pure-ftpd to proftpd problem

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,577
On a centos 8 server wich was initially installed with pureftpd during first installation, I am now converting it to proftpd doing this:

Code:
cd /usr/local/directadmin/custombuild
./build update
./build set ftpd proftpd
./build update
./build proftpd

After compiling proftd it seems to be running:

Code:
Active: active (running) since Sat 2020-04-18 23:00:51 CEST; 5s ago

However the file /etc/proftpd.vhosts.conf is missing!

Also it does not work to connect to ftp from any clients accounts

Code:
Status:    Resolving address of server.hostname.com
Status:    Connecting to XXXXXX...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Logged in
Status:    Retrieving directory listing...
Command:    PWD
Response:    257 "/" is the current directory
Command:    TYPE I
Response:    200 Type set to I
Command:    PASV
Response:    227 Entering Passive Mode (XXXXXX,137,48).
Command:    MLSD
Response:    150 Opening BINARY mode data connection for MLSD
Response:    425 Unable to build data connection: Operation not permitted
Error:    Failed to retrieve directory listing

Is this a bug in custombuild when converting from pure-ftpd to proftpd? Or could it be a bug related to centos 8? Maybe @smtalk you look into this?
 
Hmm. This guide seems outdated: https://help.directadmin.com/item.php?id=24

Code:
[root@server directadmin]# rpm -q proftpd
package proftpd is not installed

[root@server directadmin]# rpm -e --nodeps pure-ftpd
error: package pure-ftpd is not installed

[root@server directadmin]# cd /usr/local/directadmin/scripts
[root@server scripts]# ./proftpd.sh
-bash: ./proftpd.sh: No such file or directory
 
This is what I get in /var/log/messages

Code:
Apr 18 23:37:32 server proftpd[13246]: XXXXXX (176.74.214.105[176.74.214.105]) - mod_tls/2.7: notice: unable to open TLSLog: No such file or directory
Apr 18 23:37:32 server proftpd[13246]: XXXXXX (176.74.214.105[176.74.214.105]) - unable to open ExtendedLog '/var/log/proftpd/auth.log': No such file or directory
Apr 18 23:37:32 server proftpd[13246]: XXXXXX (176.74.214.105[176.74.214.105]) - unable to open ExtendedLog '/var/log/proftpd/access.log': No such file or directory
Apr 18 23:37:32 server proftpd[13246]: XXXXXX (176.74.214.105[176.74.214.105]) - unable to open ExtendedLog '/var/log/proftpd/XXXIPREMOVEDXXXX.bytes': No such file or directory
Apr 18 23:37:32 server proftpd[13246]: XXXXXX (176.74.214.105[176.74.214.105]) - unable to open TransferLog '/var/log/proftpd/xferlog.legacy': No such file or directory
 
I can mention that when I did the same and changed from pure-ftpd to proftpd on a centos 7 server, then it worked correct and I am able to logon ftp using proftpd. However I do not know if the reason is centos 7, because this server has previous been installed with proftpd, then later I changed to pure-ftpd, and then today changed to proftpd, wich worked.

However on the centos 8 server, proftpd has never been installed previous. And on this server proftpd is running, but it is not possible to connect to any ftp accounts. So either it is that proftp does not work on directadmin servers with centos 8, or the problem is changing to proftdp if you have only had pureftpd from the beginning?
 
Please check if the following solves it:
Code:
mkdir -p /var/log/proftpd
 
Thanks. But it did not solve it. Does it work on your centos 8 server? I did this:

Code:
mkdir -p /var/log/proftpd
cd /usr/local/directadmin/custombuild
./build update
./build set ftpd proftpd
./build update
./build proftpd

In /var/log/proftpd/proftpd.tls.log I have this content:

Code:
2020-04-19 19:36:49,078 mod_tls/2.7[10144]: TLS/TLS-C requested, starting TLS handshake
2020-04-19 19:36:49,105 mod_tls/2.7[10144]: TLSv1.3 connection accepted, using cipher TLS_AES_256_GCM_SHA384 (256 bits)
2020-04-19 19:36:49,189 mod_tls/2.7[10144]: Protection set to Private
2020-04-19 19:36:49,241 mod_tls/2.7[10144]: starting TLS negotiation on data connection
2020-04-19 19:36:49,254 mod_tls/2.7[10144]: client reused SSL session for data connection
2020-04-19 19:36:49,254 mod_tls/2.7[10144]: Client did not reuse SSL session from control channel, rejecting data connection (see the NoSessionReuseRequired TLSOptions parameter)
2020-04-19 19:36:49,254 mod_tls/2.7[10144]: unable to open data connection: TLS negotiation failed
 
Hm.. It's different from what you've posted earlier. Are you using ssl_configuration=intermediate in options.conf ?
 
