PrOFTPD + MySQLOpenLDAP User Certification

xiaoxiao2021-03-06  123

PrOFTPD MySQL / OpenLDAP User Certification

First, ready to work

Download Proftpd: ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.7.tar.gz

Download MOD_SQL: http://www.lastditcheffort.org/~aah/proftpd/mod_sql/

Download MOD_LDAP-2.8.10: http://www.horde.net/~jwm/software/mod_ldap/

Second, PROFTPD MySQL

Tar xvzf proFTPD-VERSION.TAR.GZ

CD ProftPD-Version

./configure --prefix = / usr / local / proFTPD --with-modules = mod_sql: mod_sql_mysql

Make

Make Install

After the installation is successful, test Proftpd, start ProftPD

/usr/local/proftpd/sbin/in.proftpd

If no information is displayed, PrOFTPD starts successfully. Use system user log in to FTP Server

[root @ linux sbin] # ftp localhost

Connected to localhost (127.0.0.1).

220 Proftpd 1.2.7 Server (ProtePd Default Installation) [Linux.xUser.net]

Name (localhost: root): useera

331 Password Required for Usera.

PASSWORD:

230 User Usera Logged in.

Remote System Type IS UNIX.

Using binary model to transfer files.

FTP>

Proftpd test successfully, close Proftpd

Killall in.proftpd

Edit the proFTpd.conf file

Vi /usr/local/proftpd/etc/proftpd.conf

Add a few lines of parameters

SqlConnectinfo ftpusers @ localhost: 3306 root chen

SQLAUTHTYPES PLAINTEXT

SQLUSERINFO USERS USERID Passwd Uid Gid Homedir NULL

Requirevalidshell Off

SQLAUTHENTICATE Groups Groups UsersetFast Groupsetfast

Format Description:

SqlConnectInfo database @ Host name: port user password

SQLAUTHTYPES password (Plaintext plain text password, Crypt DES password, "Backend MySQL Password () function generated by passwords generated by

SQLUSERINFO [User Table] [User Name Field] [Password Field] [User ID] [Group ID] [User Directory] NULL

Create an FTPUSERS.SQL file

[mysql @ Linux mysql] $ vi ftpusers.sql

- MySQL DUMP 8.22

-

- Host: Localhost Database: Proftpd

-------------------------------------------------- -------

- Server Version 3.23.52-Max

-

- Table structure for reference 'groups'

-

Create Table Groups (Groupname Varchar (255) Binary Not Null Default ',

GID INT (11) Not Null Default '0',

MEMBERS TEXT NOT NULL,

PRIMARY Key (Groupname)

) TYPE = MyISAM;

-

- DUMPING DATA for TABLE 'GROUPS'

-

Insert Into Groups Values ​​('NOGROUP', 502, 'FTP Group');

-

- Table structure for reference 'users'

-

Create Table Users

Userid varchar (255) binary not null default '',

Passwd varchar (255) binary not null default ',

Uid Int (11) Default NULL,

GID INT (11) Default NULL,

Homedir varchar (255) Default Null,

Shell Varchar (255) Default Null,

Count int (11) Default Null,

Used Double (10, 1) Default '0.0',

Quota Double (10, 1) Default '10000000.0',

PRIMARY Key (UserID)

) TYPE = MyISAM;

-

DUMPING DATA for TABLE 'USERS'

-

Insert INTO USERS VALUES ('chen', 'chen', 500, 500, '/ home / samba ",' / bin / sh ', 0, 0.0, 10000000.0);

INSERT INTO USERS VALUES ('USER2', '123456', 500, 500, '/ Home / Samba', '/ BIN / BASH', 1, 0.0, 10000000.0);

INSERT INTO USERS VALUES ('USER1', '123456', NULL, NULL, '/ U01', NULL, 1, 0.0, 10000000.0);

