I was trying to do something really simple: add a new FTP user to a server. Everything went great, except, I couldn't actually FTP using the new user credentials.
Whenever I did, I got the following error in /var/log/auth.log:
Aug 3 09:28:30 XXX proftpd[7352]: a.b.c.d (a.b.c.d[a.b.c.d]) - USER foo (Login failed): Incorrect password. Aug 3 09:28:30 XXX proftpd[7352]: a.b.c.d (a.b.c.d[a.b.c.d]) - FTP session closed.
I tried resetting the password, ssh'ing as the new user, and su'ing as the new user -- these all worked, yet I kept getting the above Incorrect password message.
Poking around on the web, I was inspired by this article to check the PAM configuration. I opened up /etc/pam.d/ftpd and my problem immediately became obvious:
# PAM configuration for the "ftpd" service # auth required pam_group.so group=xftp auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth required pam_unix.so no_warn try_first_pass account required pam_unix.so session required pam_permit.so
The first line was the critical one -- it says that any user logging in is required to be in the xftp group.
I edited /etc/group and added the new user to the xftp group - and bam! it was working. Just like that.
So the lesson of the day: when in doubt check the PAM configuration.
No comments:
Post a Comment