# vsftpd login not working

## selim

Since my latest update to version 2.0.4/2.0.5 I can't login to my ftp accounts anymore. Every time I try to I get the error: "Login incorrect" 

Anyone some idea what this could be?

----------

## elvanor

Have you checked your vsftpd config file?

Uncomment the line:

 local_enable=YES

----------

## edveri

I'm having a similar problem, but only for remote users. I can logon from my local network, but trying to log in from outside I get:

```

[19:26:05] Connected to XXX.org.

[19:26:05] 220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to change.

[19:26:05] USER erik

[19:26:05] 331  Password required.

[19:26:05] PASS (hidden)

[19:26:05] 530 Permission denied

```

And yes, user/ passw are correct  :Smile: . 

My vsftpd.conf:

```

dirmessage_enable=YES

# banner_file=/etc/vsftpd/vsftpd.banner # edit banner first

chown_uploads=NO

xferlog_enable=YES

idle_session_timeout=600

data_connection_timeout=120

ascii_upload_enable=NO

ascii_download_enable=NO

chroot_list_enable=YES

#background=YES

listen=YES

ls_recurse_enable=NO

anonymous_enable=NO

anon_upload_enable=NO

anon_mkdir_write_enable=NO

local_enable=YES

write_enable=YES

```

Any help with this would be highly appreciated.

----------

## elvanor

Try to check your vsftpd logs, what do they say?

----------

## edveri

No entries in the log for the remote attempts at all. For the successfull ones I do have:

```

Sun Mar 18 21:35:25 2007 [pid 8955] [nith] OK LOGIN: Client "10.0.0.3"

```

I am behind NAT, but have forwared port 20 and 21 to my server.

----------

## edveri

However.. from /var/log/messages I get: 

```

Mar 19 02:42:09 whitebox ftp(pam_unix)[10579]: authentication failure; logname= uid=0 euid=0 tty=ftp ruser=nith rhost=193.xxx.xxx.xxx  user=nith

```

I have also tried putting the server to listen on different ports, still doesn't work.

----------

## elvanor

If you don't see entries at all in your vsftp log, then the problem is probably not related to vsftpd... Are you running vsftpd in standalone mode or through a super server (xinetd) ?

Elvanor

----------

## edveri

I'm running the server in standalone mode.

----------

## nutbar21

Do a 

```
netstat  -natp
```

 to see what network applications are currently running and if their ports are opened properly.  Since your log isn't even being written, ensure that vsftpd is indeed running and ensure that your firewall isn't blocking the port.

----------

## Merlin-TC

Did anyone find out what the problem is?

I think it is pam related since I have this in my log when I try to login to vsftpd

```

Apr  9 10:36:28 [pam_userdb] user_lookup: could not open database `/etc/vsftpd_login'

```

I will investigate this further when I am back from work.

----------

## edveri

Time to bump this thread  :Wink: .

I haven't had time to do anything more about this last couple of months, but I'm now in need of an ftp server again. Same problem still occurs. I can log in from remote computers via SSH, but not by FTP. I'm positive it's not my firewall blocking it. Tried both vsftpd and proftpd.

```
# netstat -natp

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      27613/vsftpd

tcp        0      0 :::22                   :::*                    LISTEN      7849/sshd

tcp        0      0 ::ffff:10.0.0.4:22      ::ffff:10.0.0.2:51916   ESTABLISHED 7889/0
```

