Topic: FTP Access Problems HELP!

[SPimps]

I just upgraded my server from SME6 to SME7. It's a fresh install and I manually added users and passwords back into and copied all the data over.

I have setup the server to match the exact setup I had for SME6. I use to be able to use FTP fine.

Here's the problem.

On local network:
admin can access FTP and view everything.
users can access FTP but cannot view ibays, only home and Maildir.

Outside network
No one can access anything, except anonymous (which cannot see anything)


I have checked my settings.
FTP access = Allow public access (entire internet)
FTP password access = Accept passwords only from local networks.

iBay with correct Group and User access, and also public access = entire internet (password required)

The only error I get while using my FTP client (bulletproof) is 530 login incorrect.
HELP! This is really urgent.

[raem]

SPimps

> FTP password access = Accept passwords only from local networks.
> Outside network - No one can access anything, except anonymous

Well that sounds correct as you have passwords enabled only for local network access.


> I have setup the server to match the exact setup I had for SME6.
> On local network - users can access FTP but cannot view ibays, only home and Maildir.

Did you have a add on ftp chroot contrib installed that you have forgotten about ?

For sme7 it's called smeserver-remoteuseraccess from dungog

Search here on ftp or sftp for more details as this has been answered a number of times recently.

[SPimps]

Just a little new to linux...

I updated all the software that needed to be updated via the web gui.

I did do a search on remote ftp, but I wasn't really sure about the addon. And  a bit overwhelmed on of the answers.

I've had a look at my installed packages and I can't see "smeserver-remoteuseraccess", so should I be using that addon?

Thanks!

[byte]

Just a little new to linux...
I've had a look at my installed packages and I can't see "smeserver-remoteuseraccess", so should I be using that addon?

The ftp chroot contrib that Ray was on about I believe was the Dungog version for 6.0, if it was dungog-proftpd-chroot-0.1-6.noarch.rpm  then type at command line...

rpm -qi dungog-proftpd-chroot

See on this link the rpm Ray was on about using...

http://mirror.contribs.org/smeserver//contribs/dungog/packages/smeserver/7.0/i386/html/index_dungog.html

[cool34000]

Have you checked your users passwords are matching the minimum requierement ?
By default SME7 users must have 7 characters + at least 1 number and 1 extra character...
I had the same kind of problem once with the webmail... Until password is not a secured one, access from outside is denied to users with weak passwords !

[cno]

turn off the "pasv" in your bullet ftp

[SPimps]

God this is annoying me!!!

I've installed the suggested .rpm package (after pulling out my hair), and now only works on LAN.... which is guess one step in the right direction.

I don't understand why it won't work from WAN.. I keep getting a 530 (Login Incorrect). I am absolutely sure my username and password are correct.

I don't know what to do

[cool34000]

Have you tried this :

Code: [Select]

signal-event post-upgrade
signal-event reboot

[raem]

SPimps

> I've installed the suggested .. package .. now only works on LAN....

Please confirm which package you have installed
Give us the output of
rpm -q smeserver-remoteuseraccess


> I don't understand why it won't work from WAN..
> FTP password access = Accept passwords only from local networks.

In server manager Remote access panel, you need to set
FTP access = Allow public access (entire internet)
FTP password access = Accept passwords from anywhere


After setting the above please give us the output of
config show ftp

which should be like:

with ftp completely disabled

ftp=service
    LoginAccess=private
    TCPPort=21
    access=private
    status=disabled

with ftp completely enabled for public access

ftp=service
    LoginAccess=public
    TCPPort=21
    access=public
    status=enabled

[SPimps]

Have you tried this :

Code: [Select]

signal-event post-upgrade
signal-event reboot

Yep, I'm assuming that rebooted the server?
Didn't seem to have any affect.

RayMitchell
>Please confirm which package you have installed
>Give us the output of
>rpm -q smeserver-remoteuseraccess

(Excuse me if I'm completely wrong, I'm a newbie to linux)
In root, I typed "rpm -q smeserver-remoteuseraccess" and executed, it showed this: "smeserver-remoteuseraccess-1.2-6"


>In server manager Remote access panel, you need to set
>FTP access = Allow public access (entire internet)
>FTP password access = Accept passwords from anywhere

Done. I think that seemed to have done the trick!!

>After setting the above please give us the output of
>config show ftp

ftp=service
    LoginAccess=public
    TCPPort=21
    access=public
    status=enabled

Is it safe having it open like that? I read somewhere it isn't a good idea to "Accept passwords from anywhere".


Also just wondering, is this the correct way of install rpm packages?
> Download rpm
> Upload to some folder in FTP
> Login to SME server in root
> User Midnight Commander to browse to FTP folder and execute .rpm

Is that the right process? Because I've been trying to find out... However, I think it has worked in this case.


THANKS VERY MUCH!!!!!

[raem]

SPimps

> smeserver-remoteuseraccess-1.2-6

That's the correct version for sme7


>FTP password access = Accept passwords from anywhere
> Done. I think that seemed to have done the trick!!

Yes, I told you that earlier too but you didn't catch on.


> Is it safe having it open like that? I read somewhere it isn't a good idea > to "Accept passwords from anywhere".

Well if you want your users to access the server via ftp from anywhere, then you MUST set public access.
Yes it is a potential security risk, and even more so with ftp, as ftp sends passwords in plain text and anyone clever could be monitoring your system to "snoop" the passwords.
A good general policy for a secure server is to NOT use ftp.

You and your users would be far better off to use a secure ftp client (sftp), and connect securely via sftp. The are lots of free ones available.
See Chapter 14 of the manual about ibays & read it carefully.

VPN is safer safer method/protocol to use.


Also just wondering, is this the correct way of install rpm packages?
> Download rpm
> Upload to some folder in FTP
> Login to SME server in root
> User Midnight Commander to browse to FTP folder and execute .rpm

That way works obviously, depends what you mean by "execute .rpm". You can also use wget which gets the rpm directly, search for many references to this & see some of the howtos.

yum also is a way to install rpms, search also for how to use it that way in conjuction with enablerepo switch. It can be used for local installs or to download and install from remore sources.

Usually the traditional way has been to download the rpm(s) to a empty folder/ibay/user home folder and do
rpm -Uvh rpm-name-in-full

There is a definite push towards using yum as that will take care of rpm dependencies ie the need for other rpms to be installed to allow the one you want to install to work

Search here for yum, you will find many examples of what I'm referring to. Check the info on smeserver.org as it has pertinent idetails.