Threaded Mode | Linear Mode

johnnyrevell · 11-24-2009 11:41 PM

Hi I followed the install instructions at
http://www.isp-control.net/documentation...ion:debian

I'm using Debian 5.0 (lenny)

ispcp version 1.0.2
mysql 5.0.51a
proftpd 1.3.1

Everything OK except I cannot ftp in- I get a 421 service not available if I ftp the server.

I bit of digging shows proftpd cannot log into the mysql table using the credentials specified in proftpd.conf SQLConnectInfo in the default install:
# ispCP SQL Managment
SQLBackend mysql
SQLAuthTypes Crypt
SQLAuthenticate on
SQLConnectInfo ispcp@localhost vftp cXu*KAra+_])hK2g@zf
SQLUserInfo ftp_users userid passwd uid gid homedir shell
SQLGroupInfo ftp_group groupname gid members
SQLMinUserUID 2000
SQLMinUserGID 2000

If I change SQLAuthTypes from Crypt to Crypt Plaintext, and put in cleartext the password for vftp, I can ftp to the server, and users can log in OK

Is there a problem between the crypted password in proftpd.conf and mysql? I have tried setting the mysql password via old_password as someone suggested and left the proftpd.conf hash alone, but this doesn't work

Any ideas?

John

motokochan · 11-25-2009 05:21 AM

I think it's because the password isn't in UNIX crypt form. Look at the ftp_users table. Does the passwd value begin with $1$ ?

johnnyrevell · 11-25-2009 06:01 AM

(11-25-2009 05:21 AM)motokochan Wrote: I think it's because the password isn't in UNIX crypt form. Look at the ftp_users table. Does the passwd value begin with $1$ ?

yes they do; I think the problem is the vftp user used by proftpd cannot log into the database at all due to some problem between the encrypted password in proftpd and in the mysql user space

from SqlLogFile:
Nov 24 20:22:39 mod_sql/4.2.2[2779]: defaulting to 'mysql' backend
Nov 24 20:22:39 mod_sql/4.2.2[2779]: backend module 'mod_sql_mysql/4.0.8'
Nov 24 20:22:39 mod_sql/4.2.2[2779]: backend api 'mod_sql_api_v1'
Nov 24 20:22:39 mod_sql/4.2.2[2779]: >>> sql_sess_init
Nov 24 20:22:39 mod_sql/4.2.2[2779]: entering mysql cmd_defineconnection
Nov 24 20:22:39 mod_sql/4.2.2[2779]: name: 'default'
Nov 24 20:22:39 mod_sql/4.2.2[2779]: user: 'vftp'
Nov 24 20:22:39 mod_sql/4.2.2[2779]: host: 'localhost'
Nov 24 20:22:39 mod_sql/4.2.2[2779]: db: 'ispcp'
Nov 24 20:22:39 mod_sql/4.2.2[2779]: port: '3306'
Nov 24 20:22:39 mod_sql/4.2.2[2779]: ttl: '0'
Nov 24 20:22:39 mod_sql/4.2.2[2779]: exiting mysql cmd_defineconnection
Nov 24 20:22:39 mod_sql/4.2.2[2779]: entering mysql cmd_open
Nov 24 20:22:39 mod_sql/4.2.2[2779]: exiting mysql cmd_open
Nov 24 20:22:39 mod_sql/4.2.2[2779]: unrecoverable backend error
Nov 24 20:22:39 mod_sql/4.2.2[2779]: error: '1045'
Nov 24 20:22:39 mod_sql/4.2.2[2779]: message: 'Access denied for user 'vftp'@'localhost' (using password: YES)'

Could it be I'm using mod_sql_mysql/4.0.8 in mysql 5?

John

motokochan · 11-25-2009 06:04 AM

ProFTPd has no problem seeing the database, the problem stems from the fact that the passwords are being saved as salted md5, but ProFTPd is expecting crypt() output. I'm working on the same issue here, and will report back with a workaround or solution as soon as I can get it working.

Quick and Dirty Fix:

Edit /var/www/ispcp/gui/include/calc-functions.php

Search for "generate_rand_salt"

Edit:

Code:

if (CRYPT_BLOWFISH == 2) {

                $length = 13;

                $pre    = '$2$';

        } elseif (CRYPT_MD5 == 1) {

                $length = 9;

                $pre    = '$1$';

        } elseif (CRYPT_EXT_DES == 1) {

                $length = 9;

                $pre    = '';

To:

Code:

/*

        if (CRYPT_BLOWFISH == 2) {

                $length = 13;

                $pre    = '$2$';

        } elseif (CRYPT_MD5 == 1) {

                $length = 9;

                $pre    = '$1$';

        } else*/

        if (CRYPT_EXT_DES == 1) {

                $length = 9;

                $pre    = '';

This disables MD5 and Blowfish when making passwords for FTP, possibly for other accounts as well. I have not tested this completely.

johnnyrevell · 11-25-2009 07:26 AM

I can get it to work without the above by going in to proftpd.conf:
change SQLAuthTypes from Crypt to Crypt Plaintext
put in cleartext the password for vftp

ftp_users passwords are still stored in crypt in mysql but proftpd can read them

motokochan · 11-25-2009 07:46 AM

I'm not sure what you mean by cleartext password for vftp. Could you explain?

johnnyrevell · 11-25-2009 06:31 PM

(11-25-2009 07:46 AM)motokochan Wrote: I'm not sure what you mean by cleartext password for vftp. Could you explain?

If I replace the crypted password in proftpd.conf with the password in clear (i.e. not encrypted) I chose for the vftp user during setup, and change the authentication from "Crypt" to "Plaintext Crypt", then proftp can then log in to mysql to authenticate ftp users logging in

johnnyrevell · 11-26-2009 09:16 PM

my mistake- the vftp password was autogenerated during set up and looked like an encrypted password in proftpd.conf.

SQLAuthTypes should be set to Crypt, and the password for SQLConnectInfo should indeed be in clear in proftpd.conf

thanks for the help

Threaded Mode \| Linear Mode [solved] debian 5 can not log in to proftpd
Author	Message