# Pure-Ftpd password problem ?!?

## Hiro-Pro

I can't connect using any account to my ftp server.

```
zara root # pure-pw useradd hiro2 -u ftpuser -d -j /home/ftpusers/hiro2

Password:

Enter it again:

zara root # ftp localhost

Connected to localhost.

220-=(<*>)=-.:. (( Welcome to PureFTPd 1.0.11 )) .:.-=(<*>)=-

220-You are user number 1 of 30 allowed

220-Local time is now 15:44 and the load is 0.00. Server port: 21.

220 You will be disconnected after 15 minutes of inactivity.

Name (localhost:root): hiro2

331 User hiro2 OK. Password required

Password:

530 Authentication failed, sorry

Login failed.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> ls

530 You aren't logged in

ftp: bind: Address already in use

ftp> dir

530 You aren't logged in

ftp> exit

221-Goodbye. You uploaded 0 and downloaded 0 kbytes.

221 Logout - CPU time spent: 0.020 seconds.

zara root # nano /etc/conf.d/pure-ftpd

zara root # /etc/init.d/pure-ftpd restart

 * Stopping Pure-FTPd...                                                  [ ok ]

 * Starting Pure-FTPd...                                                  [ ok ]

zara root # ftp localhos

ftp: localhos: Unknown host

ftp> exit

zara root # ftp localhost

Connected to localhost.

220-=(<*>)=-.:. (( Welcome to PureFTPd 1.0.11 )) .:.-=(<*>)=-

220-You are user number 1 of 30 allowed

220-Local time is now 15:45 and the load is 0.00. Server port: 21.

220 You will be disconnected after 15 minutes of inactivity.

Name (localhost:root): hiro2

331 User hiro2 OK. Password required

Password:

530 Authentication failed, sorry

Login failed.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

ftp> exit

221-Goodbye. You uploaded 0 and downloaded 0 kbytes.

221 Logout - CPU time spent: 0.010 seconds.

```

Here my /etc/init.d/pure-ftpd

```

##Comment variables out to disable its features, or change the values in it... $

## This variable must be uncommented in order for the server to start ##

IS_CONFIGURED="yes"

## FTP Server,Port (separated by comma) ##

##SERVER="-S 172.16.0.2,21"

## Number of simultaneous connections in total, and per ip ##

MAX_CONN="-c 30"

MAX_CONN_IP="-C 10"

## Number of simultaneous connections in total, and per ip ##

MAX_CONN="-c 30"

MAX_CONN_IP="-C 10"

## If your FTP server is behind a NAT box, uncomment this ##

USE_NAT="-N"

## Authentication (others are 'pam', ...)##

AUTH="-l unix"

## Misc. Others ##

MISC_OTHER="-A -M -x -j -R"

## Start daemonized in background ##

DAEMON="-B"

## Don't allow uploads if the partition is more full then this var ##

DISK_FULL="-k 90%"

```

Thanks to all

----------

## Zu`

Can you see an entry in /etc/pureftpd.passwd that starts with hiro2?

----------

## Hiro-Pro

 *Zu` wrote:*   

> Can you see an entry in /etc/pureftpd.passwd that starts with hiro2?

 

Yes , look like this:

```
hiro2:$1$p2VmY7u0$.3qTB/WH2iMK/7lN3HtAn1:1001:407::-j/./::::::::::::
```

----------

## Zu`

Strange. According to http://www.pureftpd.org/README.Virtual-Users there should be a homedir in that line:

 *Quote:*   

> 
> 
> joe:$1$LX/3.F60$bYdYwsQOYIaWq.Ko.hfI3.:500:101::/home/ftpusers/joe/./::::::1000:10485760::::::
> 
> 

 

You issued:

```

pure-pw useradd hiro2 -u ftpuser -d -j /home/ftpusers/hiro2

```

Looking at the output of pure-pw --help there is no -j flag:

```

pure-pw useradd <login> [-f <passwd file>] -u <uid> [-g <gid>]

                -D/-d <home directory> [-c <gecos>]

                [-t <download bandwidth>] [-T <upload bandwidth>]

                [-n <max number of files>] [-N <max Mbytes>]

                [-q <upload ratio>] [-Q <download ratio>]

                [-r <allow client ip>/<mask>] [-R <deny client ip>/<mask>]

                [-i <allow local ip>/<mask>] [-I <deny local ip>/<mask>]

                [-z <hhmm>-<hhmm>] [-m]

```

It seems like your homedir is set to "-j"

To adjust this to /home/ftpusers/hiro2:

```

pure-pw usermod hiro2 -d /home/ftpusers/hiro2

```

Then try this to check if everything is ok:

```

pure-pw show hiro2

```

The ebuild seems ok, since it compiles with "--with-puredb" enabled. So it should work after this  :Wink: 

Greets

----------

## Zu`

On a sidenote, if you want that "-j" option, so it creates a homedir first time the user logs in, you have to specify it in /etc/conf.d/pure-ftpd, not here.

At the looks of your /etc/conf.d/pure-ftpd file you already have it in, so that's ok  :Wink: 

----------

## OdinsDream

I'm not sure about this useradd thing.. I just added a standard user to my system, made them part of the FTP group, and PureFTP picked that up. The root directory was automatically set to that user's home.

----------

## Zu`

 *OdinsDream wrote:*   

> I'm not sure about this useradd thing.. I just added a standard user to my system, made them part of the FTP group, and PureFTP picked that up. The root directory was automatically set to that user's home.

 

Sure, that's a method you can use.

But this about adding virtual users. Meaning, users that have an ftp account, but don't need a shell account. 

Check the docs on http://www.pureftpd.org/ fore more info.

----------

## CowboyNeal

 *Zu` wrote:*   

>  *OdinsDream wrote:*   I'm not sure about this useradd thing.. I just added a standard user to my system, made them part of the FTP group, and PureFTP picked that up. The root directory was automatically set to that user's home. 
> 
> Sure, that's a method you can use.
> 
> But this about adding virtual users. Meaning, users that have an ftp account, but don't need a shell account. 
> ...

 

I use vsftp, as far as I know it doesn't support virtual users because the author considers this as bloat. I agree, because one can add:

```

account        required     /lib/security/pam_access.so

```

to /etc/pam.d/system-auth

```

account  required  /lib/security/pam_access.so accessfile=/etc/security/ftpaccess.conf

```

to /etc/pam.d/vsftpd

```

-:ALL EXCEPT users:ALL

```

to /etc/security/access.conf

```

-:ALL EXCEPT ftp:ALL

```

to /etc/security/ftpaccess.conf (create this one yourself)

This way only people in the user-group can telnet/ssh (or su to another user in the user group), and people in the ftp-group can ftp. It's up to you to decide if you want people both in ftp and users... (since ftp passwords will be send in clear-text, it would be more secure to disable telnet and make the ftp and users groups disjunct).

----------

## bcressey

 *Quote:*   

> ## Authentication (others are 'pam', ...)## 
> 
> AUTH="-l unix" 

 

Your problem is this line. I assume that since you are using pure-pw and examining the contents of /etc/pureftpd.passwd that you want to use the puredb authentication method. 

Change the AUTH line to something like this:

AUTH="-l puredb:/etc/pureftpd.passwd"

----------

