Server :: Vsftpd With Central Authentication, But Without Home Directory?
May 11, 2010
I am trying to build a ftp server with vsftpd. In general, I am not able to log in. I can only log in to the ftp server, if that same user is logged in to the server. I found out that this has to with my network setup. I am using OpenLDAP for centralized authentication and home directories are stored on an NFS server. The problem is that regular users are not allowed to log in to servers, therefore their home directories are not mounted. However I want to be able to give my users access to the ftp server without their home directories mounted. Is this possible with vsftpd and if so how do get this up and running. By the way, anonymous users are not allowed.
View 3 Replies
ADVERTISEMENT
Apr 13, 2011
Seismicmike here. My first post. I'll try to be as clear and concise as possible. For the sake of this post, I'm going to use 1.2.3.4 as a place holder for my public IP. On my web server, I would like to be able to access the /var/ftp directory through a web browser. I have successfully done so with Google Chrome, but I cannot access the directory in Firefox or IE. Both FF and IE ask me for authentication but then time out attempting to load the directory.
I suspect that there may be something up with switching to passive mode and/or that this issue may be more with my configuration of Firefox and not with the server (seeing as how Chrome works). Another possibility may be related to SSL. When I connect with FileZilla, I have to use the FTP over Explicit SSL/TLS option in order to connect. In any case I still would like to fix it. I would also like to avoid having to install FireFTP if at all possible.
Steps to reproduce (not that you can without my actual IP =J):
* Open Chrome
* Go to ftp://1.2.3.4
* Enter username
* Enter password
[code]....
View 10 Replies
View Related
Aug 22, 2010
I'm using Slackware 13.0 on my server and am going to be employing a file-sharing service for a client. I was able to enable a quota, but my problem now is keeping the user inside their home directory. I've searched around and found an old thread on here (from 2003) that gave me some ideas, but it still isn't working. Should I be running vsftpd standalone or leave it on the inetd? If I set the shell to /sbin/nologin or /bin/false, the user can't log in through FTP, even.
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
from /etc/passwd:
View 2 Replies
View Related
Aug 31, 2009
OS: CentOS 5.3
vsftpd ver: vsftpd-2.0.5-12.el5_3.1
I installed vsftpd server in one of my servers using "yum install vsftpd" command. NFS server is running in the other server and mounted as "/data" in this FTP server. root in FTP server has also root authority in NFS server. All the files and sub-folders under "/data" in FTP server have 755 or 766 mode. Even I modified vsftpd setting to allow root login.
When I login as root to FTP server with FileZilla client, I can see all the file list in root home directory and move to /data directory. I can download any file in a local HDD but I can not download any file in /data directory.
View 1 Replies
View Related
Mar 14, 2010
I've setup Kerberos and OpenLDAP servers (9.10) similar to the official documentation (and other sites that fill in the "gaps"). However, when you start to get in to some of the details, there seem to be many options - and I guess I'm looking for what could be the defacto standard. I'd like to allow Ubuntu clients to have a sso capability, with the ability for local caching of passwords if not connected to the network (such as a laptop user away from the office, prior to a VPN). I'd like to automount a secure NFS share somewhere in the /home directory. If the user logs in to a computer they've not logged in to before (if they're authorized), it would be nice if a skeleton /home directory could be setup there automatically I'm guessing that it is not desirable to use a shared /home NFS - as if you're off the network this would be problematic - as well as multiple computers sharing the same /home. There are some benefits to a shared /home (SSH certs, etc.), so maybe there is a hybrid approach out there.
I've read that it's not necessarily good practice to have OpenLDAP to do the authentication (leave this to Kerberos), but it's fine for authorization (such as ACLs for logins to certain computers). It's also good practice to use TLS with OpenLDAP (which requires public certs on all the clients) and to not allow anonymous read to the directory. I would guess that a computer host keytab could be refreshed to bind to the OpenLDAP server via GSSAPI / SASL to allow a non-anonymous read, and then determine if, say, the user was a member of a group allowed to log in. Kerberos would then pick up and authenticate the user and then proceed to the login. Off the network here, I'm not sure. I found this document, but it's self declared missing items: [URL]
I'll stop the rambling, but I cannot be the only one who would like to setup a relatively standard and secure server based network authentication and authorization back-end. Is there any _complete_ documentation on the best practices and how to implement?
