Fixing VSFTPD login problem

By | January 1, 2014

I recently set up a new Ubuntu 12.04 server, and as part of the setup installed vsftp. I used an identical setup to a similar server, but for some reason, I kept getting an authentication error attempting to login as a local user.

After a lot of troubleshooting, I finally isolated the problem to the PAM script for vsftpd, found in /etc/pam.d/vsftpd:

#Standard behaviour for ftpd(8).
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

# Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.

# Standard pam includes
@include common-account
@include common-session
@include common-auth
auth required pam_shells.so

The problems were in the first and last “auth required” lines. I had to comment out both to get vsftpd to work. Either one by itself didn’t fix the problem.

The last called out a module that wasn’t found on my system. Not sure how it got there, but its purpose is to prevent ftp logins from users not having a shell.  Commenting it out removed the error that got logged to auth.log, but didn’t fix the problem.

The first “auth required” line refers to the /etc/ftpusers file, which despite its name is a list of users who shouldn’t be allowed to ftp. Even though the users I tried weren’t listed, I still got authorization denied. Commenting out this line fixed the problem, but right now it’s a mystery why there was a problem in the first place. This should work. It works fine on the other Ubuntu 12 losartan dosage.04 server. But at least I can do ftp.

If you happen to know what caused the problem, I’d sure appreciate it if you’d drop a comment below.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.