Hi Joahcim, Thanks so much for your reply. The problem has actually been resolved thanks to a response from Federico Zambelli. Embarrassingly, it did not occur to me that because the passwords had been created while PBKDF2 encryption was enabled, that I would need to reset them after disabling it :P. The FTP server appears to be working fine now.
Thanks, Adam On 09/05/2013 03:21 AM, Joachim Jacob | VIB | wrote: > Hi Adam, > > > I remembered having a hard time getting this to work. After it worked, > networkadmins decided to disallow ftp connections at our university due > to security concerns... > > I do not remember the solution (...), but I can share my config files (I > am using apache instead of nginx): > > This is my working 'proftp.conf': > > # This is the ProFTPD configuration file > # Server Config - config used for anything outside a <VirtualHost> or > <Global> context > > ServerName "BITS Galaxy FTP" > ServerIdent on "Welcome to BITS Galaxy FTP server." > ServerType standalone > #ServerAdmin root@localhost > #Umask 0066 > SyslogFacility DAEMON > SyslogLevel debug > DefaultRoot ~ !adm > CreateHome on 700 uid 600 gid 601 > PassivePorts 39000 40000 > MaxInstances 30 > User galaxy > Group galaxy > #UseFtpUsers off > #AuthPAM off > > # Don't do reverse DNS lookups (hangs on DNS problems) > UseReverseDNS off > MaxInstances 20 > > # Define the log formats > LogFormat default "%h %l %u %t \"%r\" %s %b" > LogFormat auth "%v [%P] %h %t \"%r\" %s" > > # General database support > (http://www.proftpd.org/docs/contrib/mod_sql.html) > #LoadModule mod_sql.c > > # Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables > #LoadModule mod_sql_passwd.c > > # Postgresql support (requires proftpd-postgresql package) > # (http://www.proftpd.org/docs/contrib/mod_sql.html) > # LoadModule mod_sql_postgres.c > > <Global> > # Allow users to overwrite files and change permissions > AllowOverwrite on > AllowStoreRestart on > > # Bar use of SITE CHMOD > <Limit SITE_CHMOD> > DenyAll > </Limit> > > # Bar use of RETR (download) since this is not a public file drop > <Limit RETR> > DenyAll > </Limit> > > SQLLogFile /var/log/proftpd/proftpd.log > > # get FTP connection over SSH > DefaultServer on > SFTPEngine on > SFTPLog /var/log/proftpd-sftp.log > Port 8822 > > # Set up mod_sql_password - Galaxy passwords are stored as > hex-encoded SHA1 > SQLPasswordEngine on > SQLPasswordEncoding hex > RequireValidShell off > > # Set up mod_sql to authenticate against the Galaxy database > SQLEngine on > SQLBackend postgres > SQLConnectInfo galaxydb@127.0.0.1 galaxyftp ********** > SQLAuthTypes SHA1 > SQLAuthenticate users > > # An empty directory in case chroot fails > SQLDefaultHomedir /mnt/galaxytemp/ftptmp > SQLDefaultGID 601 > SQLDefaultUID 600 > SQLMinID 95 > # Define a custom query for lookup that returns a passwd-like entry. > UID and GID should match your Galaxy user. > SQLUserInfo custom:/LookupGalaxyUser > SQLNamedQuery LookupGalaxyUser SELECT > "email,password,'600','601','/mnt/galaxydb/ftp/%U','/bin/bash' FROM > galaxy_user WHERE email='%U'" > </Global> > > Good luck, > > Joachim > > Joachim Jacob > Contact details: http://www.bits.vib.be/index.php/about/80-team > > > On 09/05/2013 02:46 AM, Panzer, Adam wrote: >> Hello Devs, >> >> I've been trying for a while now to get ProFTPD working for our local >> instance. I have: >> 1) Modified pg_hba.conf >> 2) Set up the ProFTPD config files >> 3) Disabled PBKDF2 password encryption by adding use_pbkdf2 = false to >> universe_wsgi.ini >> >> I've read through the posts from others with this issue and made sure to >> avoid some of the common pitfalls like forgetting to install/enable >> mod_sql.c, mod_sql_postgres.c, and LoadModule mod_sql_passwd.c or having >> an incorrect/<999 uid/gid in proftpd.conf. Even so, when I attempt to >> access the server through FileZilla, it continues to kick back login >> errors for all users: >> >> Status: Resolving address of localhost >> Status: Connecting to 127.0.0.1:21... >> Status: Connection established, waiting for welcome message... >> Response: 220 ProFTPD 1.3.4a Server (Jay2) [::ffff:127.0.0.1] >> Command: USER panze...