4

I'm trying to setup vsftpd to use logins from our domain. I want the ftp users to be able to login using their active directory username/password and have be able to have full access to /media/storage/ftp/username. I setup pptp using winbind and it is working fine, so I belive the issue is with vsftpd and pam. The ftp server runs and gives 530 for the login. I turned on debug for the pam module, but I see nothing in the syslog. Vsftp only logs a wrong login in its log.

/etc/pam.d/vsftpd

auth            required        pam_winbind.so debug

/etc/vsftpd.conf

listen=YES
listen_ipv6=NO
connect_from_port_20=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
xferlog_enable=YES

idle_session_timeout=600
data_connection_timeout=120
nopriv_user=ftp
ftpd_banner=Welcome to Scantiva! Authorized access only!

local_umask=022
local_root=/media/storage/ftp/$USER
user_sub_token=$USER

chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
guest_enable=YES
guest_username=ftp

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/ssl/private/vsftpd.pem
Castaglia
  • 3,349
  • 3
  • 21
  • 42
David
  • 41
  • 3

1 Answers1

1

(I am not certain if this applies to your case, but it solved my rejected vsftpd logins)

In /etc/pam.d/vsftpd (since you include pam_service_name=vsftpd), there is a line that reads:

auth required pam_shells.so

If this is not commented, users without a valid login shell (e.g /bin/false) won't be accepted even if username and password given are correct. You might want to comment out the line:

# auth required pam_shells.so

and try again.

ΤΖΩΤΖΙΟΥ
  • 1,048
  • 1
  • 10
  • 19