Proftpd with mod_ldap do not work as expected

From: YesBalala (root_at_10.0.0.1)
Date: 05/12/04

  • Next message: Norm Dresner: "Re: Q re: mount/umount" 
    Date: Wed, 12 May 2004 18:29:01 GMT

    I am trying to setup proftpd 1.2.9 to work with LDAP authentication,
    but found that it cannot co-exist with local authentication.

    I have compiled proftpd with mod_ldap and mod_auth_pam, and have the
    following entries in proftpd.conf,

    >AuthOrder mod_auth_unix.c mod_ldap.c
    >LDAPServer xxx
    >LDAPDNInfo "xxx" "yyy/"
    >LDAPDoAuth on "xxx"
    >LDAPDoUIDLookups on "xxx"
    >LDAPDoGIDLookups on "xxx"
    >LDAPNegativeCache on
    >LDAPHomedirOnDemand on

    With the above, local account can ftp while LDAP accounts will result
    in the following,

    >530 Login incorrect.
    >Login failed.

    If I comment out AuthOrded, then LDAP accounts will work, while local
    account will result in the following, even before the password prompt,

    >421 Service not available, remote server has closed connection
    >Login failed.
    >No control connection for command: No such file or directory

    I've also tried to enable AuthPAM (which should not be needed, right?)
    as follows,

    ># This enables or disables the PAM authentication module.
    ># The default is 'on'.
    >AuthPAM on
    >
    ># This is the PAM configuration file that will be referenced when
    ># authenticating. It can be set globally and/or per VirtualHost.
    ># The default is 'ftp'.
    >AuthPAMConfig ftp

    and have the following contents under /etc/pam.d/ftp.

    >#%PAM-1.0
    >auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
    >auth required pam_pwdb.so shadow nullok
    >account required pam_pwdb.so
    >password required pam_pwdb.so
    >session required pam_pwdb.so

    but the result is the same.

    The bottom line is that I can use only local authentication or LDAP
    authentication, but not both. Other login service, such as ssh, sftp
    and su, are working fine. My OS is RedHat Linux Advance Server 3.

    Any idea why?

    Thanks,
    Bosco

    Bosco 

    --
Due to heavy spamming, I was forced to use an invalid reply address.
Do NOT reply to this posting via email directly.
  • Next message: Norm Dresner: "Re: Q re: mount/umount"

    Relevant Pages

    • LDAP Weirdness (Solaris 9)
      ... I'm having a very odd problem with LDAP authentication on a Solaris 9 ... The LDAP server is running OpenLDAP with a self-signed ... that you would expect for an account that doesn't exist. ...
      (comp.unix.solaris)
    • Proftpd with mod_ldap do not work as expected
      ... I am trying to setup proftpd 1.2.9 to work with LDAP authentication, ... local account can ftp while LDAP accounts will result ... The bottom line is that I can use only local authentication or LDAP ...
      (comp.os.linux)
    • Re: ldap authentication fallback to system authentication problem]
      ... > and authentication over ssh works against the ldap database. ... > allowed root to ssh in and that account does not exist in my ldap database ...
      (RedHat)
    • Re: ldap authentication fallback to system authentication problem]
      ... >> Hi I have used the setup tool provded with redhat to use ldap for system ... >> and authentication over ssh works against the ldap database. ... I use a regular account to login, ...
      (RedHat)
    • Re: Basic Authentication fails with Error 401.2 where Integrated s
      ... Just as a check I used NET USER /ADD on my test account and as expected ... The password dialog is supposed to appear for Basic authentication ... Thinking more esoterically now -- what are the login rights assigned ... IIS uses a specific login type, ...
      (microsoft.public.inetserver.iis.security)