Create a database and table

[MySQL @ Linux MySQL] $ Echo "Create Database FTPUSERS" | MySQL -UROOT -PCHEN

[mysql @ Linux mysql] $ mysql -uroot -pchen ftpusers

[mysql @ Linux mysql] $

Start ProftPd again

/usr/local/proftpd/sbin/in.proftpd

Use MySQL users to log in to FTP Server this time

Showing 230 USER XXXXX Logged in. MySQL authentication successfully

Third, ProftPD OpenLDAP

Tar xvzf proFTPD-VERSION.TAR.GZ

CD ProftPD-Version

./configure --prefix = / usr / local / proFTPD --with-modules = mod_ldap

Make

Make Install

# TAR ZXVF MOD_LDAP-2.8.10.tar.gz

Copy the POSIACCOUNT-ObjectClassClassClassClass and POSIXGROUP-ObjectClass under the MOD_LDAP-2.8.10 directory to the schema directory of OpenLDAP:

# cp mod_ldap-2.8.10 / positap * / etc / OpenLDAP / SCHEMA /

# vi /etc/openldap/slapd.conf

Modify the OpenLDAP profile slapd.conf, contain two files to this file:

INCLUDE / ETC / OpenLDAP / Schema / Posixaccount-ObjectClass

Include / etc / OpenLDAP / Schema / POSIXGROUP-OBJECTCLASS

Restart OpenLDAP:

# Service LDAP Restart

Stopping SLAPD: [OK]

Starting Slapd: [OK]

Edit the proFTpd.conf file

Vi /usr/local/proftpd/etc/proftpd.conf

Add a few lines of parameters

LDAPSERVER LOCALHOST LDAPDNINFO CN = Your-DN, DC = HORDE, DC = NET DNPASS LDAPDOAUTH ON "DC = Users, DC = HORDE, DC = Net"

Format Description:

LDAPSERVER OPENLDAP server LDAPDNINFO CN = Your -DN, DC = area name, DC = area name DN password LDAPDOAUTH ON "DC = area name, DC = area name"

example:

LDAPSERVER LOCALHOST

LDAPDNINFO CN = Manager, DC = xuser, DC = Net Secret

LDAPDOAUTH ON DC = Xuser, DC = Net

According to yourself, you need to modify the Group-LDIF and User-LDIF files in the MOD_LDAP-2.8.10 directory and add the entries to OpenLDAP:

# ldapadd -x -d "cn = manager, dc = xuser, dc = NET" -w second -f group-ldif

# ldapadd -x -d "cn = manager, dc = xuser, dc = Net" -w second -f user-ldif

Display: adding new entry "cn = mygroup, dc = xuser, dc = net" Add success

View records using LDAPSEARCH

# ldapsearch -x -b "DC = Xuser, DC = NET"

Start Proftpd:

/usr/local/proftpd/sbin/in.proftpd

Log in to FTP Server using OpenLDAP users

Showing 230 USER XXXXX Logged in. OpenLDAP authentication success

example:

