Proftpd with mod_ldap do not work as expected
From: YesBalala (root_at_10.0.0.1)
Date: Wed, 12 May 2004 18:29:01 GMT
I am trying to setup proftpd 1.2.9 to work with LDAP authentication,
but found that it cannot co-exist with local authentication.
I have compiled proftpd with mod_ldap and mod_auth_pam, and have the
following entries in proftpd.conf,
>AuthOrder mod_auth_unix.c mod_ldap.c
>LDAPDNInfo "xxx" "yyy/"
>LDAPDoAuth on "xxx"
>LDAPDoUIDLookups on "xxx"
>LDAPDoGIDLookups on "xxx"
With the above, local account can ftp while LDAP accounts will result
in the following,
>530 Login incorrect.
If I comment out AuthOrded, then LDAP accounts will work, while local
account will result in the following, even before the password prompt,
>421 Service not available, remote server has closed connection
>No control connection for command: No such file or directory
I've also tried to enable AuthPAM (which should not be needed, right?)
># This enables or disables the PAM authentication module.
># The default is 'on'.
># This is the PAM configuration file that will be referenced when
># authenticating. It can be set globally and/or per VirtualHost.
># The default is 'ftp'.
and have the following contents under /etc/pam.d/ftp.
>auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
>auth required pam_pwdb.so shadow nullok
>account required pam_pwdb.so
>password required pam_pwdb.so
>session required pam_pwdb.so
but the result is the same.
The bottom line is that I can use only local authentication or LDAP
authentication, but not both. Other login service, such as ssh, sftp
and su, are working fine. My OS is RedHat Linux Advance Server 3.
Any idea why?
-- Due to heavy spamming, I was forced to use an invalid reply address. Do NOT reply to this posting via email directly.