Sometime ProFTPD session closed immediately after Login successful

Question

The version that I'm using:

ProFTPD Version: 1.3.3c (maint)
  Scoreboard Version: 01040003
  Built: Wed Dec 1 2010 16:41:40 ICT

Loaded modules:
  mod_cap/1.0
  mod_ldap/2.8.22
  mod_auth_pam/1.1
  mod_ident/1.0
  mod_facts/0.1
  mod_delay/0.6
  mod_site.c
  mod_log.c
  mod_ls.c
  mod_auth.c
  mod_auth_file/0.8.3
  mod_auth_unix.c
  mod_xfer.c
  mod_core.c

My proftpd.conf:

# This is a basic ProFTPD configuration file (rename it to 
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName          "ProFTPD Default Installation"
ServerType          standalone
DefaultServer           on

# Port 21 is the standard FTP port.
Port                21

# Don't use IPv6 support by default.
UseIPv6             off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask               002

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances            30

# Set the user and group under which the server will run.
User                nobody
Group               nobody

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite      on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
  User              ftp
  Group             ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias         anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients            10

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin          welcome.msg
  DisplayChdir          .message

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>


# ProFTPd LDAP Module
<IfModule mod_ldap.c>
    AuthOrder       mod_ldap.c
    LDAPServer      ldap.domain.com
    LDAPAttr        uid cn
#   LDAPAttr        uidNumber cn
#   LDAPAttr        gidNumber cn
    LDAPDNInfo      cn=anonymous,ou=it,dc=domain,dc=com xxx
    LDAPDoAuth      on ou=it,dc=domain,dc=com (cn=%u)
    RequireValidShell off
    #LDAPDoUIDLookups on ou=it,dc=domain,dc=com (cn=%u)
    LDAPDefaultUID  99
    LDAPDefaultGID  99
    LDAPAuthBinds   on
    #LDAPDoGIDLookups        off
    LDAPDefaultAuthScheme   clear
    PersistentPasswd        off
    LDAPGenerateHomedir     on  0755
    CreateHome              on  0755
    LDAPGenerateHomedirPrefix /home/proftpd
    LDAPForceGeneratedHomedir on
    DefaultRoot     ~
</IfModule>

<IfModule mod_delay.c>
    DelayEngine off
</IfModule>

# Define the log formats
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

The debugging information when connecting successfully:

Preparing to chroot to directory '/home/proftpd/quanta'
Environment successfully chroot()ed
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
dispatching POST_CMD command 'PASS (hidden)' to mod_cap
mod_cap/1.0: capabilities '= cap_net_bind_service,cap_audit_write+ep'
dispatching POST_CMD command 'PASS (hidden)' to mod_delay
dispatching POST_CMD command 'PASS (hidden)' to mod_log
dispatching POST_CMD command 'PASS (hidden)' to mod_ls
dispatching POST_CMD command 'PASS (hidden)' to mod_auth
dispatching POST_CMD command 'PASS (hidden)' to mod_xfer
dispatching POST_CMD command 'PASS (hidden)' to mod_core
dispatching LOG_CMD command 'PASS (hidden)' to mod_log
dispatching LOG_CMD command 'PASS (hidden)' to mod_auth
USER quanta: Login successful.
dispatching PRE_CMD command 'PWD' to mod_core
dispatching PRE_CMD command 'PWD' to mod_core
dispatching CMD command 'PWD' to mod_core
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
dispatching LOG_CMD command 'PWD' to mod_log
dispatching PRE_CMD command 'TYPE I' to mod_core
dispatching PRE_CMD command 'TYPE I' to mod_core
dispatching CMD command 'TYPE I' to mod_xfer
dispatching LOG_CMD command 'TYPE I' to mod_log
dispatching PRE_CMD command 'PASV' to mod_core
dispatching PRE_CMD command 'PASV' to mod_core
dispatching CMD command 'PASV' to mod_core
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
Entering Passive Mode (192,168,3,204,136,35).
dispatching LOG_CMD command 'PASV' to mod_log
dispatching PRE_CMD command 'MLSD' to mod_core
dispatching PRE_CMD command 'MLSD' to mod_core
dispatching CMD command 'MLSD' to mod_facts
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
passive data connection opened - local  : 192.168.3.204:34851
passive data connection opened - remote : 192.168.3.40:57622

and this one is displayed when timed out:

Preparing to chroot to directory '/home/proftpd/quanta'
Environment successfully chroot()ed
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
dispatching POST_CMD command 'PASS (hidden)' to mod_cap
mod_cap/1.0: capabilities '= cap_net_bind_service,cap_audit_write+ep'
dispatching POST_CMD command 'PASS (hidden)' to mod_delay
dispatching POST_CMD command 'PASS (hidden)' to mod_log
dispatching POST_CMD command 'PASS (hidden)' to mod_ls
dispatching POST_CMD command 'PASS (hidden)' to mod_auth
dispatching POST_CMD command 'PASS (hidden)' to mod_xfer
dispatching POST_CMD command 'PASS (hidden)' to mod_core
dispatching LOG_CMD command 'PASS (hidden)' to mod_log
dispatching LOG_CMD command 'PASS (hidden)' to mod_auth
USER quanta: Login successful.
mod_ldap/2.8.22: successfully unbound
mod_ldap/2.8.22: not unbinding to an already unbound connection.
FTP session closed.

In the client side, FileZilla shows:

Status: Connecting to 192.168.3.204:21...
Status: Connection established, waiting for welcome message...
Response:   220 ProFTPD 1.3.3c Server (ProFTPD Default Installation) [192.168.3.204]
Command:    USER quanta
Response:   331 Password required for quanta
Command:    PASS ********
Error:  Connection timed out
Error:  Could not connect to server

What may be the cause of this problem?

It looks like the passive mode data connection that the client is attempting to create isn't getting through. In this instance it's to the server's port `34851` - could there be anything blocking that? — Shane Madden, Jan 16 '12 at 17:23
No. This connection is made via VPN and I'm pretty sure there is nothing blocking the passive ports. — quanta, Jan 17 '12 at 04:28

score 2 · Accepted Answer · answered Jan 17 '12 at 04:32

2

LDAPServer      ldap.domain.com

I built a local DNS with dnsmasq and this domain is resolved via another server. It is the reason for slow authenticating. Use IP address instead of domain solved my problem.

answered Jan 17 '12 at 04:32

quanta

50,327
19
152
213

Sometime ProFTPD session closed immediately after Login successful

1 Answers1