pure-ftpd to proftpd problem

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
On a centos 8 server wich was initially installed with pureftpd during first installation, I am now converting it to proftpd doing this:

Code:
cd /usr/local/directadmin/custombuild
./build update
./build set ftpd proftpd
./build update
./build proftpd
After compiling proftd it seems to be running:

Code:
Active: active (running) since Sat 2020-04-18 23:00:51 CEST; 5s ago
However the file /etc/proftpd.vhosts.conf is missing!

Also it does not work to connect to ftp from any clients accounts

Code:
Status:    Resolving address of server.hostname.com
Status:    Connecting to XXXXXX...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Logged in
Status:    Retrieving directory listing...
Command:    PWD
Response:    257 "/" is the current directory
Command:    TYPE I
Response:    200 Type set to I
Command:    PASV
Response:    227 Entering Passive Mode (XXXXXX,137,48).
Command:    MLSD
Response:    150 Opening BINARY mode data connection for MLSD
Response:    425 Unable to build data connection: Operation not permitted
Error:    Failed to retrieve directory listing
Is this a bug in custombuild when converting from pure-ftpd to proftpd? Or could it be a bug related to centos 8? Maybe @smtalk you look into this?
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
Hmm. This guide seems outdated: https://help.directadmin.com/item.php?id=24

Code:
[root@server directadmin]# rpm -q proftpd
package proftpd is not installed

[root@server directadmin]# rpm -e --nodeps pure-ftpd
error: package pure-ftpd is not installed

[root@server directadmin]# cd /usr/local/directadmin/scripts
[root@server scripts]# ./proftpd.sh
-bash: ./proftpd.sh: No such file or directory
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
This is what I get in /var/log/messages

Code:
Apr 18 23:37:32 server proftpd[13246]: XXXXXX (176.74.214.105[176.74.214.105]) - mod_tls/2.7: notice: unable to open TLSLog: No such file or directory
Apr 18 23:37:32 server proftpd[13246]: XXXXXX (176.74.214.105[176.74.214.105]) - unable to open ExtendedLog '/var/log/proftpd/auth.log': No such file or directory
Apr 18 23:37:32 server proftpd[13246]: XXXXXX (176.74.214.105[176.74.214.105]) - unable to open ExtendedLog '/var/log/proftpd/access.log': No such file or directory
Apr 18 23:37:32 server proftpd[13246]: XXXXXX (176.74.214.105[176.74.214.105]) - unable to open ExtendedLog '/var/log/proftpd/XXXIPREMOVEDXXXX.bytes': No such file or directory
Apr 18 23:37:32 server proftpd[13246]: XXXXXX (176.74.214.105[176.74.214.105]) - unable to open TransferLog '/var/log/proftpd/xferlog.legacy': No such file or directory
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
I can mention that when I did the same and changed from pure-ftpd to proftpd on a centos 7 server, then it worked correct and I am able to logon ftp using proftpd. However I do not know if the reason is centos 7, because this server has previous been installed with proftpd, then later I changed to pure-ftpd, and then today changed to proftpd, wich worked.

However on the centos 8 server, proftpd has never been installed previous. And on this server proftpd is running, but it is not possible to connect to any ftp accounts. So either it is that proftp does not work on directadmin servers with centos 8, or the problem is changing to proftdp if you have only had pureftpd from the beginning?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,305
Location
LT, EU
Please check if the following solves it:
Code:
mkdir -p /var/log/proftpd
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
Thanks. But it did not solve it. Does it work on your centos 8 server? I did this:

Code:
mkdir -p /var/log/proftpd
cd /usr/local/directadmin/custombuild
./build update
./build set ftpd proftpd
./build update
./build proftpd
In /var/log/proftpd/proftpd.tls.log I have this content:

Code:
2020-04-19 19:36:49,078 mod_tls/2.7[10144]: TLS/TLS-C requested, starting TLS handshake
2020-04-19 19:36:49,105 mod_tls/2.7[10144]: TLSv1.3 connection accepted, using cipher TLS_AES_256_GCM_SHA384 (256 bits)
2020-04-19 19:36:49,189 mod_tls/2.7[10144]: Protection set to Private
2020-04-19 19:36:49,241 mod_tls/2.7[10144]: starting TLS negotiation on data connection
2020-04-19 19:36:49,254 mod_tls/2.7[10144]: client reused SSL session for data connection
2020-04-19 19:36:49,254 mod_tls/2.7[10144]: Client did not reuse SSL session from control channel, rejecting data connection (see the NoSessionReuseRequired TLSOptions parameter)
2020-04-19 19:36:49,254 mod_tls/2.7[10144]: unable to open data connection: TLS negotiation failed
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,305
Location
LT, EU
Hm.. It's different from what you've posted earlier. Are you using ssl_configuration=intermediate in options.conf ?
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
Yes I am using ssl_configuration=intermediate , also the last time I posted I was using ssl_configuration=intermediate

Are you not able to replicate this on a centos 8 server?
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
By the way, /var/log/proftpd/ did not exist on my server before I created it. Also remember that /etc/proftpd.vhosts.conf is missing.
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
I have now tested rev 2479. It created /var/log/proftpd automatically when recompiling. In FileZilla it works connecting with a "Only use plain FTP (insecure)" setting. But it does not work when selecting "Use explicit FTP over TLS if available", and that is what I need.

