It is configured in the following way.
Winbind, samba, proftpd.
It uses kerberos and security = ADS
Now. Users can login via proftpd and their home directory is created by
samba.
There group is set to "Domain Users"
When logging in via a Linux command line ftp client, all seems to
function as expected, but when using a browser, this is where things go
wrong. First thing I notice is when compared to a "normal" (see
attachment "good.png") ftp browser connection the folders/files are
listed out with a date. See the attachment "good.png" and look at the
difference between the file "hosts" in when compared to "nogood.png".
You will see the bad(un usable) files are listed with dates and the host
file in "good.png" lists without dates.
When I select the hosts file when it is in the "Domain Users" group, I
get this message from my browser.
An error occurred while loading
ftp://simonj@10.0.2.239/home/STAFF/simonj/29 04:43 hosts:
The file or folder /home/STAFF/simonj/29 04:43 hosts does not exist.
See what it's doing? It thinks the date is a part of the name "hosts"
The "host" file is fixed when I change the group from "Domain Users" to
a normal unix group like "users".
But when I switch "DirFakeGroup on ~" on, the problem resurfaces, even
with the unix group "users" set.
I'm using proftpd-1.2.9-7mdk and I was using an earlier version that
comes with mandrake but I wanted to see if it was a version specific bug.
Any ideas, Can you suggest anything that I can try. Below are some of
the config files.
smb.conf[global]
workgroup = STAFF
server string = Samba Server %v
security = ADS
realm = STAFF
encrypt passwords = Yes
#;server = dangnamit2.staff
password server = *
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#;character set = ISO8859-15
os level = 18
local master = No
dns proxy = No
winbind enum users = Yes
winbind enum groups = Yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
#template homedir = /home/%U
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = yes
template primary group = "Domain Users"
printing = cups
unix charset = LOCALE
[homes]
comment = Home Directories
browseable = yes
writeable = yes
preserve case = yes
short preserve case = yes
pam.d/ftp file
---------------
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
auth sufficient pam_winbind.so
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
##auth required pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
##auth required pam_pwdb.so shadow nullok
# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
#
# If you enable this, it is recommended that you do *not* give the 'ftp'
# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
# add /bin/false to /etc/shells.
#auth required pam_shells.so
##account required pam_pwdb.so
##session required pam_pwdb.so
Proftpd.conf
-------------
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
#DirFakeGroup on ~
# Allow FTP resuming.
# Remember to set to off if you have an incoming ftp for upload.
AllowStoreRestart on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User nobody
Group nogroup
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>
# Needed for NIS.
PersistentPasswd off
# Default root can be used to put users in a chroot environment.
# As an example if you have a user foo and you want to put foo in /home/foo
# chroot environment you would do this:
#
# DefaultRoot /home/foo foo
Any help or advice to this proftpd beginner would be welcome. TA
Here's what i've done to make it work:
<Directory /users/sca/*>
<Limit WRITE>
DenyUser sca
</Limit>
</Directory>
Winbind, samba, proftpd.
It uses kerberos and security = ADS
Now. Users can login via proftpd and their home directory is created by
samba.
There group is set to "Domain Users"
When logging in via a Linux command line ftp client, all seems to
function as expected, but when using a browser, this is where things go
wrong. First thing I notice is when compared to a "normal" (see
attachment "good.png") ftp browser connection the folders/files are
listed out with a date. See the attachment "good.png" and look at the
difference between the file "hosts" in when compared to "nogood.png".
You will see the bad(un usable) files are listed with dates and the host
file in "good.png" lists without dates.
When I select the hosts file when it is in the "Domain Users" group, I
get this message from my browser.
An error occurred while loading
ftp://simonj@10.0.2.239/home/STAFF/simonj/29 04:43 hosts:
The file or folder /home/STAFF/simonj/29 04:43 hosts does not exist.
See what it's doing? It thinks the date is a part of the name "hosts"
The "host" file is fixed when I change the group from "Domain Users" to
a normal unix group like "users".
But when I switch "DirFakeGroup on ~" on, the problem resurfaces, even
with the unix group "users" set.
I'm using proftpd-1.2.9-7mdk and I was using an earlier version that
comes with mandrake but I wanted to see if it was a version specific bug.
Any ideas, Can you suggest anything that I can try. Below are some of
the config files.
smb.conf[global]
workgroup = STAFF
server string = Samba Server %v
security = ADS
realm = STAFF
encrypt passwords = Yes
#;server = dangnamit2.staff
password server = *
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#;character set = ISO8859-15
os level = 18
local master = No
dns proxy = No
winbind enum users = Yes
winbind enum groups = Yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
#template homedir = /home/%U
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = yes
template primary group = "Domain Users"
printing = cups
unix charset = LOCALE
[homes]
comment = Home Directories
browseable = yes
writeable = yes
preserve case = yes
short preserve case = yes
pam.d/ftp file
---------------
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
auth sufficient pam_winbind.so
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
##auth required pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
##auth required pam_pwdb.so shadow nullok
# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
#
# If you enable this, it is recommended that you do *not* give the 'ftp'
# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
# add /bin/false to /etc/shells.
#auth required pam_shells.so
##account required pam_pwdb.so
##session required pam_pwdb.so
Proftpd.conf
-------------
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
#DirFakeGroup on ~
# Allow FTP resuming.
# Remember to set to off if you have an incoming ftp for upload.
AllowStoreRestart on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User nobody
Group nogroup
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>
# Needed for NIS.
PersistentPasswd off
# Default root can be used to put users in a chroot environment.
# As an example if you have a user foo and you want to put foo in /home/foo
# chroot environment you would do this:
#
# DefaultRoot /home/foo foo
Any help or advice to this proftpd beginner would be welcome. TA
Here's what i've done to make it work:
<Directory /users/sca/*>
<Limit WRITE>
DenyUser sca
</Limit>
</Directory>