View 4 Replies
View Related
Sep 7, 2010
I want to install a FTP server (VSFTPD) on my Redhat Enterprise Linux 5.5 and i want to use Active Directory LDAP (windows server 2008 enterprise) for authentication. I can't add my windows LDAP to FTP server. I try my best but i cant to config it.
View 6 Replies
View Related
Feb 21, 2011
I would like to ask how to addftp user in vsftpd with directory otherhan /home/ for example /var/www ?
View 1 Replies
View Related
Jan 19, 2010
I already have this setup working in a debian server but I would like to setup the same in CentOS 5.3. I just copied all the configuration files to the CentOS server but I'm getting the following errors in messages:
vsftpd: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)...
vsftpd: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)...
crond[24483]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
crond[24483]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
crond[24483]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
crond[24483]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...
[Code]...
View 2 Replies
View Related
May 25, 2011
How do I turn winbind authentication off or vsftpd. I keep getting these error messages in the /var/log/ secure:vsftpd: pam_winbind(vsftpd:auth): request failed: No such user, PAM error was User not known to the underlying authentication module (10), NT error was NT_STATUS_NO_SUCH_USER.I already tried remarking out different things in the config files. Is it safe to remark out the winbind stuff in /etc/pam.d/system-auth if we are using the smbclient to connect to a Windows share?Why would you want to to use AD to authenticate users for something simple like FTP is beyond me.I merely want it to authenticate against local system users.
View 3 Replies
View Related
Jul 3, 2009
I'm testing a Debian Lenny virtual machine to simulate my ideal setup for FTP server (with vsftpd): I want all internal users (corporation users with Active Directory accounts) to ftp into the same directory (i.e. /var/FTP/AD-DOMAIN/) and external users (customers) to ftp into their home directories (created manually on request).
I added user_config_dir=/etc/vsftpd_user_conf option in /etc/vsftpd.conf file and I've created /etc/vsftpd_user_conf/domain-user1 with local_root=/var/FTP/AD-DOMAIN
I have setup vsftp so I can ftp with every external and internal user chrooted and is working properly. AD validation for internal users and "normal" validation (via /etc/passwd) for external users work perfect.
I can FTP this server into /var/FTP/AD-DOMAIN with any AD user with its home directory created (i.e. /home/AD-DOMAIN/domain-user1/) but if I try to ftp with any AD user without its home directory created I get the error "500 OOPS: cannot change directory:/home/AD-DOMAIN/domain-user2"
I have found some references (http://wiki.flexion.org/FtpServer.html and http://howto.gumph.org/content/setup...ies-in-vsftpd/) about vsftp PAM authentication so I would supposedly get rid of the error message and the user would log into /var/FTP/AD-DOMAIN without problems, but I can't figure out how to setup my FTP server.
View 1 Replies
View Related
Feb 11, 2010
I am trying to ftp a whole directory tree using vsftpd as ftp server in fedora11
Code:
I am getting error while transfering a directory tree ...
View 1 Replies
View Related
Jul 22, 2010
I am replacing a home network - Windows Server 2003 and 5 PCs (XP Pro) with UBUNTU 10.4 LTS Server and client versions. I am keeping a couple of the PCs with dual boot until I can migrate everything over (Having some issues with iTunes, Family Tree Maker, Media serving, DVD decrypt and a couple of others, but that is for another post). It was great fun getting the server up and running using only shell commands. Took me ages just to get a folder shared! Migrating the data over from NTFS to ext3 was also fun given the limited space on the partitions.
I really only want to use the server for communal network type things ... central user account maintenance, shared folders for music, video etc and data backup. I don't need it to be performing server functions on the Internet e.g. web server etc although that may come later. How I set up central user management? All the PCs are currently setup with local user ids, and it is a bit of a pain to go round each PC every time I change something.
