Назад | Перейти на главную страницу

Иногда сессия ProFTPD закрывается сразу после успешного входа в систему

Версия, которую я использую:

ProFTPD Version: 1.3.3c (maint)
  Scoreboard Version: 01040003
  Built: Wed Dec 1 2010 16:41:40 ICT

Loaded modules:
  mod_cap/1.0
  mod_ldap/2.8.22
  mod_auth_pam/1.1
  mod_ident/1.0
  mod_facts/0.1
  mod_delay/0.6
  mod_site.c
  mod_log.c
  mod_ls.c
  mod_auth.c
  mod_auth_file/0.8.3
  mod_auth_unix.c
  mod_xfer.c
  mod_core.c

Мой proftpd.conf:

# This is a basic ProFTPD configuration file (rename it to 
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName          "ProFTPD Default Installation"
ServerType          standalone
DefaultServer           on

# Port 21 is the standard FTP port.
Port                21

# Don't use IPv6 support by default.
UseIPv6             off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask               002

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances            30

# Set the user and group under which the server will run.
User                nobody
Group               nobody

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite      on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
  User              ftp
  Group             ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias         anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients            10

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin          welcome.msg
  DisplayChdir          .message

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>


# ProFTPd LDAP Module
<IfModule mod_ldap.c>
    AuthOrder       mod_ldap.c
    LDAPServer      ldap.domain.com
    LDAPAttr        uid cn
#   LDAPAttr        uidNumber cn
#   LDAPAttr        gidNumber cn
    LDAPDNInfo      cn=anonymous,ou=it,dc=domain,dc=com xxx
    LDAPDoAuth      on ou=it,dc=domain,dc=com (cn=%u)
    RequireValidShell off
    #LDAPDoUIDLookups on ou=it,dc=domain,dc=com (cn=%u)
    LDAPDefaultUID  99
    LDAPDefaultGID  99
    LDAPAuthBinds   on
    #LDAPDoGIDLookups        off
    LDAPDefaultAuthScheme   clear
    PersistentPasswd        off
    LDAPGenerateHomedir     on  0755
    CreateHome              on  0755
    LDAPGenerateHomedirPrefix /home/proftpd
    LDAPForceGeneratedHomedir on
    DefaultRoot     ~
</IfModule>

<IfModule mod_delay.c>
    DelayEngine off
</IfModule>

# Define the log formats
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

Отладочная информация при успешном подключении:

Preparing to chroot to directory '/home/proftpd/quanta'
Environment successfully chroot()ed
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
dispatching POST_CMD command 'PASS (hidden)' to mod_cap
mod_cap/1.0: capabilities '= cap_net_bind_service,cap_audit_write+ep'
dispatching POST_CMD command 'PASS (hidden)' to mod_delay
dispatching POST_CMD command 'PASS (hidden)' to mod_log
dispatching POST_CMD command 'PASS (hidden)' to mod_ls
dispatching POST_CMD command 'PASS (hidden)' to mod_auth
dispatching POST_CMD command 'PASS (hidden)' to mod_xfer
dispatching POST_CMD command 'PASS (hidden)' to mod_core
dispatching LOG_CMD command 'PASS (hidden)' to mod_log
dispatching LOG_CMD command 'PASS (hidden)' to mod_auth
USER quanta: Login successful.
dispatching PRE_CMD command 'PWD' to mod_core
dispatching PRE_CMD command 'PWD' to mod_core
dispatching CMD command 'PWD' to mod_core
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
dispatching LOG_CMD command 'PWD' to mod_log
dispatching PRE_CMD command 'TYPE I' to mod_core
dispatching PRE_CMD command 'TYPE I' to mod_core
dispatching CMD command 'TYPE I' to mod_xfer
dispatching LOG_CMD command 'TYPE I' to mod_log
dispatching PRE_CMD command 'PASV' to mod_core
dispatching PRE_CMD command 'PASV' to mod_core
dispatching CMD command 'PASV' to mod_core
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
Entering Passive Mode (192,168,3,204,136,35).
dispatching LOG_CMD command 'PASV' to mod_log
dispatching PRE_CMD command 'MLSD' to mod_core
dispatching PRE_CMD command 'MLSD' to mod_core
dispatching CMD command 'MLSD' to mod_facts
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
passive data connection opened - local  : 192.168.3.204:34851
passive data connection opened - remote : 192.168.3.40:57622

и этот отображается по истечении времени ожидания:

Preparing to chroot to directory '/home/proftpd/quanta'
Environment successfully chroot()ed
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
dispatching POST_CMD command 'PASS (hidden)' to mod_cap
mod_cap/1.0: capabilities '= cap_net_bind_service,cap_audit_write+ep'
dispatching POST_CMD command 'PASS (hidden)' to mod_delay
dispatching POST_CMD command 'PASS (hidden)' to mod_log
dispatching POST_CMD command 'PASS (hidden)' to mod_ls
dispatching POST_CMD command 'PASS (hidden)' to mod_auth
dispatching POST_CMD command 'PASS (hidden)' to mod_xfer
dispatching POST_CMD command 'PASS (hidden)' to mod_core
dispatching LOG_CMD command 'PASS (hidden)' to mod_log
dispatching LOG_CMD command 'PASS (hidden)' to mod_auth
USER quanta: Login successful.
mod_ldap/2.8.22: successfully unbound
mod_ldap/2.8.22: not unbinding to an already unbound connection.
FTP session closed.

На стороне клиента FileZilla показывает:

Status: Connecting to 192.168.3.204:21...
Status: Connection established, waiting for welcome message...
Response:   220 ProFTPD 1.3.3c Server (ProFTPD Default Installation) [192.168.3.204]
Command:    USER quanta
Response:   331 Password required for quanta
Command:    PASS ********
Error:  Connection timed out
Error:  Could not connect to server

В чем может быть причина этой проблемы?

LDAPServer      ldap.domain.com

Я построил локальный DNS с dnsmasq и этот домен разрешается через другой сервер. Это причина медленной аутентификации. Использование IP-адреса вместо домена решило мою проблему.