Friday, October 25, 2013

Winbind, samba, proftpd

It is configured in the following way.

Winbind, samba, proftpd.
It uses kerberos and security = ADS

Now. Users can login via proftpd and their home directory is created by
There group is set to "Domain Users"

When logging in via a Linux command line ftp client, all seems to
function as expected, but when using a browser, this is where things go
wrong. First thing I notice is when compared to a "normal" (see
attachment "good.png") ftp  browser connection the folders/files are
listed out with a date. See the attachment "good.png" and look at the
difference between the file "hosts" in when compared to "nogood.png".
You will see the bad(un usable) files are listed with dates and the host
file in "good.png" lists without dates.

When I select the hosts file when it is in the "Domain Users" group, I
get this message from my browser.

    An error occurred while loading
ftp://simonj@ 04:43 hosts:
    The file or folder /home/STAFF/simonj/29 04:43 hosts does not exist.

See what it's doing? It thinks the date is a part of the name "hosts"

The "host" file is fixed when I change the group from "Domain Users" to
a normal unix group like "users".
But when I switch "DirFakeGroup on ~" on, the problem resurfaces, even
with the unix group "users" set.

I'm using proftpd-1.2.9-7mdk and I was using an earlier version that
comes with mandrake but I wanted to see if it was a version specific bug.

Any ideas, Can you suggest anything that I can try. Below are some of
the config files.

        workgroup = STAFF
        server string = Samba Server %v
        security = ADS
        realm = STAFF
        encrypt passwords = Yes
        #;server = dangnamit2.staff
        password server = *
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        #;character set = ISO8859-15
        os level = 18
        local master = No
        dns proxy = No
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind separator = +
        #template homedir = /home/%U
        template homedir = /home/%D/%U
        template shell = /bin/bash
        winbind use default domain = yes
        template primary group = "Domain Users"
        printing = cups
        unix charset = LOCALE

   comment = Home Directories
        browseable = yes
        writeable = yes
        preserve case = yes
        short preserve case = yes

pam.d/ftp file
auth       required item=user sense=deny
file=/etc/ftpusers onerr=succeed
auth       sufficient
auth       required service=system-auth
auth       required
account    sufficient
account    required service=system-auth
session    required service=system-auth

##auth       required item=user sense=deny
file=/etc/ftpusers onerr=succeed
##auth       required shadow nullok

# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
# If you enable this, it is recommended that you do *not* give the 'ftp'
# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
# add /bin/false to /etc/shells.
#auth       required

##account    required
##session    required


ServerName                      "ProFTPD Default Installation"
ServerType                      standalone
DefaultServer                   on
#DirFakeGroup on ~

# Allow FTP resuming.
# Remember to set to off if you have an incoming ftp for upload.
AllowStoreRestart               on

# Port 21 is the standard FTP port.
Port                            21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    30

# Set the user and group under which the server will run.
User                            nobody
Group                           nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
<Directory />
  AllowOverwrite                on

# Needed for NIS.

PersistentPasswd              off

# Default root can be used to put users in a chroot environment.
# As an example if you have a user foo and you want to put foo in /home/foo
# chroot environment you would do this:
# DefaultRoot /home/foo foo

Any help or advice to this proftpd beginner would be welcome. TA

Here's what i've done to make it work:

<Directory /users/sca/*>
        <Limit WRITE>
                DenyUser sca

No comments:

Post a Comment