Find the answer to your Linux question:
Page 2 of 12 FirstFirst 1 2 3 4 5 6 ... LastLast
Results 11 to 20 of 120
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11

    Sorry, my eloquence sometimes fails.
    I copied the contents of the vsftpd to the vsftpd-2 and did do a rule by rule elimination attempt. In simple language, I did what you said you thought I did.

  2. #12
    Ok, time to dig deeper.

    It seems the pam file contains some include statements. Go to the other files and replace these include statements to the necessary sections (auth, password, session etc...) out of those files and into your vsftpd-2 file. If these statements include new include statements, then repeat until all of them are gone. You might end up with a pretty big file but that's okay.

    Then try doing the rule by rule thing again. It has to be PAM, since your connection hangs during authentication.

  3. #13
    from what I can see, it is only the 1 file of password-auth. Am I looking at it correct? The other files such pam...., are not existant. Could that be the problem? Well, I did try bring over the password-auth info and it changed nothing.

  4. $spacer_open
  5. #14
    Yes, it's only password-auth. I noticed just now since you mentioned it.

    Bringing it over will not change PAM's behaviour at all. Could you post the password-auth file?

  6. #15
    sure not a it is:

    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth required
    auth sufficient nullok try_first_pass
    auth requisite uid >= 1000 quiet_success
    auth required

    account required
    account sufficient
    account sufficient uid < 1000 quiet
    account required

    password requisite try_first_pass retry=3 type=
    password sufficient sha512 shadow nullok try_first_pass use_authtok
    password required

    session optional revoke
    session required
    -session optional
    session [success=1 default=ignore] service in crond quiet use_uid
    session required

  7. #16
    Wait, before we continue.

    In post nr 9 you mentioned:

    ok, i attempted your suggestion and it did not work.
    Does that mean that the authentication failed or that the FTP sessions keeps hanging again?

    Are you sure you restarted the vsftpd service and made it point to vsftpd-2? If that is the case, then there is actually no point in going down (much) further this path. However (as a somewhat last resort), you might want to try the below vsftpd-2 to rule out from doing icky things (NOTE: this will set your ftp server WIDE OPEN!):

    Quote Originally Posted by /etc/pam.d/vsftpd-2
    auth requisite

  8. #17
    I meant "it did not work" as in the step through of turning on and off, it failed authentication. Once it was back to the original way, it was back to the hanging.
    I tried removing everything from the vsftpd-2 file and only put that auth command. I then restarted vsftp and I got a critical error of could not connect to the server. I then copied over the vsftpd file 1 command at a time and saved and restarted the vsftpd until it started working again. I then started the statement juggling and ended up with the same thing of that auth requisite being commented out. I did do an little better organization this time when I brought over the commands.

  9. #18
    That's unexpected. One more shot:

    Quote Originally Posted by /etc/pam.d/vsftpd-2
    auth required
    account required
    password required
    session required
    su -c 'chown 0:0 /etc/pam.d/vsftpd-2'
    su -c 'chmod 644 /etc/pam.d/vsftpd-2'
    And then edit vsftpd.conf to contain 'pam_service_name=vsftpd-2' and finally restart vsftpd.

    You should just automatically log in if you enter a valid user account. Any password should be accepted. Don't know what happens you if you insert a non existent user account. Finally, disable anonymous logon if you don't need it.

  10. #19
    well, I have completed the additions and it still hanges at the same place. Yes, I started the vsftpd service. There must be something with a time-out feature somewhere that needs to be met before the logon can continue. Is there anywhere that has such a time-out? I have no clue about the way pam works.

    below is the result of the authconfig test maybe this will shed some light.

    [root@webforms administrator]# authconfig --test
    caching is disabled
    nss_files is always enabled
    nss_compat is disabled
    nss_db is disabled
    nss_hesiod is disabled
    hesiod LHS = ""
    hesiod RHS = ""
    nss_ldap is disabled
    LDAP+TLS is disabled
    LDAP server = ""
    LDAP base DN = ""
    nss_nis is disabled
    NIS server = ""
    NIS domain = ""
    nss_nisplus is disabled
    nss_winbind is disabled
    SMB workgroup = ""
    SMB servers = ""
    SMB security = "user"
    SMB realm = ""
    Winbind template shell = "/bin/false"
    SMB idmap uid = "16777216-33554431"
    SMB idmap gid = "16777216-33554431"
    nss_sss is disabled by default
    nss_wins is disabled
    nss_mdns4_minimal is enabled
    DNS preference over NSS or WINS is disabled
    pam_unix is always enabled
    shadow passwords are enabled
    password hashing algorithm is sha512
    pam_krb5 is disabled
    krb5 realm = "#"
    krb5 realm via dns is disabled
    krb5 kdc = ""
    krb5 kdc via dns is disabled
    krb5 admin server = ""
    pam_ldap is disabled
    LDAP+TLS is disabled
    LDAP server = ""
    LDAP base DN = ""
    LDAP schema = "rfc2307"
    pam_pkcs11 is disabled
    use only smartcard for login is disabled
    smartcard module = "coolkey"
    smartcard removal action = "Ignore"
    pam_fprintd is enabled
    pam_ecryptfs is disabled
    pam_winbind is disabled
    SMB workgroup = ""
    SMB servers = ""
    SMB security = "user"
    SMB realm = ""
    pam_sss is disabled by default
    credential caching in SSSD is enabled
    SSSD use instead of legacy services if possible is enabled
    IPAv2 is disabled
    IPAv2 domain was not joined
    IPAv2 server = ""
    IPAv2 realm = ""
    IPAv2 domain = ""
    pam_pwquality is enabled (try_first_pass retry=3 type=)
    pam_passwdqc is disabled ()
    pam_access is disabled ()
    pam_mkhomedir or pam_oddjob_mkhomedir is disabled ()
    Always authorize local users is enabled ()
    Authenticate system accounts against network services is disabled
    [root@webforms administrator]#
    Last edited by Herculeon; 02-01-2013 at 12:01 PM.

  11. #20
    To confirm: You did this with the 'new' and latest (4 line) vsftpd-2 file I provided? So, login works now but is still slow, right?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts