The FreeBSD Diary

The FreeBSD Diary (TM) Remember
I remember
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Things look quiet here. But I've been doing a lot of blogging at dan.langille.org because I prefer WordPress now. Not all my posts there are FreeBSD related. I am in the midst of migrating The FreeBSD Diary over to WordPress (and you can read about that here). Once the migration is completed, I'll move the FreeBSD posts into the new FreeBSD Diary website.

proftpd and FreeBSD 7 December 1999
Need more help on this topic? Click here
This article has no comments
Show me similar articles
This article describes how I got proftpd to work with FreeBSD 3-3 STABLE.
Background
I recently upgraded a box from 3.3-RELEASE to 3.3-STABLE.   In the process, I encountered problems with proftpd.  Specifically, anonymous login worked, but regular users could not log in.  The error message was:
Dec  6 23:00:15 synergy proftpd[346]: unable to resolve symbol: 
                pam_sm_close_session
Dec  6 23:00:16 synergy proftpd[346]: PAM(dan): Authentication failure
Dec  6 23:00:16 synergy proftpd[346]: USER dan: incorrect password 
             from yourbox.yourdomain.org [10.0.0.20] to 10.0.0.100:21

My first port of call was the proftpd homepage at http://www.proftpd.org/ and I checked the http://hamster.wibble.org/proftpd/ questions on PAM.  I followed the suggestions (found there and in the FreeBSD mailing list archives) and remove the entry from /etc/pam.conf (third line shown below):

ftp auth    required    pam_unix.so         try_first_pass
ftp account required    pam_unix.so         try_first_pass
#ftp session required    pam_unix.so         try_first_pass

But this didn't allow the user to login.  However, if I add the following option to /usr/local/etc/proftpd.conf:

AuthPAMAuthoritative off

the logins work but these errors remain:

Dec 7 00:04:07 synergy proftpd[3779]: PAM(dan): Authentication failure
Solution
At the prompting of someone from the FreeBSD Questions mailing list, I went to archives at  http://www.proftpd.org/proftpd-l-archive/ and starting searching.  Eventually, I found http://www.proftpd.org/proftpd-l-archive/99-10/msg00632.html which mentioned proftpd-1.2.0pre9.  I checked the ftp site at ftp://ftp.tos.net/pub/proftpd/ and found the file in question.  I downloaded it, configured it, installed it, and it worked.
The install
First I fetched the tarball:
/usr/ports/ftp/
fetch -P ftp://ftp.tos.net/pub/proftpd/proftpd-1.2.0pre9.tar.gz
tar xvfz proftpd-1.2.0pre9.tar.gz
cd proftpd-1.2.0pre9

In the README file, you'll find a reference to --enable-force-setpassent.   I eventually figured out that this refers to a command line parameter to ./configure.   You should also read INSTALL.

I ran the configure script like this:

install_user=nobody install_group=wheel ./configure 
                                          --enable-force-setpassent

This will run proftpd as user nobody in group wheel.

Note that the program will install to a different location than that of the port.

port /usr/local/libexec/proftpd
this install /usr/local/sbin/proftpd

I had the port, so first I deinstalled the port:

pkg_delete proftpd-1.2.0p8

The next step was:

make
make install

Don't forget to update your startup script to reflect the new location:

more /usr/local/etc/rc.d/proftpd.sh
#!/bin/sh
/bin/mkdir -p /var/run/proftpd
if [ -x /usr/local/sbin/proftpd ]; then
        /usr/local/sbin/proftpd && echo -n ' proftpd'
fi

With this new version, I removed:

AuthPAMAuthoritative No

from /usr/local/etc/proftpd.conf so proftpd would use PAM.   Actually, the logins worked with or without PAM.  So it's your choice.


Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles