Zentyal 2.2.3 FTP - issue

[vshaulsk]

Hello,

I have been trying to setup the FTP module and have the following problem.

The FTP works properly if I disable ssl - support in the zentyal gui.

However if I enable either allow ssl or force ssl I can not make a connection to the ftp server.

I have been trying to use either filezilla or firfox fireftp.  However neither one seems to connect.

If I do    ftps://________:________@xxxx.zentyal.me  it tries to connect, but than always fails
in filezilla I have tried ftps, ftpes and both port 20 and 21, but it just keeps timing out and not connecting.

Has anyone tried using ftp with ssl?

[christian]

may I suggest you change, in Filezilla, URL from
ftps://your.server
to
ftpes://your.server notice the additional "e"
and do not specify port  , give a try and let us know...

[vshaulsk]

I have tried this as well, but it does not want to connect.

I just keep getting connection timed out
failed to retrieve directory listing

[vshaulsk]

I still can't get my FTP to work with SSL.

I created a help desk ticket: 3428

Unfortunately the zentyal staff member did not have the same problem as me.  He does however use a CLI based ftp browser and not a graphical one.

I am at a loss of what to try.....

I guess I could completely uninstall the module and try to reinstall it.... perhaps something happened to the configuration during my install.  Does anyone know what the command is to completely purge the FTP module?

Also one final questions... could my SSL certificate have anything to do why I can't connect to the FTPES?

Thank you !!!!

[prokamizak]

Hi, I think your problem is not the ftp-client but the user-rights.
You have to activate PAM and bash as default login shell in LDAP-options.
With "getent passwd" you can see the default login shell. 

[vshaulsk]

Oh very interesting.... I definitely do not have that setup for the users. 

Is there a way to add that to already established users?

[c4rdinal]

Did you see any interesting info in the logs that might help us diagnose your problem?

[vshaulsk]

No unfortunately I did not see anything in the logs that caught my attention.

However after reading prokamizak..... I can say that I do not have PAM authentication turned on for my users.  Perhaps this is really the problem.

I will give this a try.....   Is there a way to add PAM autherziation to users after I have already created them?   I see that the PAM options in the webGUI only applies to new users created after it has been enabled.

I would rather not recreate all my already established users.

Thank you !!!

[christian]

hmmm, I really don't see why lack of PAM would prevent SSL but authorize "standard" FTP access... 
my $ 0.02

On the other hand, I've to admit that I even didn't check whenever this FTP server is configured to rely on LDAP (in such case, PAM is NOT required) or relies on system authentication which has to implement PAM so that users can use FTP, with or without SSL...

[vshaulsk]

Well, I can test it pretty easily so we get an answer on whether PAM has anything to do with FTP with SSL turned on.

I will create a test user with PAM function tonight and see what happens. 

If its not a PAM authentication issue,  What else could be preventing FTP from connecting once SSL is enabled??   I remember this function working during the beta testing I did, but for the life of me I can't remember if I gave my test users PAM authentication or not.

[christian]

SSL has nothing to do with authentication (unless one decides to authenticate using full X509, meaning server AND client certificates) but this is not what is implemented here.
SSL is used here to establish secure tunnel.
On the other hand, PAM is for authentication only. Therefore my previous comment.

[vshaulsk]

What is PAM used for in Zentyal?  I have a windows only environment.....     I keep thinking you would use PAM if you have some Linux workstation.

[christian]

We are discussing about PAM used Zentyal server side: say, f.i. you have an application or service relying on server's operating system for authentication. If PAM is not activated on this server, then only "local" users will have access to this service or application while if PAM is used and configured, e.g. to rely on LDAP, accounts managed in LDAP will be able to authenticate and be seen, (from authentication standpoint, as "local like" accounts. Clearer now?

[vshaulsk]

Yes that makes sense..... I guess I never ran into an issue because I can't think of any programs or services that I currently use that require PAM. 

[christian]

Try to provide SSH access to one of your (LDAP) accounts without PAM...