@kids.wustl.edu >> Response: 331 Password required for panze...@kids.wustl.edu >> Command: PASS *********** >> Response: 530 Login incorrect. >> Error: Critical error >> Error: Could not connect to server >> >> I have included the contents of the relevant config files and logs >> below. The proftpd log says that the user name is wrong, but the sqllog >> seems to indicate a successful hit on the user but a failed password >> authentication (again, despite disabling PBKDF2). I would be most >> grateful if someone could tell me what I'm doing wrong. >> >> Thanks, >> Adam >> >> - PACKAGE VERSIONS - >> PostgreSQL 9.2 >> Nginx 1.1.19 >> ProFTPD 1.3.4a >> >> - PG_HBA.CONF - >> local all all trust >> host all all 127.0.0.1/32 trust >> host all all ::1/128 trust >> host all all 0.0.0.0/0 md5 >> >> - PROFTPD.CONF - >> >> Include /etc/proftpd/modules.conf >> >> UseIPv6 on >> >> IdentLookups off >> >> >> ServerType standalone >> DeferWelcome off >> >> MultilineRFC2228 on >> DefaultServer on >> ShowSymlinks on >> >> TimeoutNoTransfer 600 >> TimeoutStalled 600 >> TimeoutIdle 1200 >> >> DisplayLogin welcome.msg >> DisplayChdir .message true >> ListOptions "-l" >> >> DenyFilter \*.*/ >> >> Port 21 >> >> PassivePorts 30000 40000 >> >> MaxInstances 30 >> >> User galaxy >> Group galaxy >> >> Umask 077 >> >> AllowOverwrite on >> >> >> AuthOrder mod_sql.c >> >> SQLDefaultGID 1001 >> SQLDefaultUID 1001 >> >> TransferLog /var/log/proftpd/xferlog >> SystemLog /var/log/proftpd/proftpd.log >> >> <IfModule mod_quotatab.c> >> QuotaEngine off >> </IfModule> >> >> <IfModule mod_ratio.c> >> Ratios off >> </IfModule> >> >> <IfModule mod_delay.c> >> DelayEngine on >> </IfModule> >> >> <IfModule mod_ctrls.c> >> ControlsEngine off >> ControlsMaxClients 2 >> ControlsLog /var/log/proftpd/controls.log >> ControlsInterval 5 >> ControlsSocket /var/run/proftpd/proftpd.sock >> </IfModule> >> >> <IfModule mod_ctrls_admin.c> >> AdminControlsEngine off >> </IfModule> >> >> Include /etc/proftpd/conf.d/ >> >> - GALAXY.CONF (galaxy specific conf.d ProFTPD config file) - >> >> ServerName "Jay2" >> >> DefaultRoot ~ >> >> CreateHome on dirmode 700 >> >> AllowOverwrite on >> >> AllowStoreRestart on >> >> <Limit SITE_CHMOD> >> DenyAll >> </Limit> >> >> <Limit RETR> >> DenyAll >> </Limit> >> >> AuthPAM off >> >> SQLPasswordEngine on >> SQLPasswordEncoding hex >> >> SQLEngine on >> SQLBackend postgres >> SQLConnectInfo galaxy@localhost:5432 galaxy galaxy >> SQLAuthTypes SHA1 >> SQLAuthenticate users >> >> SQLDefaultHomedir /var/lib/proftpd/empty >> >> SQLUserInfo custom:/LookupGalaxyUser >> SQLNamedQuery LookupGalaxyUser SELECT >> "email,password,'1001','1001','/home/galaxy/galaxy-supp/ftp/%U','/bin/bash' >> FROM galaxy_user WHERE email='%U'" >> >> SQLLogFile /var/log/proftpd/sqlLog.txt >> >> - PROFTPD.LOG - >> Sep 04 19:03:51 PCF10-WKS1572 proftpd[4846] PCF10-WKS1572 >> (localhost[127.0.0.1]): FTP session closed. >> Sep 04 19:14:57 PCF10-WKS1572 proftpd[5034] PCF10-WKS1572 >> (localhost[127.0.0.1]): FTP session opened. >> Sep 04 19:14:57 PCF10-WKS1572 proftpd[5034] PCF10-WKS1572 >> (localhost[127.0.0.1]): USER panze...