Hi Adam,
I remembered having a hard time getting this to work. After it worked,
networkadmins decided to disallow ftp connections at our university due
to security concerns...
I do not remember the solution (...), but I can share my config files (I
am using apache instead of nginx):
This is my working 'proftp.conf':
# This is the ProFTPD configuration file
# Server Config - config used for anything outside a <VirtualHost> or
<Global> context
ServerName "BITS Galaxy FTP"
ServerIdent on "Welcome to BITS Galaxy FTP server."
ServerType standalone
#ServerAdmin root@localhost
#Umask 0066
SyslogFacility DAEMON
SyslogLevel debug
DefaultRoot ~ !adm
CreateHome on 700 uid 600 gid 601
PassivePorts 39000 40000
MaxInstances 30
User galaxy
Group galaxy
#UseFtpUsers off
#AuthPAM off
# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS off
MaxInstances 20
# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
# General database support
(http://www.proftpd.org/docs/contrib/mod_sql.html)
#LoadModule mod_sql.c
# Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables
#LoadModule mod_sql_passwd.c
# Postgresql support (requires proftpd-postgresql package)
# (http://www.proftpd.org/docs/contrib/mod_sql.html)
# LoadModule mod_sql_postgres.c
<Global>
# Allow users to overwrite files and change permissions
AllowOverwrite on
AllowStoreRestart on
# Bar use of SITE CHMOD
<Limit SITE_CHMOD>
DenyAll
</Limit>
# Bar use of RETR (download) since this is not a public file drop
<Limit RETR>
DenyAll
</Limit>
SQLLogFile /var/log/proftpd/proftpd.log
# get FTP connection over SSH
DefaultServer on
SFTPEngine on
SFTPLog /var/log/proftpd-sftp.log
Port 8822
# Set up mod_sql_password - Galaxy passwords are stored as
hex-encoded SHA1
SQLPasswordEngine on
SQLPasswordEncoding hex
RequireValidShell off
# Set up mod_sql to authenticate against the Galaxy database
SQLEngine on
SQLBackend postgres
SQLConnectInfo galaxydb@127.0.0.1 galaxyftp **********
SQLAuthTypes SHA1
SQLAuthenticate users
# An empty directory in case chroot fails
SQLDefaultHomedir /mnt/galaxytemp/ftptmp
SQLDefaultGID 601
SQLDefaultUID 600
SQLMinID 95
# Define a custom query for lookup that returns a passwd-like entry.
UID and GID should match your Galaxy user.
SQLUserInfo custom:/LookupGalaxyUser
SQLNamedQuery LookupGalaxyUser SELECT
"email,password,'600','601','/mnt/galaxydb/ftp/%U','/bin/bash' FROM
galaxy_user WHERE email='%U'"
</Global>
Good luck,
Joachim
Joachim Jacob
Contact details: http://www.bits.vib.be/index.php/about/80-team
On 09/05/2013 02:46 AM, Panzer, Adam wrote:
Hello Devs,
I've been trying for a while now to get ProFTPD working for our local
instance. I have:
1) Modified pg_hba.conf
2) Set up the ProFTPD config files
3) Disabled PBKDF2 password encryption by adding use_pbkdf2 = false to
universe_wsgi.ini
I've read through the posts from others with this issue and made sure to
avoid some of the common pitfalls like forgetting to install/enable
mod_sql.c, mod_sql_postgres.c, and LoadModule mod_sql_passwd.c or having
an incorrect/<999 uid/gid in proftpd.conf. Even so, when I attempt to
access the server through FileZilla, it continues to kick back login
errors for all users:
Status: Resolving address of localhost
Status: Connecting to 127.0.0.1:21...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.3.4a Server (Jay2) [::ffff:127.0.0.1]
Command: USER panze...@kids.wustl.edu
Response: 331 Password required for panze...@kids.wustl.edu
Command: PASS ***********
Response: 530 Login incorrect.
Error: Critical error
Error: Could not connect to server
I have included the contents of the relevant config files and logs
below. The proftpd log says that the user name is wrong, but the sqllog
seems to indicate a successful hit on the user but a failed password
authentication (again, despite disabling PBKDF2). I would be most
grateful if someone could tell me what I'm doing wrong.
