Miro Dietiker, MD Systems wrote: > Hello People > > I have a ProFTPD Version 1.2.10 on debian sarge (standard). > > After some days of runtime, proftpd hangs in a manner accepting > connection and asking for user credentials, but always failing to > authenticate. > After a simple restart (/etc/init.d/proftpd restart), the application > works again. > > In Background I use a standard /etc/pam.d/proftpd > #%PAM-1.0 > auth required pam_listfile.so item=user sense=deny > file=/etc/ftpusers onerr=succeed > @include common-auth > @include common-account > @include common-session > > Where commin-* uses libpam-ldap in a standard way. > > And nss is configured to read full user properties except password. > > This is the only service having such auth-locks and with ssh, login is > never a problem (even if I didn't restart it for months). > > A short view in my logfiles: > First before restarting the login failures as user "admin.abc" > > Feb 21 08:11:42 frankonia proftpd: (pam_unix) check pass; user unknown > Feb 21 08:11:42 frankonia proftpd: (pam_unix) authentication failure; > logname= uid=0 euid=0 tty= ruser= rhost=213.3.21.162 > Feb 21 08:12:23 frankonia proftpd: (pam_unix) check pass; user unknown > Feb 21 08:12:23 frankonia proftpd: (pam_unix) authentication failure; > logname= uid=0 euid=0 tty= ruser= rhost=213.3.21.162 > > And right after the restart a successful login > > Feb 21 08:12:23 frankonia proftpd: (pam_unix) session opened for user > admin.abc by (uid=0) > Feb 21 08:12:23 frankonia proftpd[24398]: frankonia (X.X.X.X[x.x.x.x]) - > USER admin.abc: Login successful. > Feb 21 08:12:25 frankonia proftpd: (pam_unix) session closed for user > admin.abc > > I then began restarting proftpd daily, but some days ago this effect > already appeared 3 hours after restart. > > Any input to me for that case? > Currently, proftpd is very unreliable for this production environment. I too have had recent problems with ProFTPD's LDAP module. I do not use FTP access too often, but a few weeks ago I discovered it wasn't working, it would connect and then immediately terminate the connection. When I looked at the logs it was dying on the LDAP lookup. I hadn't changed anything from a working config, so it must have been an update that did it. Anyway, the only way I could get it working again was to simply disable the LDAP options in the config file and rely on pam-ldap for my authentication. The net result was the same so I'm not too bothered, maybe that would work for you too if you're already using it? - Jamie
Attachment:
signature.asc
Description: OpenPGP digital signature