Please help! VsFTPd with browsers works with user@ but...

[hunterhunter]

I set up an ftp server using vsftpd. Everything's working fine except for one minor detail.
In my browsers, I type:
ftp://user@ftp.whatever.com
ftp://user@ip_address
They work, and I'm prompted for a password. Then I'm in.
but
When I try just this in the browser... "ftp.whatever.com" then it should prompt me for a user name and password, but it doesn't. It just says anonymous logins are not allowed. You do not have permission to access this directory.

What can I add, or remove from the vsftpd.conf file to resolve this issue??

Because users just want to type ftp.whatever.com and be prompted. It just confuses them when they have to put ftp://user@ftp.whatever.com... or even the ip address.

Please help!

Thanks!

[sschlueter]

This is not an issue with vsftpd. It's just the way some browsers work.

[hunterhunter]

We used to use proftpd and it would prompt for a user name and password with browsers. Even though anonymous logins were disabled the daemon atleast sent back a login prompt.
You guys sure that I'm not missing anything??

I appreciate the help.

Many thanks.

[sschlueter]

I have just run a small test scenario:

Linux vsftpd 2.0, no anonymous logins allowed.

Windows Firefox 1.5 dns+ip: password prompt
Windows Internet Explorer 6 dns+ip: password prompt
Windows Opera 8.5 dns+ip: password prompt
Linux Konqueror 3.4 dns+ip: password prompt

[hunterhunter]

Did you type.

user@dns + ip

or just dns? I.E. "ftp.whatever.com"?

If you type only ftp.whatever.com in the address bar then you should get an error stating that anonymous logins are not allowed.


Try only the dns, no user names.

[sschlueter]

Ah, sorry for the confusion.

I have entered ftp://hostname.intern and ftp://192.168.1.1 into the browser's address bars. as i already said, all browsers showed a password prompt.

I have now run another test scenario, this time simply entering ftp.hostname.intern. (I had to add an entry to my local dns server, so that clients can resolve this name.)

Windows Firefox 1.5: password prompt
Windows Internet Explorer 6: password prompt
Windows Opera 8.5: password prompt
Linux Konqueror 3.4: password prompt

Again, all browsers show a password prompt.

Here is my vsftpd config file:

[truc]

he 'd like to his users to be "user prompted" than password prompted, not only password, if I understood him right. I'd like to know too, how this can be achieve!

[sschlueter]

Sorry for the confusion (part 2)

Of course it's a user and password prompt.

[sschlueter]

I think I have figured this out.

If the FTP server does not allow anonymous logins, there are two different ways it can treat clients that try to login as user anonymous:

Either

220 (vsFTPd 2.0.3)
USER anonymous
331 Please specify the password.
PASS mozilla@example.com
530 Login incorrect.

or

220 xxxx FTP server ready.
USER anonymous
530 Guest login not allowed on this machine.

All browsers that I have tested show a user+password prompt in the first case. Only Opera and Konqueror show a user+password prompt in the second case. Firefox and Internet Explorer just show an error message.

@hunterhunter Which version of vsftpd are you using?

[hunterhunter]

The newest version.

2.0.4

Thanks for the help by the way!

[hunterhunter]

You see what I mean now? I need I.E. and Firefox to be sent the uid/password box

I also emailed the author of vsftpd. I'm probably not going to get a response though.


Thanks again for trying.

[truc]

[sschlueter]

Well, this should be fairly simple now.

Make sure the file /etc/vsftpd/vsftpd.conf contains the following three lines:

anonymous_enable=NO
userlist_enable=YES
userlist_deny=NO

And make sure the file /etc/vsftpd/user_list contains the following two lines:

ftp
anonymous

These names must not be listed in the file /etc/vsftpd/ftpusers.

after restarting vsftpd you should get a login+password prompt just like I do.

And in order to make the non-anonymous logins works, their login names must be added to user_list as well.

This way your clients will get a password prompt when they try to login anonymously because the users ftp and anonymous are listed in user_list. They are still being denied because anonymous logins are disabled in vsftpd.conf.

[hunterhunter]

Didn't work.

I've tried these things in all sorts of combinations.

Nothing...

In your reply you also specified two user files. I only have one user file.

Thanks

[hunterhunter]

Here's my config. I changed everything back after what you told me didn't work.
I don't know what else to do???

