# vsFTPd starts from xinetd, but is giving strange error.

## hunterhunter

-------------Hers's my config.

listen_address=192.168.1.123

anonymous_enable=NO

local_enable=YES

write_enable=YES

pasv_enable=YES

local_umask=077

max_clients=20

check_shell=NO

anon_upload_enable=NO

use_localtime=YES

listen_port=21

anon_mkdir_write_enable=NO

pasv_min_port=65500

pasv_max_port=65525

dirmessage_enable=NO

xferlog_enable=YES

chroot_local_user=YES

passwd_chroot_enable=YES

#connect_from_port_20=YES

#chown_uploads=YES

#chown_username=whoever

xferlog_file=/var/log/vsftpd.log

xferlog_std_format=YES

idle_session_timeout=600

data_connection_timeout=120

nopriv_user=nobody

#async_abor_enable=YES

#ascii_upload_enable=YES

#ascii_download_enable=YES

ftpd_banner=Attention user. If you're not a valid user then please log off immediately.

#deny_email_enable=YES

#banned_email_file=/etc/vsftpd.banned_emails

#chroot_list_enable=NO

#chroot_list_file=/etc/vsftpd.chroot_list

ls_recurse_enable=YES

ssl_enable=YES

ssl_sslv2=YES

ssl_sslv3=YES

ssl_tlsv1=YES

force_local_data_ssl=YES

force_local_logins_ssl=YES

rsa_cert_file=/usr/share/ssl/certs/vsftpd.pem

listen=NO

-------------Here's are the xinetd.d contents.

/etc/xinetd.d/

-rw-r--r-- 1 root root 630 Mar 29 14:31 vsftpd_secure

-------------Here are the contents of that file.

# default: on

# description:

# The vsftpd FTP server serves FTP connections. It uses

# normal, unencrypted usernames and passwords for authentication.

# vsftpd is designed to be secure.

service ftp

{

socket_type = stream

wait = no

user = root

server = /usr/local/sbin/vsftpd

# server_args = /etc/vsftpd_secure.conf

# log_on_success += DURATION USERID

# log_on_failure += USERID

nice = 10

disable = no

bind = 192.168.1.123

}

-------------Here is what I get when trying to connect.

Status: Connecting to 192.168.1.123 ...

Status: Connected with 192.168.1.123, negotiating SSL connection...

Response: 220 (vsFTPd 2.0.4)

Command: AUTH SSL

Response: 530 Please login with USER and PASS.

Error: Unable to connect!

Status: Waiting to retry... (5 retries left)

Error: Unable to connect!

Error: Interrupted by user!

I'm using a user name and password of an account on the system.

Their shell is /bin/false and it's in /etc/shells also.

The RSA certificate is in place too.

I'm stumped, completely stumped...

Thanks for the help

----------

## hunterhunter

Anybody??

Anybody at all??

----------

## badchien

I run ssl-enabled vsftpd but not through xinetd. Why don't you change to

```
listen=yes
```

and start vsftpd standalone first to make sure that works before you have xinetd invoking it. (you'll need to disable the xinetd listener first of course).

What ftp client are you using? Have you tried multiple clients? I'm less inclined to think that is the problem because it looks like the server is telling you to use plain login instead of SSL... but you never know.

----------

## hunterhunter

Now I'm getting this error. Makes no sense cause it's set to anonymous_enable=NO

500 OOPS: bad bool value in config file for: anonymous_enable

Strange

I tried a reinstall, with no avail...

----------

## badchien

Do you have trailing spaces after anonymous_enable=NO?

vsftpd does not like trailing spaces.

----------

## hunterhunter

Now it's working fine. Just one more problem.

I can connect, establish a connection, but no matter what I do. It says bad password....

Here

Status:	Connecting to 192.168.1.123 ...

Status:	Connected with 192.168.1.123, negotiating SSL connection...

Response:	220 Welcome to blah FTP service.

Command:	AUTH SSL

Response:	234 Proceed with negotiation.

Status:	SSL connection established. Waiting for welcome message...

Command:	USER rob

Response:	331 Please specify the password.

Command:	PASS ********

Response:	530 Login incorrect.

Error:	Unable to connect!

I don't get it... nothing logical points to this. Except one thing. The passwd, group, and shadow files were imported, but I don't see how that affects it. Especially considering that I've changed "rob's" password several times already. I can ssh to the machine too. But that requires /bin/bash. I've given ftp users /bin/false (it will still work so it's not the shell) I've used false on tons of other ftp servers.

Thanks !

----------

## badchien

I think you should change rob's shell to /bin/bash and try ftp again, just in case.

If that doesn't work, I think this could be an ftp client issue. I have found that not all ssl-capable ftp clients will successfully authenticate against my ssl-required vsftpd server. 

What client are you using? At a minimum I can tell you that net-ftp/ftp in portage works when emerged with the ssl use flag set, and windows people that connect to my server have reported success with filezilla. http://filezilla.sourceforge.net/

Edit: with the latter, server type is set to "FTP over TLS (explicit)"

----------

## hunterhunter

I've tried several clients. All report the same error. 

I even started over with a new config and I get the same thing.

Any other suggestions?

Thanks for the help btw.

----------

## hunterhunter

Oh and, the group, passwd, and shadow files are world readable.

I did copy these files onto this machine from another machine. Do you think that caused the conflict?

All three files are from the same distro too, same release as well.

Thanks

----------