Thanks,
Adam
- PACKAGE VERSIONS -
PostgreSQL 9.2
Nginx 1.1.19
ProFTPD 1.3.4a
- PG_HBA.CONF -
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 0.0.0.0/0 md5
- PROFTPD.CONF -
Include /etc/proftpd/modules.conf
UseIPv6 on
IdentLookups off
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
Port 21
PassivePorts 30000 40000
MaxInstances 30
User galaxy
Group galaxy
Umask 077
AllowOverwrite on
AuthOrder mod_sql.c
SQLDefaultGID 1001
SQLDefaultUID 1001
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
Include /etc/proftpd/conf.d/
- GALAXY.CONF (galaxy specific conf.d ProFTPD config file) -
ServerName "Jay2"
DefaultRoot ~
CreateHome on dirmode 700
AllowOverwrite on
AllowStoreRestart on
<Limit SITE_CHMOD>
DenyAll
</Limit>
<Limit RETR>
DenyAll
</Limit>
AuthPAM off
SQLPasswordEngine on
SQLPasswordEncoding hex
SQLEngine on
SQLBackend postgres
SQLConnectInfo galaxy@localhost:5432 galaxy galaxy
SQLAuthTypes SHA1
SQLAuthenticate users
SQLDefaultHomedir /var/lib/proftpd/empty
SQLUserInfo custom:/LookupGalaxyUser
SQLNamedQuery LookupGalaxyUser SELECT
"email,password,'1001','1001','/home/galaxy/galaxy-supp/ftp/%U','/bin/bash'
FROM galaxy_user WHERE email='%U'"
SQLLogFile /var/log/proftpd/sqlLog.txt
- PROFTPD.LOG -
Sep 04 19:03:51 PCF10-WKS1572 proftpd[4846] PCF10-WKS1572
(localhost[127.0.0.1]): FTP session closed.
Sep 04 19:14:57 PCF10-WKS1572 proftpd[5034] PCF10-WKS1572
(localhost[127.0.0.1]): FTP session opened.
Sep 04 19:14:57 PCF10-WKS1572 proftpd[5034] PCF10-WKS1572
(localhost[127.0.0.1]): USER panze...@kids.wustl.edu (Login failed): No
such user found.
- SQLLOG.TXT -
Sep 04 19:14:57 mod_sql/4.3[5034]: defaulting to 'postgres' backend
Sep 04 19:14:57 mod_sql/4.3[5034]: backend module 'mod_sql_postgres/4.0.4'
Sep 04 19:14:57 mod_sql/4.3[5034]: backend api 'mod_sql_api_v1'
Sep 04 19:14:57 mod_sql/4.3[5034]: >>> sql_sess_init
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres
cmd_defineconnection
Sep 04 19:14:57 mod_sql/4.3[5034]: name: 'default'
Sep 04 19:14:57 mod_sql/4.3[5034]: user: 'galaxy'
Sep 04 19:14:57 mod_sql/4.3[5034]: host: 'localhost'
Sep 04 19:14:57 mod_sql/4.3[5034]: db: 'galaxy'
Sep 04 19:14:57 mod_sql/4.3[5034]: port: '5432'
Sep 04 19:14:57 mod_sql/4.3[5034]: ttl: '0'
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_defineconnection
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' successfully
established
Sep 04 19:14:57 mod_sql/4.3[5034]: mod_sql engine : on
Sep 04 19:14:57 mod_sql/4.3[5034]: negative_cache : off
Sep 04 19:14:57 mod_sql/4.3[5034]: authenticate : users
Sep 04 19:14:57 mod_sql/4.3[5034]: usertable : users
Sep 04 19:14:57 mod_sql/4.3[5034]: userid field : userid
Sep 04 19:14:57 mod_sql/4.3[5034]: password field : passwd
Sep 04 19:14:57 mod_sql/4.3[5034]: UID field : uid
Sep 04 19:14:57 mod_sql/4.3[5034]: GID field : gid
Sep 04 19:14:57 mod_sql/4.3[5034]: homedir field : homedir
Sep 04 19:14:57 mod_sql/4.3[5034]: homedir(default) :
'/var/lib/proftpd/empty'
Sep 04 19:14:57 mod_sql/4.3[5034]: shell field : shell
Sep 04 19:14:57 mod_sql/4.3[5034]: SQLMinUserUID : 999
Sep 04 19:14:57 mod_sql/4.3[5034]: SQLMinUserGID : 999
Sep 04 19:14:57 mod_sql/4.3[5034]: <<< sql_sess_init
Sep 04 19:14:57 mod_sql/4.3[5034]: >>> sql_pre_pass
Sep 04 19:14:57 mod_sql/4.3[5034]: <<< sql_pre_pass
Sep 04 19:14:57 mod_sql/4.3[5034]: >>> cmd_getpwnam
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_escapestring
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_open
Sep 04 19:14:57 mod_sql/4.3[5034]: Postgres server version: 9.2.4
Sep 04 19:14:57 mod_sql/4.3[5034]: Postgres connection character set now
'UTF8' (from 'UTF-8')
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' opened
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 2
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_open
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_close
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 1
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_close
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_escapestring
Sep 04 19:14:57 mod_sql/4.3[5034]: cache miss for user
'panze...@kids.wustl.edu'
Sep 04 19:14:57 mod_sql/4.3[5034]: >>> sql_lookup