<code>
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=077
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
#xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES
idle_session_timeout=120
data_connection_timeout=180
nopriv_user=nobody
async_abor_enable=YES
#ascii_upload_enable=YES
ascii_download_enable=NO
ftpd_banner=Welcome to Our FTP service!
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
ls_recurse_enable=NO
chroot_local_user=YES
check_shell=NO
#rsa_cert_file=/usr/local/etc/vsftpd.pem
#force_local_logins_ssl=YES
#force_local_data_ssl=YES
pasv_enable=YES
pasv_min_port=65000
pasv_max_port=65025

#SSL Section
#ssl_enable=YES
#ssl_sslv2=YES
#ssl_sslv3=YES
#ssl_tlsv1=YES

listen_address=64.*.*.* <- removed this for obvious reasons... (pretend there's an ip here)
listen_port=21
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/userlist_secure
listen=NO
</code>

I tried changing anonymous_enable to YES, then added the user anonymous in the /etc/userlist_secure file.
Nothing... perhaps it's one of my configuration options that's affecting it somehow...

Thanks again!

[sschlueter]

I've noticed that you have set listen=NO in your vsftpd.conf

Can you paste the output of

[hunterhunter]

tcp 0 0 64.*.*.*:21 0.0.0.0:* LISTEN 5694/xinetd


Obviously I had to edit the IP

It's running in with xinetd so I had to turn listen to NO

Thanks.

[sschlueter]

Can you paste the output of

[hunterhunter]

# vsftpd is the secure FTP server.
service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/vsftpd
server_args = /etc/vsftpd_secure.conf
per_source = 5
instances = 200
no_access = 192.168.1.100
banner_fail = /etc/vsftpd.busy_banner
log_on_success += PID HOST DURATION
log_on_failure += HOST
bind = 64.*.*.* <-- again, edited for obvious reasons
}


BTW, I really appreciate your help.

Thanks again.

[sschlueter]

So I guess you have manually compiled and installed vsftpd and not used the ebuild?

And the config file that you have posted is the content of /etc/vsftpd_secure.conf ?

Can you paste the output of

[hunterhunter]

Yes
&
Yes

cat /etc/userlist_secure | egrep 'anonymous|ftp'

No output.

[root@host etc]# tail /var/log/vsftpd.log
Mon Apr 10 11:57:46 2006 [pid 5564] CONNECT: Client "192.168.1.149"
Mon Apr 10 11:58:38 2006 [pid 5584] CONNECT: Client "192.168.1.149"
Mon Apr 10 11:58:38 2006 [pid 5586] CONNECT: Client "192.168.1.149"
Mon Apr 10 11:59:20 2006 [pid 5605] CONNECT: Client "192.168.1.149"
Mon Apr 10 11:59:20 2006 [pid 5604] [ftp] OK LOGIN: Client "192.168.1.149", anon password "IEUser@"
Mon Apr 10 12:00:20 2006 [pid 5629] CONNECT: Client "192.168.1.149"
Mon Apr 10 12:00:20 2006 [pid 5631] CONNECT: Client "192.168.1.149"
Mon Apr 10 12:01:26 2006 [pid 5678] CONNECT: Client "192.168.1.149"
Mon Apr 10 12:01:26 2006 [pid 5680] CONNECT: Client "192.168.1.149"
Mon Apr 10 12:01:52 2006 [pid 5697] CONNECT: Client "192.168.1.149"

As for using Ethereal. I'd have to read about it. I have never used it.

Thanks again.

Also, how do you guys use that "code" area. I tried <code> </code>...
Thanks

[sschlueter]

[hunterhunter]

I put anonymous and ftp in that file when I tested it. Once I found out that it wasn't working I promptly removed them so that I wouldn't forget.

They were in there though.

ethereal isn't installed and I doubt my boss wants me to install it...


Are you certain that you didn't do something special to get this working on your box??

When I add the user anonymous then the daemon still returns "anonymous not allowed".
When I turn anonymous on and add the user anonymous to the config file then it comes back with "permission denied" because the user anonymous isn't a user on the system. I added anonymous as a user and it just automatically logged me into anonymous' directory, because that's what the browser wanted.

GRRR!!


Thanks for all the help. I really appreciate it.

[sschlueter]

[hunterhunter]

No matter what I do I get either 530 permission denied, or anonymous logins are not allowed.

It never prompts me with a password, let alone a uid box.

If I enable anonymous, and put anonymous in the user list then it lets me right in.


I do have a user ftp, with /sbin/nologin as shell /var/ftp is the home.



When I do that test #5 it says anonymous logins are not allowed on this server. I click Ok. Then it just sits there.

I can select file>login as
Then user anonymous and the password.

This, however, is manually accomplished and I'm not prompted.

I guess we're back at square 1.




Thanks for all your effort though. I appreciate it a lot.