The server is not always up, so I need to be able to log into the local PC without it being active. I was using Active Directory on Server 2003, but I don't need anything that complex really ... just 3 or 4 users to manage. I have been looking at the setup tutorial at [URL] but am not sure how relevant a lot of it is. I have SSH setup so I can login remotely, NFS is working to share the folders, but that is about all I have done so far.
View 2 Replies
View Related
Nov 12, 2010
I have Centos ( and Postfix+ldap+dovecot ) TLS works with Postfix and LDAP. When I open evolution mail client I can browse ldap tree and search for users, send-receive mails ...all fine
View 3 Replies
View Related
Jun 28, 2010
I am setting up Fedora-13 with "389 directory server" for authentication. I had performed the following steps.
1. Install FD-13.
2. Yum install 389-ds.
3. Run script to configure.
4. Start 389-condole and create few group and user for testing.
I can see these user with "ldapsearch" and with "phpldapadmin". It looks my server is responding. However, I am unable to see any user name with "getent passwd". also "ssh server_user@server" is not able to login. Whereas "getent passwd" shows local user and "ssh local_user@server" is able to login. Also note that I am not using ssl, so want to avoid ssl.
View 9 Replies
View Related
Apr 20, 2010
I have an interdependent collection of scripts in my ~/bin directory as well as a developed ~/.vim directory and some other libraries and such in other subdirectories. I've been versioning all of this using git, and have realized that it would be potentially very easy and useful to do development and testing of new and existing scripts, vim plugins, etc. using a cloned repo, and then pull the working code into my actual home directory with a merge.
The easiest way to do this would seem to be to just change & export $HOME, eg
cd ~/testing; git clone ~ home
export HOME=~/testing/home
cd ~
screen -S testing-home
# start vim, write/revise plugins, edit scripts, etc.
# test revisions
However since I've never tried this before I'm concerned that some programs, environment variables, etc., may end up using my actual home directory instead of the exported one. Is this a viable strategy? Are there just a few outliers that I should be careful about?
View 1 Replies
View Related
Dec 30, 2010
I'm using squid 2.6, Win2008 AD server. Clients are using winxp, win7. how to config squid for the authentication with win2008 AD?
View 2 Replies
View Related
Nov 11, 2010
I have a squid server currently running with basic authentication. This is a must because we constantly have different people using different machines but the rules must be set per user, not per machine.
We also have a lot of users coming and going. So every time a new user comes to the office I have to manually create a user for him so he can authenticate.
Anyway.. We do not have any windows servers so no Active Directory. But I need some solution to pass the windows login to Squid.
First question: It seems I am using NTLM currently for samba as the person can map their home directories on their windows box withuot authenticating. Why can I not use it for squid?
Second question: Can I make my Centos server into an AD server?
View 1 Replies
View Related
Jun 15, 2010
I installed pure-ftpd over ubuntu 10.04.
I want to know how can I remove authentication from ftp server to access in ftp directory from browser.
View 3 Replies
View Related
Feb 10, 2011
Any clue? I'm using the same key for root login and it works fine (also works fine for SFTP but i hate using that cause its extremely slow)
View 2 Replies
View Related
Jan 28, 2010
I'm fairly new to Linux and very new to Squid and am having authentication issues! I am using Oracle Enterprise Linux (which is basically Red Hat without the branding) and wanting to use Squid Proxy Server for web access with authentication to Active Directory. I've found a number of articles about this online and all of them say to use auth program squid_ldap_conf which should be in /usr/lib/squid/. I don't have a squid directory in /usr/lib for starters and my squid binaries are in /etc/squid but there is no squid_ldap_conf in there either. I have installed the latest version of Squid (3.0) to see if that helped but I still cannot find the authorisation program.
View 3 Replies
View Related
Oct 5, 2010
I would like to be able to get squid or dansguardian to authenticate a user account against active directory so that a users browsing activities can be logged.
I can find lots a very useful info on how to set up ntlm_auth etc, but all of these methods produce a pop up window when the user launches the browser.
I'm posting this thread because I would like to be able to authenicate, but without a pop up window. Is there a way of automatically carrying out this authentication so that the user is unaware of it.
We've previously attempted authenticating against an NT4 PDC, but the users worked out that they could use any user account on the network, not just the user that was logged in which kinda defeated the whole idea of logging the users activity.