Yes I am using ssl_configuration=intermediate , also the last time I posted I was using ssl_configuration=intermediate

Are you not able to replicate this on a centos 8 server?
 
By the way, /var/log/proftpd/ did not exist on my server before I created it. Also remember that /etc/proftpd.vhosts.conf is missing.
 
I have now tested rev 2479. It created /var/log/proftpd automatically when recompiling. In FileZilla it works connecting with a "Only use plain FTP (insecure)" setting. But it does not work when selecting "Use explicit FTP over TLS if available", and that is what I need.

FileZilla output says this:
Code:
Status:    Resolving address of server.hostname.com
Status:    Connecting to XXXXXXX:21...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Logged in
Status:    Retrieving directory listing...
Command:    PWD
Response:    257 "/" is the current directory
Command:    TYPE I
Response:    200 Type set to I
Command:    PASV
Response:    227 Entering Passive Mode (XXXXXXXX,140,54).
Command:    MLSD
Response:    150 Opening BINARY mode data connection for MLSD
Response:    425 Unable to build data connection: Operation not permitted
Error:    Failed to retrieve directory listing

I get this in /var/log/proftpd/proftpd.tls.log:
Code:
2020-04-19 20:32:10,631 mod_tls/2.7[1927]: TLS/TLS-C requested, starting TLS handshake
2020-04-19 20:32:10,660 mod_tls/2.7[1927]: TLSv1.3 connection accepted, using cipher TLS_AES_256_GCM_SHA384 (256 bits)
2020-04-19 20:32:10,732 mod_tls/2.7[1927]: Protection set to Private
2020-04-19 20:32:10,781 mod_tls/2.7[1927]: starting TLS negotiation on data connection
2020-04-19 20:32:10,793 mod_tls/2.7[1927]: client reused SSL session for data connection
2020-04-19 20:32:10,794 mod_tls/2.7[1927]: Client did not reuse SSL session from control channel, rejecting data connection (see the NoSessionReuseRequired TLSOptions parameter)
2020-04-19 20:32:10,794 mod_tls/2.7[1927]: unable to open data connection: TLS negotiation failed
 
I deleted /etc/proftpd.conf now and recompiled proftpd, but it still does not work. Only unencrypted FTP works.
 
By the way, this is a server in production. So every time you ask me to test, I must change from pureftpd to proftpd, and after that I must change back to pureftpd. It would be nice if you please can test on your own centos 8 server?
 
By the way, this is a server in production. So every time you ask me to test, I must change from pureftpd to proftpd, and after that I must change back to pureftpd. It would be nice if you please can test on your own centos 8 server?

I didn't apply the code without checking it :) The problem is that I've used 1.3.7rc3, and it seems to be a bug in 1.3.6c.. Please try:
Code:
cd /usr/local/directadmin/custombuild
echo 'proftpd:1.3.7rc3:' >> custom_versions.txt
./build proftpd
 
Thank you! It works now. :) Does custombuild/directadmin setup log rotation for the files in the new path /var/log/proftpd/? Like this files?:

Code:
/var/log/proftpd/auth.log
/var/log/proftpd/access.log
/var/log/proftpd/proftpd.tls.log
/var/log/proftpd/xferlog.legacy
 
Last edited:
In proftpd.conf I see this:
Code:
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSCipherSuite HIGH:MEDIUM:+TLSv1

So it seems that the ssl_configuration=intermediate setting in options.conf does not have any effect on proftpd? Is it any plans to include proftpd in that setting?
 
Try adding this line at the end:
Code:
TLSOptions NoSessionReuseRequired

That will take care of this errror:
Code:
2020-04-19 20:32:10,781 mod_tls/2.7[1927]: starting TLS negotiation on data connection
2020-04-19 20:32:10,793 mod_tls/2.7[1927]: client reused SSL session for data connection
2020-04-19 20:32:10,794 mod_tls/2.7[1927]: Client did not reuse SSL session from control channel, rejecting data connection (see the NoSessionReuseRequired TLSOptions parameter)
2020-04-19 20:32:10,794 mod_tls/2.7[1927]: unable to open data connection: TLS negotiation failed

This is because your FTP client is using another SSL session for the data connection (which seems to be pretty common) I always add that line when I update proftpd in my machines to fix it.
 
/etc/logrotate.d/proftpd should be placed for log-rotation. Regarding protocols - are you sure you do not have custom/proftpd/conf/proftpd.conf ? If it's not there - I'll check.
 
I only have fpm and opcache in /usr/local/directadmin/custombuild/custom - so yes, I am sure I don't have custom proftpd.conf :)
 
Back
Top