[Proftpd-user] AuthUserFile not working?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello,

	I am having problems getting AuthUserFile to work on my ProFTP server. 
Here is some relevant information:

The server is running a 2.4.20-xfs kernel, with Debian unstable.

adar@dh2:~$ /usr/sbin/proftpd -vv
  -          Version: 1.2.8 (stable)
  - Scoreboard Version: 01040001
  -      Build Stamp: do mrt 22 18:28:32 CET 2001

adar@dh2:~$ uname -a
Linux dh2 2.4.20-xfs #1 Tue Mar 25 07:18:39 PST 2003 i686 unknown 
unknown GNU/Linux

adar@dh2:~$ less /etc/proftpd.conf
ServerName                      "My server"
ServerType                      standalone

# Port 21 is the standard FTP port.
Port                            21

# Bind to local interfaces
Bind 192.168.0.1

ScoreBoardFile          /var/run/proftpd.scoreboard

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                                   022
TimeoutLogin            120
TimeoutIdle             300
TimeoutNoTransfer       900
TimeoutStalled          3600

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    30

# Set the user and group under which the server will run.
User                            nobody
Group                           nogroup
RequireValidShell               off

# AuthOrder             mod_auth_unix.c
AuthPAM                 off
PersistentPasswd        off
AuthPAMAuthoritative    off

AuthUserFile            /etc/ftp-credentials/ftpd.passwd
AuthGroupFile           /etc/ftp-credentials/ftpd.group

DefaultRoot                     /var/ftp-shares/

UseReverseDNS                   off

# Logging options
TransferLog                             /var/log/proftpd/xfer.log
# Some logging formats
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                               auth    "%v [%P] %h %t \"%r\" %s"
LogFormat                               write   "%h %l %u %t \"%r\" %s %b"

<Global>
         DisplayLogin         welcome.msg

         # having to delete before uploading is a pain ;)
         AllowOverwrite             yes

         # Turn off Ident lookups
         IdentLookups         off

         # Logging
         ExtendedLog             /var/log/proftpd/access.log WRITE,READ 
write
         ExtendedLog             /var/log/proftpd/auth.log AUTH auth
         ExtendedLog    /var/log/proftpd/paranoid.log ALL default
</Global>

<Limit WRITE>
         DenyALL
</Limit>

<VirtualHost fully.qualified.domain.name>

ServerAdmin                             adar
ServerName                              "my server"
MaxLoginAttempts                3
MaxClientsPerHost               1 "You were explicitly told not to 
connect twice. Congrats, you're a jackass.."
MaxClients                              10 "Oops, too many people here. 
  Take the party elsewhere."
RequireValidShell               no
DefaultRoot                             ~
AllowOverwrite                  yes
AllowRetrieveRestart    yes
AllowStoreRestart               yes

# Umask settings
Umask                                   002 002

         <Directory /var/ftp-shares/somedir>
                 <Limit Read>
                         AllowGroup hidden
                         DenyGroup hidden2
                         DenyAll
                 </Limit>
         </Directory>

	<Directory .... (more directory entries follow)>
</VirtualHost>

adar@dh2:~$ ls -l /etc | grep ftp
drwxr-xr-x    2 root     root         4096 Mar 30 02:01 ftp-credentials
-rw-r--r--    1 root     root          132 Oct 28 07:00 ftpusers
-rw-r--r--    1 root     root         3525 Mar 30 02:31 proftpd.conf

adar@dh2:~$ ls -l /etc/ftp-credentials/
-rw-r--r--    1 root     root           29 Mar 30 02:00 ftpd.group
-r--r--r--    1 root     root           72 Mar 30 02:01 ftpd.passwd

adar@dh2:~$ less /etc/ftp-credentials/ftpd.passwd
test:$1$V2anBvxH$Rv/liR7RQ.BYEGLfvHmHF.:1:1::/var/ftp-shares:/bin/false

adar@dh2:~$ less /etc/ftp-credentials/ftpd.group
hidden:x:1:test
hidden2:x:2:test

Using ftpasswd, I made the ftpd.passwd and ftpd.group files, specifying 
"test" as the password for the "test" user. However, when I try and log 
in, it fails, citing an invalid user error. Specifically:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\>ftp fully.qualified.domain.name
^C
C:\>ftp fully.qualified.domain.name
Connected to fully.qualified.domain.name.
220 ProFTPD 1.2.8 Server (My Server) [fully.qualified.domain.name]
User (fully.qualified.domain.name:(none)): test
331 Password required for test.
Password:
530 Login incorrect.
Login failed.
ftp>

On the server side, I ran:
dh2:/# /usr/sbin/proftpd -nd5 >& output

The output is:
dh2 - ProFTPD 1.2.8 (stable) (built do mrt 22 18:28:32 CET 2001) 
standalone mode STARTUP
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - connected - 
local  : my.ip:21
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - connected - 
remote : 192.168.0.2:3290
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - FTP session opened.
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - dispatching 
PRE_CMD command 'USER test' to mod_tls
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - dispatching 
PRE_CMD command 'USER test' to mod_core
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - dispatching 
PRE_CMD command 'USER test' to mod_core
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - dispatching 
PRE_CMD command 'USER test' to mod_auth
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - dispatching CMD 
command 'USER test' to mod_ratio
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - dispatching CMD 
command 'USER test' to mod_auth
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - no supplemental 
groups found for user 'test'
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - dispatching 
LOG_CMD command 'USER test' to mod_log
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - dispatching 
PRE_CMD command 'PASS (hidden)' to mod_tls
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - dispatching 
PRE_CMD command 'PASS (hidden)' to mod_core
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - dispatching 
PRE_CMD command 'PASS (hidden)' to mod_core
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - dispatching 
PRE_CMD command 'PASS (hidden)' to mod_auth
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - dispatching CMD 
command 'PASS (hidden)' to mod_auth
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - no supplemental 
groups found foruser 'test'
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - no such user 'test'
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - USER test: no 
such user found from 192.168.0.2 [192.168.0.2] to my.ip:21
fully.qualified.domain.name (192.168.0.2[192.168.0.2]) - dispatching 
LOG_CMD_ERR command 'PASS (hidden)' to mod_log

Some background on this network setup. I've got two computers. One is a 
Win2k box, (192.168.0.2), the other is a linux box (192.168.0.1 and 
my.ip). Proftpd is running the linux box. The two are connected via 
crossover cable (eth1 in the linux box), whereas the linux box is 
connected to the internet via eth0.

Another interesting fact is that if I try logging into the FTP with a 
user found in /etc/passwd, it works fine. That is, it seems that despite 
the AuthUserFile (and possibly AuthGroupFile) lines, authentication is 
being done off of the system's /etc/passwd and /etc/group files.

Sorry for deluging the post with debugging output, but I didn't want to 
start a thread with people asking me for info, so I just dumped 
everything I saw as relevant into this e-mail.

Thanks in advance!
-Adar