proftpd and FreeBSD
This article describes how I got proftpd to work
with FreeBSD 3-3 STABLE.
Background
I recently upgraded a box from 3.3-RELEASE to
3.3-STABLE. In the process, I encountered problems with proftpd.
Specifically, anonymous login worked, but regular users could not log in. The error
message was:
Dec 6 23:00:15 synergy proftpd[346]: unable to resolve symbol: pam_sm_close_session Dec 6 23:00:16 synergy proftpd[346]: PAM(dan): Authentication failure Dec 6 23:00:16 synergy proftpd[346]: USER dan: incorrect password from yourbox.yourdomain.org [10.0.0.20] to 10.0.0.100:21
My first port of call was the proftpd homepage at http://www.proftpd.org/
and I checked the http://hamster.wibble.org/proftpd/
questions on PAM. I followed the suggestions (found there and in the FreeBSD mailing
list archives) and remove the entry from /etc/pam.conf (third line shown
below):
ftp auth required pam_unix.so try_first_pass ftp account required pam_unix.so try_first_pass #ftp session required pam_unix.so try_first_pass
But this didn’t allow the user to login. However, if I add the following option
to /usr/local/etc/proftpd.conf:
AuthPAMAuthoritative off
the logins work but these errors remain:
Dec 7 00:04:07 synergy proftpd[3779]: PAM(dan): Authentication failure
Solution
At the prompting of someone from the FreeBSD Questions mailing list, I went to
archives at http://www.proftpd.org/proftpd-l-archive/
and starting searching. Eventually, I found http://www.proftpd.org/proftpd-l-archive/99-10/msg00632.html
which mentioned proftpd-1.2.0pre9. I checked the ftp site at ftp://ftp.tos.net/pub/proftpd/ and found the
file in question. I downloaded it, configured it, installed it, and it worked.
The install
First I fetched the tarball:
/usr/ports/ftp/ fetch -P ftp://ftp.tos.net/pub/proftpd/proftpd-1.2.0pre9.tar.gz tar xvfz proftpd-1.2.0pre9.tar.gz cd proftpd-1.2.0pre9
In the README file, you’ll find a reference to --enable-force-setpassent.
I eventually figured out that this refers to a command line parameter to ./configure.
You should also read INSTALL.
I ran the configure script like this:
install_user=nobody install_group=wheel ./configure --enable-force-setpassent
This will run proftpd as user nobody in group wheel.
Note that the program will install to a different location than that of the port.
port /usr/local/libexec/proftpd this install /usr/local/sbin/proftpd
I had the port, so first I deinstalled the port:
pkg_delete proftpd-1.2.0p8
The next step was:
make make install
Don’t forget to update your startup script to reflect the new location:
more /usr/local/etc/rc.d/proftpd.sh #!/bin/sh /bin/mkdir -p /var/run/proftpd if [ -x /usr/local/sbin/proftpd ]; then /usr/local/sbin/proftpd && echo -n ' proftpd' fi
With this new version, I removed:
AuthPAMAuthoritative No
from /usr/local/etc/proftpd.conf so proftpd would use PAM.
Actually, the logins worked with or without PAM. So it’s your choice.