FTP login gives pam auth failure (user and pass are correct!)

[raggar]

Hello!

I have a problem with the ftp module at a fresh installed zentyal server. And I also found some one else with the same problem: http://forum.zentyal.org/index.php/topic,13561.msg56136.html#msg56136

The problem:
I can't login using ftp with a user from the users group but I can login anonymous (when enabled...)
The user can login in the webmail.
I login with the username and the password from the user. These are correct! And Pam from "users and groups -> ldap settings" is enabled.

Looking at my auth.log it gives me:

Code: [Select]

vsftpd: pam_krb5(vsftpd:auth): authentication failure; logname=**** uid=0 euid=0 tty=ftp ruser=**** rhost=****
vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=***** rhost=*****  user=*****

I looked at the configuration of Pam for vsftp. This looks ok.

Code: [Select]

# Standard behaviour for ftpd(8).
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

# Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.

# Standard pam includes.
@include common-account
@include common-session

auth sufficient pam_krb5.so
auth sufficient pam_unix.so
auth required pam_deny.so
Has anyone an idea of where to look?

[Javier Amor Garcia]

Hello,

the past friday I could enter to ftp in my test system. Maybe vsftpd does not likes your user name or your password? .

Could you try with something simple like an user called 'mary' with password 'mary'?

[raggar]

Hi Javier,

Thanks for your reply! I tried it with mary but it didn't work... Any other ideas? 

[thorsten]

Hi Javier,

sorry for beeing penetrant:  FTP is not the only module concerned:

For me it is RADIUS, PROXY and at least ZARAFA-SSO. I even wrote a "Paranoia Thread" as I am shure there seems to be a really big bug in some central module.

THX for considering
Thorsten

[raggar]

Hi Thorsten!

Thanks for your reply! Do you have the link to that post? Maybe I can confirm a few thinks if I see whats your setup.

Raggar

[raggar]

Hi!

I found two post that likely have the same issue. Both are about 2 months old. Could this indeed be a bug?

http://forum.zentyal.org/index.php/topic,13561.msg56136.html#msg56136
http://forum.zentyal.org/index.php/topic,13401.msg56669.html#msg56669

[raggar]

The problem still exists. Anyone???

[raggar]

I tried a different ftp server (pure-ftpd) but I still have the same problem.

Looking at /etc/krb5.conf (see below) I see that the default_realm is not correct. I changed it, but still have the same problem. A few questions:
How do I know I have the right default_realm
Do I need to load the config file again? And how do I do that?

[

Code: [Select]

libdefaults]
    default_realm =
    dns_lookup_kdc = true
    dns_lookup_realm = true
    default_tgs_enctypes = arcfour-hmac-md5 des-cbc-md5 dec-cbc-crc
    default_tkt_enctypes = arcfour-hmac-md5 des-cbc-md5 dec-cbc-crc
    preferred_enctypes   = arcfour-hmac-md5 des-cbc-md5 dec-cbc-crc

[kadmin]
    default_keys = des-cbc-crc:pw-salt des-cbc-md5:pw-salt arcfour-hmac-md5:pw-salt aes256-cts-hmac-sha1-96:pw-salt aes128-cts-hmac-sha1-96:pw-salt