦上測試一下再說。
《解決方案》
是驗證方面的錯誤:( 可惜找不到原因在哪裡。
加了RequireValidShell off,重啟proftpd還是不行,錯誤依舊
《解決方案》
我測試過了,如下註釋即可。
<Limit LOGIN>
# Order deny, allow
AllowUser ftp
DenyAll
</Limit>
或
<Limit LOGIN>
Order allow, deny
AllowUser ftp
DenyAll
</Limit>
[ 本帖最後由 52BSD 於 2007-1-5 18:09 編輯 ]
《解決方案》
建議你加入
UseReverseDNS off
IdentLookups off
提高登陸速度
《解決方案》
確實好了,多謝呀!
我還一直往PAM驗證方面找原因呢,謝謝
《解決方案》
我在freebsd 6.1測試了,不行。麻請貼個完整的出來,謝謝!
#
# To have more informations about Proftpd configuration
# look at : http://www.proftpd.org/
#
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
ScoreboardFile /var/run/proftpd.scoreboard
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
UseReverseDNS off
IdentLookups off
CommandBufferSize 512
# Set the user and group under which the server will run.
User nobody
Group nogroup
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#########################################################################
# #
# Uncomment lines with only one # to allow basic anonymous access #
# #
#########################################################################
<Anonymous /var/ftp>
User ftp
# Group ftp
### We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
### Limit the maximum number of anonymous logins
MaxClients 100
### We want 'welcome.msg' displayed at login, and '.message' displayed
### in each newly chdired directory.
DisplayLogin welcome.msg
# DisplayFirstChdir .message
<Limit LOGIN>
# Order deny,allow
AllowUser ftp
DenyAll
</Limit>
### Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE>
# DenyAll
# </Limit>
</Anonymous>
[ 本帖最後由 zhang3784 於 2007-1-10 12:01 編輯 ]
《解決方案》
我在freebsd 6.1測試了,不行。麻請貼個完整的出來,謝謝!
這個能夠通過的,你這個目錄「/var/ftp」和用戶ftp有沒有存在?
如果存在實名用戶,請把
RequireValidShell off
加上
請把錯誤貼出來.
[ 本帖最後由 52BSD 於 2007-1-10 14:35 編輯 ]