ProFTP - cannot log in with user@domain account

[BlueNoteWeb]

Good evening folks. I've scoured all over the forums trying to solve this problem. I've found several people with similar problems, but nobody with the same problem (at least not one with a solution).

Under the "admin" user on this server there are lots of domains (15 or so). On one of the domains, I have an ftp sub-account in the format user@domain. When that sub-account is created or the password modified, the file /etc/proftpd.passwd IS updated but the user cannot log in.

I have been over and over the proftpd.conf file(posted below). I have compared that file to the same file on a different directadmin server that I know is working properly and found nothing out of the ordinary.

I have re-installed proftp using both custombuild and the instructions found here:
http://help.directadmin.com/item.php?id=82
In following those instructions, I DID change the --prefix parameter as instructed.

I have checked, double-checked and triple-checked the permissions on the various files against a second (working) DirectAdmin box. I have copied the proftpd.conf from that other box and run a diff (nothing different but whitespace and the server's IP address). I have copied the template from /usr/local/directadmin/something (changing the IP address, of course). No luck there.

Through all of this, I STILL cannot log in using user@domain. Sometimes I get errors in /var/log/messages that say "no such user," sometimes I don't get anything. Always the message to the FTP client is "530 login incorrect."

Through all of this, if I log in as a regular user, I can log in without problem. However, if I take that user's entry out of /etc/proftpd.passwd, I can STILL log in....which doesn't make any sense. If I take that user's entry out of BOTH /etc/passwd and /etc/proftpd.passwd, then I get a login failed message. Out of desperation I added the user@domain user to /etc/passwd but that didn't work either.

Other information that might be handy:
-server is running CentOS 4.something.
-the particular domain in question is owned by the admin user (who owns many other domains) and is on the server's shared IP

Here is my proftpd.conf:

ServerName "ProFTPd"
ServerType standalone

Port 21
UseReverseDNS off
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600

ScoreboardFile /var/run/proftpd/proftpd.pid

TransferLog /var/log/proftpd/xferlog.legacy
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"

#DON'T modify this log format. Its used by DirectAdmin to determine user usage
LogFormat userlog "%u %b"
ExtendedLog /var/log/proftpd/x.x.x.x.bytes WRITE,READ userlog

AuthUserFile /etc/proftpd.passwd
DefaultServer on

#AuthPAMConfig proftpd
#AuthOrder mod_auth_pam.c* mod_auth_unix.c mod_auth_file.c
#AuthOrder mod_auth_file.c
#AuthPAM off

<Global>
DeferWelcome on

RequireValidShell no

DefaultRoot ~
DirFakeUser on ftp
DirFakeGroup on ftp

User ftp
Group ftp
#UserAlias anonymous ftp

AllowStoreRestart on
AllowRetrieveRestart on

Umask 022
DisplayLogin welcome.msg
DisplayFirstChdir readme
AllowOverwrite yes
IdentLookups off
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth

#
# Paranoia logging level....
#
ExtendedLog /var/log/proftpd/paranoid.log ALL default

</Global>

I removed the server IP for privacy's sake - this is a client's server.

DA support, if you're reading this - I've already sent you an email with the server's login information.

Any information or suggestions would be greatly appreciated. Thanks in advance!

 

[BlueNoteWeb]

I think I've narrowed this down to ONLY domains owned by admin. On that same server, I created a new user "foobar" (owned by the reseller admin, but a separate account) for foobar.com. I then logged in to DA as user foobar and created a new ftp user, [email protected]. I am able to log in via FTP using either username.

I don't know if this is by design in DA or if there's something up with my admin user. For the time being I think I have a workaround for my client, but I do need to get this fixed eventually.

 

[IT_Architect]

I have the same problem, although I didn't always have it. Moreover, it comes and goes. I restarted ProFTP last time and it fixed it. It doesn't work this time. I restarted everything but the server. Rights look good on the password file, root & ftp. It was working this morning and the past few days, and now it's not.

History:
- ProFTP a couple weeks ago along with Apache, PHP, and FreeBSD 7

The problem:
The main account user can always login but not the @ users.

Jack

 

[IT_Architect]

I fixed it. I changed the permissons on proftpd.passwd to ftp ftp instead of root ftp. I found this on the DA site posted by John from DA: http://directadmin.com/forum/showthread.php?t=1739&highlight=proftpd.passwd

Hello,
Yes, but the group should be "ftp" which is what proftpd runs as.. thus I don't understand why it isn't reading on your system. Check the /etc/proftpd.conf and make sure the User and Group are both set to "ftp" .. and also make sure that "ftp" group exists:
John

However, we are running proftpd as root on this server.

I noticed John's post was dated 2004, so I decided to check the new server that is bone stock. It shows ProFTP running as root. However, the fact remains, when I changed the owner to ftp, it worked. So whatever is going on is somehow related to rights.

Facts:
*The problems began after the upgrade of the OS, Apache, PHP, & Proftp.

A. Last time I restarted FTP, and it fixed it, and the owner and group then was root ftp.

B. I check every morning and every night that ftp works still. It did for about 5 days, including this morning.

C. This morning the DA Admin password changes out of nowhere. I hadn't been in the control panel and neither hand anyone else.
I couldn't have typed the password in wrong, for three reasons:
1. It's not something anyone could remember and the case and numbers are all over the place.
2. It fills it in for you automatically when you select the user. It's worked for years.
3. Using the backdoor admin, I changed the pasword back to what it was, and the memorized password works again when I login to the control panel..

D. Shortly thereafter, I get a call that they cannot login FTP. I try restarting proftpd. It didn't help this time. I restart DA & Apache. It didn't help.

E. I change the OWNER of the file to ftp, and it works, without restarting proFTPd. The last modification date on the proftpd.passwd file reads 10:38 AM, which would been the approximate time I changed the control panel admin password back to what it was.

F. I setup a dummy user in the for a domain. I check the user & group on the file. They are back to root ftp. I cannot login again. I change the owner back to ftp. I can log in once again.

Any ideas where the problem is?
Jack

 

[IT_Architect]

Here is the end of the story from Servstra Support:

We have replaced the 'User' configuration in /etc/proftpd.conf to the default one. Now we are able to login to the server through FTP without any problem. We have created two new ftp accounts(servstra and support) under the domain 'findlocal.org' and tried to login to the server; the attempt was successful. The details are given below.

That makes sense. It must have changed from the upgrade. This should be useful to anyone contemplating doing the same.