FileZilla output says this:
Code:
Status:    Resolving address of server.hostname.com
Status:    Connecting to XXXXXXX:21...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Logged in
Status:    Retrieving directory listing...
Command:    PWD
Response:    257 "/" is the current directory
Command:    TYPE I
Response:    200 Type set to I
Command:    PASV
Response:    227 Entering Passive Mode (XXXXXXXX,140,54).
Command:    MLSD
Response:    150 Opening BINARY mode data connection for MLSD
Response:    425 Unable to build data connection: Operation not permitted
Error:    Failed to retrieve directory listing
I get this in /var/log/proftpd/proftpd.tls.log:
Code:
2020-04-19 20:32:10,631 mod_tls/2.7[1927]: TLS/TLS-C requested, starting TLS handshake
2020-04-19 20:32:10,660 mod_tls/2.7[1927]: TLSv1.3 connection accepted, using cipher TLS_AES_256_GCM_SHA384 (256 bits)
2020-04-19 20:32:10,732 mod_tls/2.7[1927]: Protection set to Private
2020-04-19 20:32:10,781 mod_tls/2.7[1927]: starting TLS negotiation on data connection
2020-04-19 20:32:10,793 mod_tls/2.7[1927]: client reused SSL session for data connection
2020-04-19 20:32:10,794 mod_tls/2.7[1927]: Client did not reuse SSL session from control channel, rejecting data connection (see the NoSessionReuseRequired TLSOptions parameter)
2020-04-19 20:32:10,794 mod_tls/2.7[1927]: unable to open data connection: TLS negotiation failed
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
I deleted /etc/proftpd.conf now and recompiled proftpd, but it still does not work. Only unencrypted FTP works.
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
By the way, this is a server in production. So every time you ask me to test, I must change from pureftpd to proftpd, and after that I must change back to pureftpd. It would be nice if you please can test on your own centos 8 server?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,305
Location
LT, EU
By the way, this is a server in production. So every time you ask me to test, I must change from pureftpd to proftpd, and after that I must change back to pureftpd. It would be nice if you please can test on your own centos 8 server?
I didn't apply the code without checking it :) The problem is that I've used 1.3.7rc3, and it seems to be a bug in 1.3.6c.. Please try:
Code:
cd /usr/local/directadmin/custombuild
echo 'proftpd:1.3.7rc3:' >> custom_versions.txt
./build proftpd
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
Thank you! It works now. :) Does custombuild/directadmin setup log rotation for the files in the new path /var/log/proftpd/? Like this files?:

Code:
/var/log/proftpd/auth.log
/var/log/proftpd/access.log
/var/log/proftpd/proftpd.tls.log
/var/log/proftpd/xferlog.legacy
 
Last edited:

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
In proftpd.conf I see this:
Code:
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSCipherSuite HIGH:MEDIUM:+TLSv1
So it seems that the ssl_configuration=intermediate setting in options.conf does not have any effect on proftpd? Is it any plans to include proftpd in that setting?
 

jca

Verified User
Joined
Oct 31, 2006
Messages
241
Location
Allen, TX
Try adding this line at the end:
Code:
TLSOptions NoSessionReuseRequired
That will take care of this errror:
Code:
2020-04-19 20:32:10,781 mod_tls/2.7[1927]: starting TLS negotiation on data connection
2020-04-19 20:32:10,793 mod_tls/2.7[1927]: client reused SSL session for data connection
2020-04-19 20:32:10,794 mod_tls/2.7[1927]: Client did not reuse SSL session from control channel, rejecting data connection (see the NoSessionReuseRequired TLSOptions parameter)
2020-04-19 20:32:10,794 mod_tls/2.7[1927]: unable to open data connection: TLS negotiation failed
This is because your FTP client is using another SSL session for the data connection (which seems to be pretty common) I always add that line when I update proftpd in my machines to fix it.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,305
Location
LT, EU
/etc/logrotate.d/proftpd should be placed for log-rotation. Regarding protocols - are you sure you do not have custom/proftpd/conf/proftpd.conf ? If it's not there - I'll check.
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
I only have fpm and opcache in /usr/local/directadmin/custombuild/custom - so yes, I am sure I don't have custom proftpd.conf :)
 
Top