@kids.wustl.edu (Login failed): No >> such user found. >> >> - SQLLOG.TXT - >> Sep 04 19:14:57 mod_sql/4.3[5034]: defaulting to 'postgres' backend >> Sep 04 19:14:57 mod_sql/4.3[5034]: backend module 'mod_sql_postgres/4.0.4' >> Sep 04 19:14:57 mod_sql/4.3[5034]: backend api 'mod_sql_api_v1' >> Sep 04 19:14:57 mod_sql/4.3[5034]: >>> sql_sess_init >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres >> cmd_defineconnection >> Sep 04 19:14:57 mod_sql/4.3[5034]: name: 'default' >> Sep 04 19:14:57 mod_sql/4.3[5034]: user: 'galaxy' >> Sep 04 19:14:57 mod_sql/4.3[5034]: host: 'localhost' >> Sep 04 19:14:57 mod_sql/4.3[5034]: db: 'galaxy' >> Sep 04 19:14:57 mod_sql/4.3[5034]: port: '5432' >> Sep 04 19:14:57 mod_sql/4.3[5034]: ttl: '0' >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_defineconnection >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' successfully >> established >> Sep 04 19:14:57 mod_sql/4.3[5034]: mod_sql engine : on >> Sep 04 19:14:57 mod_sql/4.3[5034]: negative_cache : off >> Sep 04 19:14:57 mod_sql/4.3[5034]: authenticate : users >> Sep 04 19:14:57 mod_sql/4.3[5034]: usertable : users >> Sep 04 19:14:57 mod_sql/4.3[5034]: userid field : userid >> Sep 04 19:14:57 mod_sql/4.3[5034]: password field : passwd >> Sep 04 19:14:57 mod_sql/4.3[5034]: UID field : uid >> Sep 04 19:14:57 mod_sql/4.3[5034]: GID field : gid >> Sep 04 19:14:57 mod_sql/4.3[5034]: homedir field : homedir >> Sep 04 19:14:57 mod_sql/4.3[5034]: homedir(default) : >> '/var/lib/proftpd/empty' >> Sep 04 19:14:57 mod_sql/4.3[5034]: shell field : shell >> Sep 04 19:14:57 mod_sql/4.3[5034]: SQLMinUserUID : 999 >> Sep 04 19:14:57 mod_sql/4.3[5034]: SQLMinUserGID : 999 >> Sep 04 19:14:57 mod_sql/4.3[5034]: <<< sql_sess_init >> Sep 04 19:14:57 mod_sql/4.3[5034]: >>> sql_pre_pass >> Sep 04 19:14:57 mod_sql/4.3[5034]: <<< sql_pre_pass >> Sep 04 19:14:57 mod_sql/4.3[5034]: >>> cmd_getpwnam >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_escapestring >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_open >> Sep 04 19:14:57 mod_sql/4.3[5034]: Postgres server version: 9.2.4 >> Sep 04 19:14:57 mod_sql/4.3[5034]: Postgres connection character set now >> 'UTF8' (from 'UTF-8') >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' opened >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 2 >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_open >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_close >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 1 >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_close >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_escapestring >> Sep 04 19:14:57 mod_sql/4.3[5034]: cache miss for user >> 'panze...@kids.wustl.edu' >> Sep 04 19:14:57 mod_sql/4.3[5034]: >>> sql_lookup >> Sep 04 19:14:57 mod_sql/4.3[5034]: >>> process_named_query >> 'LookupGalaxyUser' >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_escapestring >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_open >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 2 >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_open >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_close >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 1 >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_close >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_escapestring >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_escapestring >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_open >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 2 >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_open >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_close >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 1 >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_close >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_escapestring >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_select >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_open >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 2 >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_open >> Sep 04 19:14:57 mod_sql/4.3[5034]: query "SELECT >> email,password,'1001','1001','/home/galaxy/galaxy-supp/ftp/panze...