Версия, которую я использую:
ProFTPD Version: 1.3.3c (maint)
Scoreboard Version: 01040003
Built: Wed Dec 1 2010 16:41:40 ICT
Loaded modules:
mod_cap/1.0
mod_ldap/2.8.22
mod_auth_pam/1.1
mod_ident/1.0
mod_facts/0.1
mod_delay/0.6
mod_site.c
mod_log.c
mod_ls.c
mod_auth.c
mod_auth_file/0.8.3
mod_auth_unix.c
mod_xfer.c
mod_core.c
Мой proftpd.conf
:
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Don't use IPv6 support by default.
UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 002
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User nobody
Group nobody
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
# ProFTPd LDAP Module
<IfModule mod_ldap.c>
AuthOrder mod_ldap.c
LDAPServer ldap.domain.com
LDAPAttr uid cn
# LDAPAttr uidNumber cn
# LDAPAttr gidNumber cn
LDAPDNInfo cn=anonymous,ou=it,dc=domain,dc=com xxx
LDAPDoAuth on ou=it,dc=domain,dc=com (cn=%u)
RequireValidShell off
#LDAPDoUIDLookups on ou=it,dc=domain,dc=com (cn=%u)
LDAPDefaultUID 99
LDAPDefaultGID 99
LDAPAuthBinds on
#LDAPDoGIDLookups off
LDAPDefaultAuthScheme clear
PersistentPasswd off
LDAPGenerateHomedir on 0755
CreateHome on 0755
LDAPGenerateHomedirPrefix /home/proftpd
LDAPForceGeneratedHomedir on
DefaultRoot ~
</IfModule>
<IfModule mod_delay.c>
DelayEngine off
</IfModule>
# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
Отладочная информация при успешном подключении:
Preparing to chroot to directory '/home/proftpd/quanta'
Environment successfully chroot()ed
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
dispatching POST_CMD command 'PASS (hidden)' to mod_cap
mod_cap/1.0: capabilities '= cap_net_bind_service,cap_audit_write+ep'
dispatching POST_CMD command 'PASS (hidden)' to mod_delay
dispatching POST_CMD command 'PASS (hidden)' to mod_log
dispatching POST_CMD command 'PASS (hidden)' to mod_ls
dispatching POST_CMD command 'PASS (hidden)' to mod_auth
dispatching POST_CMD command 'PASS (hidden)' to mod_xfer
dispatching POST_CMD command 'PASS (hidden)' to mod_core
dispatching LOG_CMD command 'PASS (hidden)' to mod_log
dispatching LOG_CMD command 'PASS (hidden)' to mod_auth
USER quanta: Login successful.
dispatching PRE_CMD command 'PWD' to mod_core
dispatching PRE_CMD command 'PWD' to mod_core
dispatching CMD command 'PWD' to mod_core
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
dispatching LOG_CMD command 'PWD' to mod_log
dispatching PRE_CMD command 'TYPE I' to mod_core
dispatching PRE_CMD command 'TYPE I' to mod_core
dispatching CMD command 'TYPE I' to mod_xfer
dispatching LOG_CMD command 'TYPE I' to mod_log
dispatching PRE_CMD command 'PASV' to mod_core
dispatching PRE_CMD command 'PASV' to mod_core
dispatching CMD command 'PASV' to mod_core
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
Entering Passive Mode (192,168,3,204,136,35).
dispatching LOG_CMD command 'PASV' to mod_log
dispatching PRE_CMD command 'MLSD' to mod_core
dispatching PRE_CMD command 'MLSD' to mod_core
dispatching CMD command 'MLSD' to mod_facts
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
passive data connection opened - local : 192.168.3.204:34851
passive data connection opened - remote : 192.168.3.40:57622
и этот отображается по истечении времени ожидания:
Preparing to chroot to directory '/home/proftpd/quanta'
Environment successfully chroot()ed
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
dispatching POST_CMD command 'PASS (hidden)' to mod_cap
mod_cap/1.0: capabilities '= cap_net_bind_service,cap_audit_write+ep'
dispatching POST_CMD command 'PASS (hidden)' to mod_delay
dispatching POST_CMD command 'PASS (hidden)' to mod_log
dispatching POST_CMD command 'PASS (hidden)' to mod_ls
dispatching POST_CMD command 'PASS (hidden)' to mod_auth
dispatching POST_CMD command 'PASS (hidden)' to mod_xfer
dispatching POST_CMD command 'PASS (hidden)' to mod_core
dispatching LOG_CMD command 'PASS (hidden)' to mod_log
dispatching LOG_CMD command 'PASS (hidden)' to mod_auth
USER quanta: Login successful.
mod_ldap/2.8.22: successfully unbound
mod_ldap/2.8.22: not unbinding to an already unbound connection.
FTP session closed.
На стороне клиента FileZilla показывает:
Status: Connecting to 192.168.3.204:21...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.3.3c Server (ProFTPD Default Installation) [192.168.3.204]
Command: USER quanta
Response: 331 Password required for quanta
Command: PASS ********
Error: Connection timed out
Error: Could not connect to server
В чем может быть причина этой проблемы?
LDAPServer ldap.domain.com
Я построил локальный DNS с dnsmasq
и этот домен разрешается через другой сервер. Это причина медленной аутентификации. Использование IP-адреса вместо домена решило мою проблему.