Sep 04 19:14:57 mod_sql/4.3[5034]: >>> process_named_query
'LookupGalaxyUser'
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_escapestring
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_open
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 2
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_open
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_close
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 1
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_close
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_escapestring
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_escapestring
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_open
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 2
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_open
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_close
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 1
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_close
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_escapestring
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_select
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_open
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 2
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_open
Sep 04 19:14:57 mod_sql/4.3[5034]: query "SELECT
email,password,'1001','1001','/home/galaxy/galaxy-supp/ftp/panze...@kids.wustl.edu','/bin/bash'
FROM galaxy_user WHERE email='panze...@kids.wustl.edu'"
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_close
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 1
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_close
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_select
Sep 04 19:14:57 mod_sql/4.3[5034]: <<< process_named_query
'LookupGalaxyUser'
Sep 04 19:14:57 mod_sql/4.3[5034]: <<< sql_lookup
Sep 04 19:14:57 mod_sql/4.3[5034]: cache miss for user
'panze...@kids.wustl.edu'
Sep 04 19:14:57 mod_sql/4.3[5034]: user 'panze...@kids.wustl.edu' cached
Sep 04 19:14:57 mod_sql/4.3[5034]: + pwd.pw_name : panze...@kids.wustl.edu
Sep 04 19:14:57 mod_sql/4.3[5034]: + pwd.pw_uid : 1001
Sep 04 19:14:57 mod_sql/4.3[5034]: + pwd.pw_gid : 1001
Sep 04 19:14:57 mod_sql/4.3[5034]: + pwd.pw_dir :
/home/galaxy/galaxy-supp/ftp/panze...@kids.wustl.edu
Sep 04 19:14:57 mod_sql/4.3[5034]: + pwd.pw_shell : /bin/bash
Sep 04 19:14:57 mod_sql/4.3[5034]: <<< cmd_getpwnam
Sep 04 19:14:57 mod_sql/4.3[5034]: >>> cmd_auth
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_escapestring
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_open
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 2
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_open
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_close
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 1
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_close
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_escapestring
Sep 04 19:14:57 mod_sql/4.3[5034]: cache hit for user
'panze...@kids.wustl.edu'
Sep 04 19:14:57 mod_sql/4.3[5034]: >>> cmd_check
Sep 04 19:14:57 mod_sql/4.3[5034]: checking password using SQLAuthType
'sha1'
Sep 04 19:14:57 mod_sql/4.3[5034]: 'sha1' SQLAuthType handler reports
failure
Sep 04 19:14:57 mod_sql/4.3[5034]: <<< cmd_check
Sep 04 19:14:57 mod_sql/4.3[5034]: <<< cmd_auth
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_exit
Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_close
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' closed
Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 0
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_close
Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_exit
The materials in this email are private and may contain Protected Health
Information. If you are not the intended recipient, be advised that any
unauthorized use, disclosure, copying, distribution or the taking of any action
in reliance on the contents of this information is strictly prohibited. If you
have received this email in error, please immediately notify the sender via
telephone or return email.
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/mailinglists/
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/mailinglists/
