proftpd and FreeBSD
This article describes how I got proftpd to work with FreeBSD 3-3 STABLE.Background
I recently upgraded a box from 3.3-RELEASE to 3.3-STABLE. In the process, I encountered problems with proftpd. Specifically, anonymous login worked, but regular users could not log in. The error message was:
Dec 6 23:00:15 synergy proftpd[346]: unable to resolve symbol:
pam_sm_close_session
Dec 6 23:00:16 synergy proftpd[346]: PAM(dan): Authentication failure
Dec 6 23:00:16 synergy proftpd[346]: USER dan: incorrect password
from yourbox.yourdomain.org [10.0.0.20] to 10.0.0.100:21
My first port of call was the proftpd homepage at http://www.proftpd.org/ and I checked the http://hamster.wibble.org/proftpd/ questions on PAM. I followed the suggestions (found there and in the FreeBSD mailing list archives) and remove the entry from /etc/pam.conf (third line shown below):
ftp auth required pam_unix.so try_first_pass ftp account required pam_unix.so try_first_pass #ftp session required pam_unix.so try_first_pass
But this didn’t allow the user to login. However, if I add the following option to /usr/local/etc/proftpd.conf:
AuthPAMAuthoritative off
the logins work but these errors remain:
Dec 7 00:04:07 synergy proftpd[3779]: PAM(dan): Authentication failure
Solution
At the prompting of someone from the FreeBSD Questions mailing list, I went to archives at http://www.proftpd.org/proftpd-l-archive/ and starting searching. Eventually, I found http://www.proftpd.org/proftpd-l-archive/99-10/msg00632.html which mentioned proftpd-1.2.0pre9. I checked the ftp site at ftp://ftp.tos.net/pub/proftpd/ and found the file in question. I downloaded it, configured it, installed it, and it worked.The install
First I fetched the tarball:/usr/ports/ftp/ fetch -P ftp://ftp.tos.net/pub/proftpd/proftpd-1.2.0pre9.tar.gz tar xvfz proftpd-1.2.0pre9.tar.gz cd proftpd-1.2.0pre9
In the README file, you’ll find a reference to --enable-force-setpassent. I eventually figured out that this refers to a command line parameter to ./configure. You should also read INSTALL.
I ran the configure script like this:
install_user=nobody install_group=wheel ./configure
--enable-force-setpassent
This will run proftpd as user nobody in group wheel.
Note that the program will install to a different location than that of the port.
port /usr/local/libexec/proftpd this install /usr/local/sbin/proftpd
I had the port, so first I deinstalled the port:
pkg_delete proftpd-1.2.0p8
The next step was:
make make install
Don’t forget to update your startup script to reflect the new location:
more /usr/local/etc/rc.d/proftpd.sh
#!/bin/sh
/bin/mkdir -p /var/run/proftpd
if [ -x /usr/local/sbin/proftpd ]; then
/usr/local/sbin/proftpd && echo -n ' proftpd'
fi
With this new version, I removed:
AuthPAMAuthoritative No
from /usr/local/etc/proftpd.conf so proftpd would use PAM. Actually, the logins worked with or without PAM. So it’s your choice.