Find the answer to your Linux question:
Page 2 of 12 FirstFirst 1 2 3 4 5 6 ... LastLast
Results 11 to 20 of 120
Sorry, my eloquence sometimes fails. I copied the contents of the vsftpd to the vsftpd-2 and did do a rule by rule elimination attempt. In simple language, I did what ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Just Joined!
    Join Date
    Jan 2013
    Posts
    61

    Sorry, my eloquence sometimes fails.
    I copied the contents of the vsftpd to the vsftpd-2 and did do a rule by rule elimination attempt. In simple language, I did what you said you thought I did.

  2. #12
    Linux Newbie
    Join Date
    Jun 2012
    Posts
    100
    Ok, time to dig deeper.

    It seems the pam file contains some include statements. Go to the other files and replace these include statements to the necessary sections (auth, password, session etc...) out of those files and into your vsftpd-2 file. If these statements include new include statements, then repeat until all of them are gone. You might end up with a pretty big file but that's okay.

    Then try doing the rule by rule thing again. It has to be PAM, since your connection hangs during authentication.

  3. #13
    Just Joined!
    Join Date
    Jan 2013
    Posts
    61
    from what I can see, it is only the 1 file of password-auth. Am I looking at it correct? The other files such pam...., are not existant. Could that be the problem? Well, I did try bring over the password-auth info and it changed nothing.

  4. #14
    Linux Newbie
    Join Date
    Jun 2012
    Posts
    100
    Yes, it's only password-auth. I noticed just now since you mentioned it.

    Bringing it over will not change PAM's behaviour at all. Could you post the password-auth file?

  5. #15
    Just Joined!
    Join Date
    Jan 2013
    Posts
    61
    sure not a problem...here it is:

    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth required pam_env.so
    auth sufficient pam_unix.so nullok try_first_pass
    auth requisite pam_succeed_if.so uid >= 1000 quiet_success
    auth required pam_deny.so

    account required pam_unix.so
    account sufficient pam_localuser.so
    account sufficient pam_succeed_if.so uid < 1000 quiet
    account required pam_permit.so

    password requisite pam_pwquality.so try_first_pass retry=3 type=
    password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
    password required pam_deny.so

    session optional pam_keyinit.so revoke
    session required pam_limits.so
    -session optional pam_systemd.so
    session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
    session required pam_unix.so

  6. #16
    Linux Newbie
    Join Date
    Jun 2012
    Posts
    100
    Wait, before we continue.

    In post nr 9 you mentioned:

    ok, i attempted your suggestion and it did not work.
    Does that mean that the authentication failed or that the FTP sessions keeps hanging again?

    Are you sure you restarted the vsftpd service and made it point to vsftpd-2? If that is the case, then there is actually no point in going down (much) further this path. However (as a somewhat last resort), you might want to try the below vsftpd-2 to rule out pam_unix.so from doing icky things (NOTE: this will set your ftp server WIDE OPEN!):

    Quote Originally Posted by /etc/pam.d/vsftpd-2
    auth requisite pam_permit.so

  7. #17
    Just Joined!
    Join Date
    Jan 2013
    Posts
    61
    I meant "it did not work" as in the step through of turning on and off, it failed authentication. Once it was back to the original way, it was back to the hanging.
    I tried removing everything from the vsftpd-2 file and only put that auth command. I then restarted vsftp and I got a critical error of could not connect to the server. I then copied over the vsftpd file 1 command at a time and saved and restarted the vsftpd until it started working again. I then started the statement juggling and ended up with the same thing of that auth requisite pam_permit.so being commented out. I did do an little better organization this time when I brought over the commands.

  8. #18
    Linux Newbie
    Join Date
    Jun 2012
    Posts
    100
    That's unexpected. One more shot:

    Quote Originally Posted by /etc/pam.d/vsftpd-2
    auth required pam_permit.so
    account required pam_permit.so
    password required pam_permit.so
    session required pam_permit.so
    Code:
    su -c 'chown 0:0 /etc/pam.d/vsftpd-2'
    su -c 'chmod 644 /etc/pam.d/vsftpd-2'
    And then edit vsftpd.conf to contain 'pam_service_name=vsftpd-2' and finally restart vsftpd.

    You should just automatically log in if you enter a valid user account. Any password should be accepted. Don't know what happens you if you insert a non existent user account. Finally, disable anonymous logon if you don't need it.

  9. #19
    Just Joined!
    Join Date
    Jan 2013
    Posts
    61
    well, I have completed the additions and it still hanges at the same place. Yes, I started the vsftpd service. There must be something with a time-out feature somewhere that needs to be met before the logon can continue. Is there anywhere that has such a time-out? I have no clue about the way pam works.

    below is the result of the authconfig test maybe this will shed some light.

    [root@webforms administrator]# authconfig --test
    caching is disabled
    nss_files is always enabled
    nss_compat is disabled
    nss_db is disabled
    nss_hesiod is disabled
    hesiod LHS = ""
    hesiod RHS = ""
    nss_ldap is disabled
    LDAP+TLS is disabled
    LDAP server = ""
    LDAP base DN = ""
    nss_nis is disabled
    NIS server = ""
    NIS domain = ""
    nss_nisplus is disabled
    nss_winbind is disabled
    SMB workgroup = ""
    SMB servers = ""
    SMB security = "user"
    SMB realm = ""
    Winbind template shell = "/bin/false"
    SMB idmap uid = "16777216-33554431"
    SMB idmap gid = "16777216-33554431"
    nss_sss is disabled by default
    nss_wins is disabled
    nss_mdns4_minimal is enabled
    DNS preference over NSS or WINS is disabled
    pam_unix is always enabled
    shadow passwords are enabled
    password hashing algorithm is sha512
    pam_krb5 is disabled
    krb5 realm = "#"
    krb5 realm via dns is disabled
    krb5 kdc = ""
    krb5 kdc via dns is disabled
    krb5 admin server = ""
    pam_ldap is disabled
    LDAP+TLS is disabled
    LDAP server = ""
    LDAP base DN = ""
    LDAP schema = "rfc2307"
    pam_pkcs11 is disabled
    use only smartcard for login is disabled
    smartcard module = "coolkey"
    smartcard removal action = "Ignore"
    pam_fprintd is enabled
    pam_ecryptfs is disabled
    pam_winbind is disabled
    SMB workgroup = ""
    SMB servers = ""
    SMB security = "user"
    SMB realm = ""
    pam_sss is disabled by default
    credential caching in SSSD is enabled
    SSSD use instead of legacy services if possible is enabled
    IPAv2 is disabled
    IPAv2 domain was not joined
    IPAv2 server = ""
    IPAv2 realm = ""
    IPAv2 domain = ""
    pam_pwquality is enabled (try_first_pass retry=3 type=)
    pam_passwdqc is disabled ()
    pam_access is disabled ()
    pam_mkhomedir or pam_oddjob_mkhomedir is disabled ()
    Always authorize local users is enabled ()
    Authenticate system accounts against network services is disabled
    [root@webforms administrator]#
    Last edited by Herculeon; 02-01-2013 at 12:01 PM.

  10. #20
    Linux Newbie
    Join Date
    Jun 2012
    Posts
    100
    To confirm: You did this with the 'new' and latest (4 line) vsftpd-2 file I provided? So, login works now but is still slow, right?

Page 2 of 12 FirstFirst 1 2 3 4 5 6 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •