proftpd and FreeBSD

Leave a Comment / By /

proftpd and FreeBSD

This article describes how I got proftpd to work
with FreeBSD 3-3 STABLE.

Background

I recently upgraded a box from 3.3-RELEASE to
3.3-STABLE.   In the process, I encountered problems with proftpd
Specifically, anonymous login worked, but regular users could not log in.  The error
message was:

Dec  6 23:00:15 synergy proftpd[346]: unable to resolve symbol: 
                pam_sm_close_session
Dec  6 23:00:16 synergy proftpd[346]: PAM(dan): Authentication failure
Dec  6 23:00:16 synergy proftpd[346]: USER dan: incorrect password 
             from yourbox.yourdomain.org [10.0.0.20] to 10.0.0.100:21

My first port of call was the proftpd homepage at http://www.proftpd.org/
and I checked the http://hamster.wibble.org/proftpd/
questions on PAM.  I followed the suggestions (found there and in the FreeBSD mailing
list archives) and remove the entry from /etc/pam.conf (third line shown
below):

ftp auth    required    pam_unix.so         try_first_pass
ftp account required    pam_unix.so         try_first_pass
#ftp session required    pam_unix.so         try_first_pass

But this didn’t allow the user to login.  However, if I add the following option
to /usr/local/etc/proftpd.conf: 

AuthPAMAuthoritative off

the logins work but these errors remain:

Dec 7 00:04:07 synergy proftpd[3779]: PAM(dan): Authentication failure

Solution

At the prompting of someone from the FreeBSD Questions mailing list, I went to
archives at  http://www.proftpd.org/proftpd-l-archive/
and starting searching.  Eventually, I found http://www.proftpd.org/proftpd-l-archive/99-10/msg00632.html
which mentioned proftpd-1.2.0pre9.  I checked the ftp site at ftp://ftp.tos.net/pub/proftpd/ and found the
file in question.  I downloaded it, configured it, installed it, and it worked.

The install

First I fetched the tarball:

/usr/ports/ftp/
fetch -P ftp://ftp.tos.net/pub/proftpd/proftpd-1.2.0pre9.tar.gz
tar xvfz proftpd-1.2.0pre9.tar.gz
cd proftpd-1.2.0pre9

In the README file, you’ll find a reference to --enable-force-setpassent.
  I eventually figured out that this refers to a command line parameter to ./configure.
  You should also read INSTALL.

I ran the configure script like this:

install_user=nobody install_group=wheel ./configure 
                                          --enable-force-setpassent

This will run proftpd as user nobody in group wheel.

Note that the program will install to a different location than that of the port.

port

/usr/local/libexec/proftpd

this install

/usr/local/sbin/proftpd

I had the port, so first I deinstalled the port:

pkg_delete proftpd-1.2.0p8

The next step was:

make
make install

Don’t forget to update your startup script to reflect the new location:

more /usr/local/etc/rc.d/proftpd.sh
#!/bin/sh
/bin/mkdir -p /var/run/proftpd
if [ -x /usr/local/sbin/proftpd ]; then
        /usr/local/sbin/proftpd && echo -n ' proftpd'
fi

With this new version, I removed:

AuthPAMAuthoritative No

from /usr/local/etc/proftpd.conf so proftpd would use PAM.  
Actually, the logins worked with or without PAM.  So it’s your choice.

Leave a Comment

Scroll to Top