VSFTPD 530 Login incorrect

Question

I'm trying to get a vsftpd server set up on CentOS 5.3 x64. I'm not able to get any local user login's to work. Here is my vsftpd.conf:

local_enable=YES
write_enable=YES
pam_service_name=vsftpd
connect_from_port_20=YES
listen=YES
pam_service_name=vsftpd
xferlog_std_format=NO
log_ftp_protocol=YES
chroot_local_user=YES

Here is the output of vsftp.log:

Mon Sep 13 23:34:44 2010 [pid 19243] CONNECT: Client "10.0.1.138"
Mon Sep 13 23:34:44 2010 [pid 19243] FTP response: Client "10.0.1.138", "220 (vsFTPd 2.0.5)"
Mon Sep 13 23:34:44 2010 [pid 19243] FTP command: Client "10.0.1.138", "USER dwelch"
Mon Sep 13 23:34:44 2010 [pid 19243] [dwelch] FTP response: Client "10.0.1.138", "331 Please specify the password."
Mon Sep 13 23:34:44 2010 [pid 19243] [dwelch] FTP command: Client "10.0.1.138", "PASS <password>"
Mon Sep 13 23:34:44 2010 [pid 19242] [dwelch] FAIL LOGIN: Client "10.0.1.138"
Mon Sep 13 23:34:45 2010 [pid 19243] [dwelch] FTP response: Client "10.0.1.138", "530 Login incorrect."

And the output of the secure log:

Sep 13 17:40:50 intra vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=dwelch rhost=10.0.1.138  user=dwelch

It looks like pam is not authenticating the user. Here is my /etc/pam.d/vsftp file:

#%PAM-1.0
session    optional     pam_keyinit.so    force revoke
auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth       required     pam_shells.so
auth       include      system-auth
account    include      system-auth
session    include      system-auth
session    required     pam_loginuid.so

Can anyone see what I'm missing? Thanks.

Answer 1

 vi /etc/pam.d/vsftp  

comment #auth required pam_shells.so

and then

service vsftpd restart

pam_shells.so means that only users with shells access should be allowed so that's why needs to be commented.

Answer 2

Does the user have a valid shell? I think it has to be in the /etc/shells list. Is the user definitely not the file /etc/vsftpd/ftpusers?

Make sure you definitely editing /etc/vsftpd/vsftpd.conf , that bit me on CentOS I was editing /etc/vsftpd.conf .

vsftpd can be a bit fiddly and is not great at reporting errors. Stick with it I was tearing my hair out at with a very similar problem, its always a simple solution.

Answer 3

In my case I resolved the same problem with the folowing:

vi /etc/pam.d/vsftpd

comment line #auth include system-auth

then

service vsftpd restart

Answer 4

This is not a proper answer, but a strategy that I found to serve me well:

Start commenting out lines in your /etc/pam.d/vsftp file, and see if (and when) it let you login. PAM is designed intentionally to report only success or failure, not reason.

Answer 5

do you only have one ftp server on your system? I had similar problems, and then low and behold I looked deeper into the issue and there were two ftp servers installed that were conflicting. I uninstalled one and the problem was fixed.

If you did the 'yum install vsftpd' you shouldn't have to mess with pam files (Somethings usually wrong when you start messing with PAM).

If that's not that run chkconfig --list | grep ftp and see what comes up ( see if vsftpd shows up there - if not something may be wrong with the install).

And my final suggestion would be to run a yum update.

Answer 6

vi /etc/passwd /bin/bash for your user