# ldap and proftpd problem [solved]

## spike666

I recently just had to reinstall Gentoo on my server. I had backed up /etc and my ldap directory along with some other misc files.

After configuring my system for ldap authentication, again, and installing all of my usual software (proftpd, apache, etc), I tested everything to make sure it was working before chucking the system back into the corner. I can log in fine to ssh using an ldap-only user account, apache is recognizing the home directories fine, and I can log in locally to proftpd with an ldap-only user account... BUT, when I try to connect from the outside through ftp, I get "Login Failed"

/var/log/messages pertaining to the failed ftp connection (my remote address has been censored):

```
Mar 23 09:21:52 fingerbib proftpd[10981]: fingerbib.darkerhosting.net (REMOTE_ADDRESS) - FTP session opened.

Mar 23 09:21:54 fingerbib proftpd[10981]: fingerbib.darkerhosting.net (REMOTE_ADDRESS) - no such user 'spike'

Mar 23 09:21:54 fingerbib proftpd[10981]: fingerbib.darkerhosting.net (REMOTE_ADDRESS) - USER spike: no such user found from REMOTE_ADDRESS to 216.254.69.123:21

Mar 23 09:21:54 fingerbib proftpd[10981]: fingerbib.darkerhosting.net (REMOTE_ADDRESS) - mod_delay/0.4: delaying for 14751 usecs

Mar 23 09:21:55 fingerbib proftpd[10981]: fingerbib.darkerhosting.net (REMOTE_ADDRESS) - FTP session closed.
```

when I log in locally, /var/log/messages shows all kinds of nice ldap talking and lookups... so why isn't it doing any lookups when I log in remotely? It was working before.

also, for clarity's sake, /etc/proftpd/proftpd.conf:

```
ServerName          "FingerbibFTP"

ServerType          standalone

DefaultServer       on

RequireValidShell   off

AuthPAM             on

AuthPAMConfig       ftp

DefaultRoot ~/

## get ldap working...

LDAPServer fingerbib.darkerhosting.net

LDAPDoAuth on "ou=people,dc=darkerhosting,dc=net"

LDAPAuthBinds on

LDAPDoGIDLookups on "ou=group,dc=darkerhosting,dc=net"

LDAPDoUIDLookups on "ou=people,dc=darkerhosting,dc=net"

#LDAPUseTLS on

#LDAPSearchScope onelevel

# Port 21 is the standard FTP port.

Port                            21

# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask                           022

# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd).

MaxInstances                    30

# Set the user and group under which the server will run.

#User                           proftpd

#Group                          proftpd

User                            ftp

Group                           ftp

# Normally, we want files to be overwriteable.

<Directory />

  AllowOverwrite                on

</Directory>

<VirtualHost ftp.darkerhosting.net>

        DefaultRoot ~

</VirtualHost>
```

----------

## spike666

ok, solved the problem.

After a week or so of pulling my hair out, I did 2 things in the long run that fixed it.

first, I remerged proftpd with pwdb as a USE variable (I was getting errors in /var/log/messages about /lib/security/pam_pwdb.so not being there):

```
# USE="pwdb" emerge proftpd
```

then, I had to make sure that hostname returned the same address that proftpd was using. Originally, it was just "fingerbib" but I changed it to "fingerbib.darkerhosting.net"

whew. now I'm happy.

----------

