This is the mail archive of the
mailing list for the Cygwin project.
Re: proftpd issues
- From: Brian dot Kelly at Empireblue dot com
- To: cygwin at cygwin dot com
- Date: Sat, 9 Aug 2003 09:12:57 -0400
- Subject: Re: proftpd issues
> Fixes for what? If proftpd needs to switch user contexts (using Cygwin
> system calls), the account it runs under needs to have those rights.
I'm sorry Igor, I'm not giving you enough info. proftpd is being called
from xinetd which itself is being launched via init. *telnet* works fine
and authenticates BOTH local and domain ID's. So that *should* - correct
me if I'm wrong - eliminate the passwd and group file entries as culprits.
Especially since I'm using the very same domain ID for my testing.
- telnet 1**.24.2**.81
Connected to 1**.24.2**.81.
Escape character is '^]'.
CYGWIN_NT-5.0 1.3.22(0.78/3/2) (stp*****ftp2) (tty0)
You are successfully logged in to this server!!!
Connection closed by foreign host.
- ftp 172.24.200.81
Connected to 1**.24.2**.81.
220 ProFTPD 1.2.9rc1 Server (ProFTPD Default Installation) [stpn*****ftp2.
Name (1**.24.2**.81:bmk1n0): bmk1n0
331 Password required for bmk1n0.
530 Login incorrect.
ftp: Login failed.
421 Service not available, remote server has closed connection
########### NOW LOCAL ID - SAME AS PROFTPD IS SET TO #############
- ftp 1**.24.2**.81
Connected to 1**.24.2**.81.
220 ProFTPD 1.2.9rc1 Server (ProFTPD Default Installation) [stp*****ftp2.
Name (1**.24.2**.81:bmk1n0): root
331 Password required for root.
230 User root logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
Furthermore, if I change the ftp daemon to the one supplied with inetutils,
authentication works again.
The *root* ID was created as new local ID on the ftp2 box. I have
"Act as part of the operating system"
"Replace process level token"
It is a member of the administrator's group.
As you can see, the server runs with this ID, and authenticates this ID,
not Domain ID's.
Also, it simply will *not* run with the SYSTEM ID, although telnetd *is*
"Igor Pechtchanski" <email@example.com> on 08/08/2003 08:57:53 PM
Please respond to firstname.lastname@example.org
Subject: Re: proftpd issues
Fixes for what? If proftpd needs to switch user contexts (using Cygwin
system calls), the account it runs under needs to have those rights.
Period. If the SYSTEM account doesn't have those rights on your machine,
it's nothing that proftpd can fix. You'll just need to either create an
account with those rights, or add them to an existing account.
As for domain authentication, are the entries for the domain users you're
trying to authenticate present in your /etc/passwd file? Are their
corresponding groups in /etc/group? Just to eliminate that possibility,
could you please run "mkpasswd -d yourdomain >> /etc/passwd" and "mkgroup
-d yourdomain >> /etc/group" before trying again? You may want to save
backup copies of /etc/passwd and /etc/group first.
On Fri, 8 Aug 2003 Brian.Kelly@Empireblue.com wrote:
> Thanks for the response Igor. I'm working on W2K *Server* SP3. Maybe the
> Servers are more stict with the User Rights?? Domain authentication
> works fine for telnet, and inetutils ftpd - but *not* for proftpd. Any
> ideas? I think there's a test version of proftpd sitting out on the
> mirrors - perhaps it has fixes for this?
> Brian Kelly
> "Igor Pechtchanski" <email@example.com> on 08/08/2003 06:50:16 PM
> Please respond to firstname.lastname@example.org
> To: Brian.Kelly@empireblue.com
> cc: email@example.com
> Subject: Re: proftpd issues
> On Fri, 8 Aug 2003 Brian.Kelly@empireblue.com wrote:
> > Since having gotten xinetd working, I've shifted my effortst to the new
> > proftpd.
> > After another couple of hours of *pain* - I finally got it going in a
> > limited fashion.
> > First of all, I couldn't get it to start with the SYSTEM id as
> > in the proftpd.conf file.
> > I had to use a custom ID added to the Administrators group and having
> > following User Rights assigned:
> > "Act as part of the operating system"
> > "Replace process level token"
> > "Increase quotas"
> > Question: Do these rights *have* to granted to the SYSTEM id for
> > to work?
> Yes. Since you've as much as quoted from the ntsec userguide section,
> not going to bother citing a reference. The above rights are needed to
> switch user contexts. SYSTEM has it by default on most NT-based versions
> of Windows (but may not on some more recent ones, notably 2003 server).
> > Next - I could log on with local id's - but not with Domain id's. Is
> > proftpd set up to do domain authentication via ntsec??
> > If not, is there an ETA?
> > Brian Kelly
> Cygwin (ntsec) is already set up for domain authentication. However, to
> be able to authenticate a domain user, that domain user has to be in
> /etc/passwd (and his groups should most likely be in /etc/group). Make
> sure your /etc/passwd includes the users you're trying to authenticate.
|\ _,,,---,,_ firstname.lastname@example.org
ZZZzz /,`.-'`' -. ;-;;,_ email@example.com
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D.
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster." -- Patrick Naughton
"WellChoice, Inc." made the following
annotations on 08/09/2003 09:15:21 AM
Attention! This electronic message contains information that may be legally
confidential and/or privileged. The information is intended solely for the
individual or entity named above and access by anyone else is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution,
or use of the contents of this information is prohibited and may be unlawful.
If you have received this electronic transmission in error, please reply
immediately to the sender that you have received the message in error, and
delete it. Release/Disclosure Statement
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html