My current setup is:
Windows 2003 AD
Windows XP Clients, soon to be converted to windows 7.
Fedora 11 running squid and dansguardian.
View 2 Replies
View Related
Mar 8, 2011
setup user authentication server and internet accounting server like ISA and Active Directory in Windows?
View 4 Replies
View Related
Aug 25, 2010
i'm trying to setup a vsftpd server, SSL-enabled, based on local users with no shell access (/bin/false). I added /bin/false to /etc/shells so users can log in. I had a "GnuTLS error -8" at user login caused by the server sending a cleartext error message in SSL mode, so I disabled SSL and the error message came up at login:
USER privateftp
PASS ***************
500 OOPS: cannot change directory:/home/ftp/privateftp/
ACL are enabled and user privateftp has r-x rights on the directory. Changing user's shell has no effect. Changing directory POSIX owner has no effect.
my /etc/vsftpd.conf:
Code:
#VSFTPD CONFIG FILE (sites.google.com/nodiscc) (vsftpd.beasts.org)
#BOOLEAN OPTIONS
allow_anon_ssl=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
[Code].....
View 4 Replies
View Related
Feb 26, 2011
I have a server running Ubuntu server edition with SMB server all set up and running. I've set up the main root of the drive to be shared and I've set up a user in /etc/samba/smbusers to say root = "joeflood" so I can sign in as root using the username "joeflood". This works and I have read/write access to the filesystem (yay!). However, if I browse to /home/javawag (my main user home directory), I no longer have write permissions! I can see all the files in there and read them no problem, but writing is a no-go. I'm logged in as root though?! Btw, I can login via SSH and create folders/etc as root in the /home/javawag folder, and they showed up in the SMB mount on my mac too.
View 1 Replies
View Related
Dec 6, 2010
I have an NFS mount on the NIS client that I want to use as the home directory for all NIS users logging in, but I also want to retain the original /home directory for system users and root on the same client.The NFS mount is /nishome, and when I defined the NIS user on the the NIS server, I identified this mountpoint as the NIS users' home directory. This same NFS mount is mounted on the NIS server as well.
View 4 Replies
View Related
Oct 1, 2010
I want to change the the user and group of user kumata as kumara,but not getting change by using the below command. #chown -R kumara:kumara kumara
Getting using doesn't exist.
For reference find the below output.
[root@xyz ~]# /usr/bin/getent passwd | grep mathurr
mathurr:x:12271:12271:Mathur, Rajat X:/home/mathurr:/bin/bash
[root@xyz ~]# /usr/bin/getent passwd | grep kumara
kumara:x:12102:12102:Kumar, Abhishek X:/home/kumara:/bin/bash
[Code].....
View 10 Replies
View Related
Aug 3, 2010
I don't know what i have done by mistake.
[root@server1 ~]# su - user
su: warning: cannot change directory to /home/user: Permission denied
-bash: /home/user/.bash_profile: Permission denied
-bash-3.2$ cd ~
-bash: cd: /home/user: Permission denied
-bash-3.2$
View 2 Replies
View Related
Mar 31, 2011
I recently switched my secondary/kid's computer to run with linux. I am trying to download a game called wizards101 for them that they play frequently. I keep getting this message reading
Archive: /tmp/InstallWizard101-1.exe[/tmp/InstallWizard101-1.exe] End-of-central-directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk(s) of this archive. zipinfo: cannot find zipfile directory in one of /tmp/InstallWizard101-1.exe or /tmp/InstallWizard101-1.exe.zip, and cannot find /tmp/InstallWizard101-1.exe.ZIP,period.
I dont know what to do about getting it downloaded. I never had this problem downloading this game on windows.
View 1 Replies
View Related
Nov 1, 2010
is /home/Local_Data a directory located on your PC, or on a server? and how can we know that?
View 3 Replies
View Related
Jul 30, 2011
I am using NIS and I want to replace this with 389 ds. I have installed 389 ds and configured it. I could create user account from 389-console. But it does not create user home directory. Do I have to create user account and user home directory in linux first?
View 1 Replies
View Related