and my vsftpd.conf:

```
 cat /etc/vsftpd/vsftpd.conf

# Example config file /etc/vsftpd/vsftpd.conf

#

# The default compiled in settings are fairly paranoid. This sample file

# loosens things up a bit, to make the ftp daemon more usable.

# Please see vsftpd.conf.5 for all compiled in defaults.

#

# READ THIS: This example file is NOT an exhaustive list of vsftpd options.

# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's

# capabilities.

#

# Listen on IPv4. xinet users must set NO or comment out

# otherwise it must be set YES

listen=YES

#

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).

anonymous_enable=NO

#

# Uncomment this to allow local users to log in.

local_enable=YES

#

# Uncomment this to enable any form of FTP write command.

#write_enable=YES

#

# Default umask for local users is 077. You may wish to change this to 022,

# if your users expect that (022 is used by most other ftpd's)

#local_umask=022

#

# Uncomment this to allow the anonymous FTP user to upload files. This only

# has an effect if the above global write enable is activated. Also, you will

# obviously need to create a directory writable by the FTP user.

#anon_upload_enable=YES

#

# Uncomment this if you want the anonymous FTP user to be able to create

# new directories.

#anon_mkdir_write_enable=YES

#

# Activate directory messages - messages given to remote users when they

# go into a certain directory.

dirmessage_enable=YES

#

# Activate logging of uploads/downloads.

xferlog_enable=YES

#

# Make sure PORT transfer connections originate from port 20 (ftp-data).

connect_from_port_20=YES

#

# If you want, you can arrange for uploaded anonymous files to be owned by

# a different user. Note! Using "root" for uploaded files is not

# recommended!

#chown_uploads=YES

#chown_username=whoever

#

# You may override where the log file goes if you like. The default is shown

# below.

#xferlog_file=/var/log/vsftpd.log

#

# If you want, you can have your log file in standard ftpd xferlog format

#xferlog_std_format=YES

#

# You may change the default value for timing out an idle session.

#idle_session_timeout=600

#

# You may change the default value for timing out a data connection.

#data_connection_timeout=120

#

# It is recommended that you define on your system a unique user which the

# ftp server can use as a totally isolated and unprivileged user.

#nopriv_user=ftpsecure

#

# Enable this and the server will recognise asynchronous ABOR requests. Not

# recommended for security (the code is non-trivial). Not enabling it,

# however, may confuse older FTP clients.

#async_abor_enable=YES

#

# By default the server will pretend to allow ASCII mode but in fact ignore

# the request. Turn on the below options to have the server actually do ASCII

# mangling on files when in ASCII mode.

# Beware that on some FTP servers, ASCII support allows a denial of service

# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd

# predicted this attack and has always been safe, reporting the size of the

# raw file.

# ASCII mangling is a horrible feature of the protocol.

#ascii_upload_enable=YES

#ascii_download_enable=YES

#

# You may fully customise the login banner string:

ftpd_banner=Welcome to blah FTP service.

#

# You may specify a file of disallowed anonymous e-mail addresses. Apparently

# useful for combatting certain DoS attacks.

#deny_email_enable=YES

# (default follows)

#banned_email_file=/etc/vsftpd/banned_emails

#

# You may specify an explicit list of local users to chroot() to their home

# directory. If chroot_local_user is YES, then this list becomes a list of

# users to NOT chroot().

#chroot_list_enable=YES

# (default follows)

#chroot_list_file=/etc/vsftpd/chroot_list

#

# You may activate the "-R" option to the builtin ls. This is disabled by

# default to avoid remote users being able to cause excessive I/O on large

# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

# the presence of the "-R" option, so there is a strong case for enabling it.

#ls_recurse_enable=YES

```

Very frustrating, any help would be highly appreciated.

----------

## Merlin-TC

I found my problem and it was of course my fault...I did change the /etc/pam.d/ftp but I don't think that is your problem if you never touched that file.

What is the output the log /var/log/vsftpd.log and /var/log/everything (depends on what logger you are using).?

----------

## edveri

Nope, I haven't touched /etc/pam.d/ftp . 

This is a completly new, clean install of Gentoo, just put it up last night. 

My /var/log/vsftpd:

```
Tue May 15 00:20:39 2007 [pid 8928] CONNECT: Client "10.0.0.2"

Tue May 15 00:20:39 2007 [pid 8927] [erik] OK LOGIN: Client "10.0.0.2"

Tue May 15 00:20:44 2007 [pid 8931] CONNECT: Client "10.0.0.2"

Tue May 15 00:20:44 2007 [pid 8930] [erik] OK LOGIN: Client "10.0.0.2"

Tue May 15 00:36:11 2007 [pid 8967] CONNECT: Client "10.0.0.2"

Tue May 15 00:36:11 2007 [pid 8966] [erik] OK LOGIN: Client "10.0.0.2"

Tue May 15 01:35:45 2007 [pid 27643] CONNECT: Client "10.0.0.2"

Tue May 15 01:35:45 2007 [pid 27642] [erik] OK LOGIN: Client "10.0.0.2"

Tue May 15 01:36:05 2007 [pid 27646] CONNECT: Client "10.0.0.2"

Tue May 15 01:36:05 2007 [pid 27645] [erik] OK LOGIN: Client "10.0.0.2"

Tue May 15 09:28:03 2007 [pid 28251] CONNECT: Client "10.0.0.3"

Tue May 15 09:28:09 2007 [pid 28250] [erik] OK LOGIN: Client "10.0.0.3"

Tue May 15 09:30:24 2007 [pid 28266] CONNECT: Client "10.0.0.3"

Tue May 15 09:30:32 2007 [pid 28265] [root] FAIL LOGIN: Client "10.0.0.3"
```

..so only messages from my local network here. 

My /etc/pam.d/ftp:

```
# Provided by ftpbase (dont remove this line!)

# Standard pam.d file for ftp service packages.

# $Header: /var/cvsroot/gentoo-x86/net-ftp/ftpbase/files/ftp-pamd-include,v 1.1 2005/06/28 14:52:26 uberlord Exp $

auth     required  pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

auth     include   system-auth

# If this is enabled, anonymous logins will fail because the 'ftp' user does

# not have a "valid" shell, as listed in /etc/shells.

#

# If you enable this, it is recommended that you do *not* give the 'ftp'

# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and

# add /bin/false to /etc/shells.

# auth     required  pam_shells.so

account  include   system-auth

session  include   system-auth

```

Other logfiles:

```

# cat lastlog

�Fpts/0erik-win.lan�IFpts/1fwcv.nki.no

```

----------

## Merlin-TC

How does your network topology look like?

How do you connect to the net and which computer does?

What firewall are you running?

I don't think it's a problem with the configuration of vsftpd.

----------

