Re: Senha Incorreta Proftpd
Boa noite,
O Debian, por padrão, não permite que usuários sem shell e sem home acessem o sistema via FTP. Assim, é necessário modificar alguns parâmetros para liberar o acesso.
Como o arquivo /etc/shells é conferido no momento do acesso, uma maneira seria adicionar a shell criada para o user, que normalmente é /bin/false.
Uma outra maneira, é editar o arquivo /etc/pam.d/proftpd, e retirar a parte de validação da shell:
#auth required pam_shells.so
Espero que ajude.
On Wed, 7 Nov 2007 18:42:03 -0200
"LITLE TUX" <debian.developer@gmail.com> wrote:
> Ola galera instalei o proftpd em micro aqui na empresa quando tento
> logar com algum usuario da senha incorreta....
>
> Ja alterei a senha do usuario no shell e nada.... ja estou pirando com
> tantos problemas... é VPN é FTP .... to doido doido
>
> Seguem meu arquivo proftpd.conf
>
> #
> # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
> # To really apply changes reload proftpd after modifications.
> #
>
> # Includes DSO modules
> Include /etc/proftpd/modules.conf
>
> # Set off to disable IPv6 support which is annoying on IPv4 only boxes.
> UseIPv6 on
>
> ServerName "IDOM BR - FTP SERVER"
> ServerType standalone
> ServerAdmin fabio.pires@s4it.com.br
> DeferWelcome on
> SyslogFacility Auth
>
> MultilineRFC2228 on
> DefaultServer on
> ShowSymlinks on
> ServerIdent on
>
> TimeoutNoTransfer 600
> TimeoutStalled 600
> TimeoutIdle 1200
>
> DisplayLogin welcome.msg
> DisplayFirstChdir .message
> ListOptions "-l"
>
> DenyFilter \*.*/
>
> # Port 21 is the standard FTP port.
> Port 21
> DefaultRoot ~
> # In some cases you have to specify passive ports range to by-pass
> # firewall limitations. Ephemeral ports can be used for that, but
> # feel free to use a more narrow range.
> # PassivePorts 49152 65534
>
> # To prevent DoS attacks, set the maximum number of child processes
> # to 30. If you need to allow more than 30 concurrent connections
> # at once, simply increase this value. Note that this ONLY works
> # in standalone mode, in inetd mode you should use an inetd server
> # that allows you to limit maximum number of processes per service
> # (such as xinetd)
> MaxInstances 30
>
> # Set the user and group that the server normally runs at.
> User proftpd
> Group nogroup
>
> # Umask 022 is a good standard umask to prevent new files and dirs
> # (second parm) from being group and world writable.
> Umask 022 022
> # Normally, we want files to be overwriteable.
> AllowOverwrite on
>
> # Uncomment this if you are using NIS or LDAP to retrieve passwords:
> # PersistentPasswd off
>
> # Be warned: use of this directive impacts CPU average load!
> #
> # Uncomment this if you like to see progress and transfer rate with ftpwho
> # in downloads. That is not needed for uploads rates.
> # UseSendFile off
>
> TransferLog /var/log/proftpd/xferlog
> SystemLog /var/log/proftpd/proftpd.log
>
> <IfModule mod_tls.c>
> TLSEngine off
> </IfModule>
>
> <IfModule mod_quota.c>
> QuotaEngine on
> </IfModule>
>
> <IfModule mod_ratio.c>
> Ratios on
> </IfModule>
>
>
> # Delay engine reduces impact of the so-called Timing Attack described in
> # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
> # It is on by default.
> <IfModule mod_delay.c>
> DelayEngine on
> </IfModule>
>
> <IfModule mod_ctrls.c>
> ControlsEngine on
> ControlsMaxClients 2
> ControlsLog /var/log/proftpd/controls.log
> ControlsInterval 5
> ControlsSocket /var/run/proftpd/proftpd.sock
> </IfModule>
>
> <IfModule mod_ctrls_admin.c>
> AdminControlsEngine on
> </IfModule>
>
> # A basic anonymous configuration, no upload directories.
>
> # <Anonymous ~ftp>
> # User ftp
> # Group nogroup
> # # We want clients to be able to login with "anonymous" as well as "ftp"
> # UserAlias anonymous ftp
> # # Cosmetic changes, all files belongs to ftp user
> # DirFakeUser on ftp
> # DirFakeGroup on ftp
> #
> # RequireValidShell off
> #
> # # Limit the maximum number of anonymous logins
> # MaxClients 10
> #
> # # We want 'welcome.msg' displayed at login, and '.message' displayed
> # # in each newly chdired directory.
> # DisplayLogin welcome.msg
> # DisplayFirstChdir .message
> #
> # # Limit WRITE everywhere in the anonymous chroot
> # <Directory *>
> # <Limit WRITE>
> # DenyAll
> # </Limit>
> # </Directory>
> #
> # # Uncomment this if you're brave.
> # # <Directory incoming>
> # # # Umask 022 is a good standard umask to prevent new files and dirs
> # # # (second parm) from being group and world writable.
> # # Umask 022 022
> # # <Limit READ WRITE>
> # # DenyAll
> # # </Limit>
> # # <Limit STOR>
> # # AllowAll
> # # </Limit>
> # # </Directory>
> #
> # </Anonymous>
>
> Agradeço a todos
>
--
------------------------------
Marcello Barreto de Medeiros
Network Admin/Programmer
+55 84 3231 4617 [Office]
+55 84 9914 3254 [Mobile]
marcello@linconet.com.br [MSN]
Linconet Brasil
------------------------------
Reply to: