Solved FTP Account Connection / DirectAdmin Update

D

davidc

Verified User
Joined
Jun 19, 2020
Messages
85
This was received on June 2nd in an email notification for DirectAdmin software updates:

DirectAdmin 1.649 build 316d0ea3f4e66cdf44452c35ee2d16e0e9e0b4c5 to 1.649 build 56087e755f5535c6e5eb6ad016652121d1bfdc80 update is available.

The next day a user FTP account from a remote camera stopped being allowed to connect upload photos. The account info was not changed on either camera or server.

I think the server is using PureFTP and suspect the issue is with the FTP account. It is in the form 'userid'. DirectAdmin GUI now wants to create every account with '[email protected]'. The problem here is the camera software will only allow: IP address, port, userid and password. The server currently has a user FPT account with only 'userid' as the account. The camera has been able to FTP to the server without the '@domain.com' for several years.

Is there a way to restore this functionality? Is this something that can be overridden in a user's FTP configuration? Where is a user's configuration file?

Here's what's in DirectAdmin configuration file:

Code: 
# tail -n +1 /usr/local/directadmin/conf/directadmin.conf | grep "ftp"
backup_ftp_md5=0
backup_ftp_pre_test=1
ftpconfig=/etc/proftpd.conf
ftppasswd=/etc/proftpd.passwd
ftpvhosts=/etc/proftpd.vhosts.conf
letsencrypt_list=www:mail:ftp:pop:smtp
pureftp=1
unified_ftp_password_file=1

David
 
Last edited:
davidc said:
The problem here is the camera software will only allow: IP address, port, userid and password
Click to expand...
So what is the problem? I use camera's too, same way.

Ip address: your server's ip address
userid: [email protected]
password: password

What is the problem? Weird (cheap) camera software if it does not accept an email address as userid.
I even have 12 year old cheap $ 25 camera from Aliexpress in China which accepts email addresses as userid.

davidc said:
Is there a way to restore this functionality? I
Click to expand...
It might. Use the system accountname for ftp, then you can login without @domain.com behind it.

Unless you used the option to use system accounts to virtual accounts:

Version 1.54.0 | Directadmin Docs

DirectAdmin Knowledge Base
www.directadmin.com
It's not on by default as far as I now, so you should be able to still use the system account the way you want.
 
Richard G said:
It might. Use the system accountname for ftp, then you can login without @domain.com behind it.
Click to expand...
Thanks for this. Looking into this now.

I think this is what I've been using for the past few years. I am assuming you mean the user account id.
 
Last edited:
Thanks so much for jumping in on this Richard.

1. I have confirmed that the "system user" account is accessible via FTP.
2. CSF: the camera's IP address is in csf.ignore
3. CSF: Reference: No FTP user login logs ... ports 20, 21, 35000:35999 (in/out) are open
4. Also, reference #2 link, I am trying to find some log file detailing the servers response to FTP connection attempt. (current focus)

The camera has a Test feature for FTP. It's receiving a response that looks like this:

Code: 
{
    "Response": {
        "ResponseURL": "/LAPI/V1.0/NetWork/FTP/Test",
        "CreatedID": -1,
        "ResponseCode": 1,
        "SubResponseCode": 0,
        "ResponseString": "Common Error",
        "StatusCode": 760,
        "StatusString": "Common Fail",
        "Data": "null"
    }
}

? pretty unhelpful
 
Richard, Do you know anything about the dash in front of some of the log locations?

rsyslog-1.jpg
 
I don't have that many dashes in my rsyslog.conf file.
In DA installations (Centos and Almalinux) I only have a dash in front of -/var/log/maillog and not on others.

Easy explanation I found here:
serverfault.com

What does "-/filepath" ACTION mean in rsyslog configuration

I came across this one Debian Linux installation (6.0.6), and examining its /etc/rsyslog.conf, I see configuration lines like this: auth,authpriv.* /var/log/auth.log *.*;auth,authp...
serverfault.com serverfault.com

Extended explanation here:
docs.fedoraproject.org

[f38] Viewing and Managing Log Files

Learn more about Fedora Linux, the Fedora Project & the Fedora Community.
docs.fedoraproject.org

As said, on all my servers the dash is only in front of the maillog, I never changed any of those.
But ofcourse use at your own insight.
 
Oh I forgot the previous question.

1.) OK
2.) OK
3.) Good
4.) If you used the setup I explained there, then you should be able to read the /var/log/pureftpd-auth.log file for all login attempts which reach the server.
 
I followed your suggestion here and am seeing the camera's attempt:

in pureftpd-auth.log:
Jun 12 14:33:56 vps pure-ftpd: ([email protected]) [INFO] New connection from 65.152.xx.xx
Jun 12 14:33:56 vps pure-ftpd: ([email protected]) [INFO] <system_user> is now logged in
Jun 12 14:33:56 vps pure-ftpd: (<system_user>@65.152.xx.xx) [INFO] Logout.

nothing is going into pureftpd.log !?

In short, photos are not being sent (uploaded) to the VPS.

Do you have any ideas what to check next?

David
 
davidc said:
In short, photos are not being sent (uploaded) to the VPS.
Click to expand...
Correct. If pureftpd.log keeps empty (and is setup correctly) and you also don't find anything in the system logfile, then the connection is made but no files are send.

But this is the way without @domain.com it always worked. So something else might have changed, maybe modem or firewall at home or office?

Only thing which comes into my mind is pasv mode and passive port range.
On the server, you got that open, however.... is the same range open on the sending system, so where the camera is sending from?
And is the camera set to PASV mode (if possible).

Otherwise I'm also out of idea's.
 
It turns out the problem was in the camera's network and not with FTP or the server.

Thank you, Richard for all your assistance.

David
 
You must log in or register to reply here.
Back
Top