@kids.wustl.edu','/bin/bash' >> FROM galaxy_user WHERE email='panze...@kids.wustl.edu'" >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_close >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 1 >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_close >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_select >> Sep 04 19:14:57 mod_sql/4.3[5034]: <<< process_named_query >> 'LookupGalaxyUser' >> Sep 04 19:14:57 mod_sql/4.3[5034]: <<< sql_lookup >> Sep 04 19:14:57 mod_sql/4.3[5034]: cache miss for user >> 'panze...@kids.wustl.edu' >> Sep 04 19:14:57 mod_sql/4.3[5034]: user 'panze...@kids.wustl.edu' cached >> Sep 04 19:14:57 mod_sql/4.3[5034]: + pwd.pw_name : panze...@kids.wustl.edu >> Sep 04 19:14:57 mod_sql/4.3[5034]: + pwd.pw_uid : 1001 >> Sep 04 19:14:57 mod_sql/4.3[5034]: + pwd.pw_gid : 1001 >> Sep 04 19:14:57 mod_sql/4.3[5034]: + pwd.pw_dir : >> /home/galaxy/galaxy-supp/ftp/panze...@kids.wustl.edu >> Sep 04 19:14:57 mod_sql/4.3[5034]: + pwd.pw_shell : /bin/bash >> Sep 04 19:14:57 mod_sql/4.3[5034]: <<< cmd_getpwnam >> Sep 04 19:14:57 mod_sql/4.3[5034]: >>> cmd_auth >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_escapestring >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_open >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 2 >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_open >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_close >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 1 >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_close >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_escapestring >> Sep 04 19:14:57 mod_sql/4.3[5034]: cache hit for user >> 'panze...@kids.wustl.edu' >> Sep 04 19:14:57 mod_sql/4.3[5034]: >>> cmd_check >> Sep 04 19:14:57 mod_sql/4.3[5034]: checking password using SQLAuthType >> 'sha1' >> Sep 04 19:14:57 mod_sql/4.3[5034]: 'sha1' SQLAuthType handler reports >> failure >> Sep 04 19:14:57 mod_sql/4.3[5034]: <<< cmd_check >> Sep 04 19:14:57 mod_sql/4.3[5034]: <<< cmd_auth >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_exit >> Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_close >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' closed >> Sep 04 19:14:57 mod_sql/4.3[5034]: connection 'default' count is now 0 >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_close >> Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_exit >> >> >> The materials in this email are private and may contain Protected Health >> Information. If you are not the intended recipient, be advised that any >> unauthorized use, disclosure, copying, distribution or the taking of any >> action in reliance on the contents of this information is strictly >> prohibited. If you have received this email in error, please immediately >> notify the sender via telephone or return email. >> >> ___________________________________________________________ >> Please keep all replies on the list by using "reply all" >> in your mail client. To manage your subscriptions to this >> and other Galaxy lists, please use the interface at: >> http://lists.bx.psu.edu/ >> >> To search Galaxy mailing lists use the unified search at: >> http://galaxyproject.org/search/mailinglists/ >> >> ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
