cannot ftp [Archive] - The FreeBSD Forums

View Full Version : cannot ftp

hirohitosan

February 3rd, 2009, 17:11

Hi there. I installed pure-ftpd and I cannot connect.
ftp localhost
Trying 127.0.0.1...
Connected to localhost.
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 16:08. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (localhost:user):
331 User user OK. Password required
Password:
421 Service not available, remote server has closed connection.
ftp: Login failed.
what is wrong?
The user name is correct the passw is correct and simply cannot connect.

thanks

DutchDaemon

February 3rd, 2009, 17:15

Is the username in /etc/ftpusers?

hirohitosan

February 3rd, 2009, 17:28

Is the username in /etc/ftpusers?
nope :r.
I added and restart /usr/local/etc/rc.d/pure-ftpd restart but still not connection. Do I need to restart something else too?

DutchDaemon

February 3rd, 2009, 18:27

Is there a logfile, like /var/log/xferlog?

hirohitosan

February 3rd, 2009, 18:53

DutchDaemon

February 3rd, 2009, 23:38

nope :r.
I added

No, don't add it. The file /etc/ftpusers contains the usernames that are not allowed to connect through ftp.

DutchDaemon

February 3rd, 2009, 23:41

yes cat xferlog
Feb 3 13:11:39 ns newsyslog[371]: logfile first created
Feb 3 15:52:19 ns pure-ftpd: (?@?) [ERROR] Unable to find the 'ftp' account
Feb 3 15:52:34 ns pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Feb 3 15:52:42 ns pure-ftpd: (?@127.0.0.1) [ERROR] Unable to read the indexed puredb file (or old format detected) - Try pure-pw mkdb

Well, I don't know anything about the internals of pure-ftpd. It appears to need a local 'ftp' user (maybe to facilitate anonymous logins?), and it appears to miss some kind of index. I'd suggest tracking down a FAQ or reading the man file to find out what pure-ftpd needs in order to run. Always look at your logfile after making changes and work from there.

hirohitosan

February 4th, 2009, 08:24

I still don't understand. I found a way to import users with system-level accounts (defined in /etc/master.passwd)# pure-pwconvert >> /usr/local/etc/pureftpd.passwd
# chmod 600 /usr/local/etc/pureftpd.passwd
# pure-pw mkdb, but this import only regular users. Does not import users in the wheel group

And if we're here, I have another question about users. When I installed the system I created: user1 member of wheel group to can su. Is the same if I create user1 member of user1 group and put user1 in wheel member group?

DutchDaemon

February 4th, 2009, 10:39

I'll have to refer you to a FAQ/man page for pure-ftpd; I simply do not know it. All I can see is that it appears to need a system user called 'ftp', just like BIND needs a user 'bind' and Sendmail needs a user 'smmsp' and 'mailnull'. Like most system users, it needs no shell (shell 'nologin').

As far as the second question goes: in FreeBSD every user is in its own group by default. So user1 will always have a matching group user1 in /etc/groups. To be able to su, user1 needs to be added to the group wheel in /etc/groups. So in /etc/groups, user1 will look like:

wheel:*:0:root,user1
user1:*:1001:

If you need user1 and user2 in wheel:

wheel:*:0:root,user1,user2
user1:*:1001:
user2:*:1002:

Etc.

hirohitosan

February 4th, 2009, 16:23

As far as the second question goes: in FreeBSD every user is in its own group by default. So user1 will always have a matching group user1 in /etc/groups. To be able to su, user1 needs to be added to the group wheel in /etc/groups. So in /etc/groups, user1 will look like:[/code]
thanks DutchDaemon. But in my case in different. Look what I have in /etc/groupcat /etc/group
# $FreeBSD: src/etc/group,v 1.35.6.1 2008/11/25 02:59:29 kensmith Exp $
#
wheel:*:0:root
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
ftp:*:14:
staff:*:20:
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:
bind:*:53:
proxy:*:62:
authpf:*:63:
_pflogd:*:64:
_dhcp:*:65:
uucp:*:66:
dialer:*:68:
network:*:69:
audit:*:77:
www:*:80:
nogroup:*:65533:
nobody:*:65534:
adi:*:7778:I have a user "adi" member of "adi" group. Whit this user pure-ftpd works
I have another user "user" member of "wheel", and with that "user" pure doesn't work. As you can see there is no "user" group in /etc/group, even I have "user" like user :)
sorry ... maybe I'm a little confusing, but I don't know how to explain better.
With user "user" member of "wheel" I do all administration tasks.

DutchDaemon

February 4th, 2009, 16:54

Then the question is: how did you create the account for "user". If you do it using 'adduser', the group will be created automatically. I can't tell whether pure-ftpd will or will not accept a user that doesn't have a matching group. You could test by adding a new user with 'adduser' and trying if it can use FTP or not. Then you can add that user to the wheel group too, and test FTP again. BTW, I've never seen an FTP login fail because a user is a member of group 'wheel'. I don't know whether a user that doesn't belong to any group (either his own group, or a collective group like 'users') would be refused in any way.

hirohitosan

February 4th, 2009, 23:54

Then the question is: how did you create the account for "user".
well, at the installation using sysinstall. As you can see I left empty at the "member groups".
And it's true. I use ftpd started by inetd and all system user was enable to connect. This issue appear just with pure-ftpd. Maybe this is the way it goes with pure-ftpd. My thought is to create a new group named "user" and where user "user" will be member.

DutchDaemon

February 5th, 2009, 00:01

Ah, you made a tiny mistake there: you should have left 'Group' empty (it will then default to creating a group with the same name as the account). The 'Member groups' is the place where you should have put 'wheel'.

hirohitosan

February 5th, 2009, 16:05

Thanks. I created a new user with the same group name and member of wheel and now I can connect with ftp ... :)
at this moment I can consider this thread SOLVED. Thanks again.