[root @ Linux mod_ldap-2.8.10] # cat group-ldif

DN: cn = mygroup, dc = xuser, dc = net

ObjectClass: POSIXGROUP

CN: MyGroupGidNumber: 100

MEMBERUID: User1

Memberuid: User2

Memberuid: User3

MEMBER4: User4

MEMBERUID: FTPUSERSB

MEMBERUID: Usera

Memberuid: jwm

Memberuid: 100

[root @ Linux mod_ldap-2.8.10] # Cat User-LDIF

DN: UID = JWM, DC = Xuser, DC = Net

ObjectClass: Posixaccount

CN: John Morrissey

Uid: jwm

UidNumber: 2000

Gidnumber: 100

Homedirectory: / home / chen

Userpassword: {CRYPT} *

Loginshell: / bin / bash

DN: uid = chen, dc = xuser, dc = net

ObjectClass: Posixaccount

CN: chen

Uid: chen

UidNumber: 2000

Gidnumber: 100

Homedirectory: / home / chen

Userpassword: {crypt} sa7xjjlytxzz2

Loginshell: / bin / bash

DN: CN = ftpuser1, dc = xuser, dc = net

ObjectClass: Posixaccount

CN: ftpuser1

Uid: ftpuser1

UidNumber: 2000

Gidnumber: 100

Homedirectory: / home / chen

Userpassword: {crypt} sa7xjjlytxzz2

Loginshell: / bin / bash

DN: Uid = Usera, DC = Xuser, DC = Net

ObjectClass: Posixaccount

CN: Usera

Uid: Usera

UidNumber: 2000

Gidnumber: 100

Homedirectory: / TMP

Userpassword: {crypt} sa7xjjlytxzz2

Loginshell: / bin / bash

DN: uid = ftpuserb, dc = xuser, dc = net

ObjectClass: Posixaccount

CN: ftpuserb

Uid: ftpuserb

UidNumber: 2000

Gidnumber: 100

Homedirectory: / TMP

Userpassword: {crypt} o2boohek9ji06

Loginshell: / bin / bash

The above user password is encrypted with a Crypt mode, and the password is created.

Generate using PHP:

# cat des.php

DES password generator

Password:

$ Enpw = Crypt ($ Passwd);

Echo "Password IS: $ Enpw";

?>

Use Perl generation:

Perl -e 'Print ("Userpassword:" .crypt ("Secret", "Salt"). "/ n");' The resulting DES password is also available for OpenLDAP administrator password

# vi /etc/openldap/slapd.conf

Rootpw {crypt} ijfyncsnctbyg

Fourth, standard configuration file

MySQL authentication configuration instance

[root @ linux root] # cat /usr/local/proftpd/etc/proftpd.conf

ServerName "Proftpd Default Installation"

Servertype Standalone

DefaultServer on

# Port 21 Is The Standard FTP Port.

Port 21

# Umask 022 is a good standard umask to prevent new dirsnd files

# from being group and worldwritable.

Umask 022

# We putur mod_sql Directives in a block so they'll

# inherited by the block bellow, and any other

# Blocks We May Want To Add. for a Simple Server these Don't need

# be in a block but it't hurt anything.

SqlConnectinfo ftpusers @ localhost: 3306 root chen

SQLAUTHTYPES PLAINTEXT

SQLUSERINFO USERS USERID Passwd Uid Gid Homedir NULL

Requirevalidshell Off

SQLAUTHENTICATE Groups Groups UsersetFast Groupsetfast

# To prevent dos attics, set the maximum number of child processes

# To 30. If you need to allow more Than 30 Concurrent Connections

# at ONCE, SIMPLY Increase this value. Note That excrething

# in Standalone Mode, in inetd Mode You Should Use An inetd Server

# That allows you to limited maximum number of processes per service

# (SUCH AS XINETD)

MaxInstances 30

# Set the normal user and group permissions for the server.

User Nobody

Group nogroup # Normal, We Want Files to Be overwriteable.

AllowoverWrite on

# A Basic Anonymous Configuration, No Upload Directories. If you

# Don't want to support anonymous access, Simply Remove this

# ... block.

User FTP

Group FTP

# W w c t "anonymous" AS Well AS "ftp"

Useralias anonymous ftp

# Ivit the maximum number of anonymous logins

MaxClients 10

# We want 'welcome.msg' displayed at login, and '.Message' Displayed

# in Each Newly Chdired Directory.

DisplayLogin Welcome.msg

DisplayFirstchdir .Message

# Ivit write everywhere in the anonymous chroot

Denyall

OpenLDAP authentication configuration instance

[root @ linux root] # cat /usr/local/proftpd/etc/proftpd.conf

# This is a baric proFTPD Configuration File (Rename It To

# 'proftpd.conf' for actual use. it Establishes a Single Server

# and a single anonymous login. it assuments That You have a user / group

# "nobody" and "ftp" for normal operation and anon.

ServerName "Proftpd Default Installation"

Servertype Standalone

DefaultServer on

# Port 21 Is The Standard FTP Port.

Port 21

# Umask 022 is a good standard umask to prevent new dirsnd files

# from being group and worldwritable.

Umask 022

LDAPDOAUTH ON DC = Xuser, DC = NetldapServer Localhost

LDAPDNINFO CN = Manager, DC = xuser, DC = Net Secret

# To prevent dos attics, set the maximum number of child processes

# To 30. If you need to allow more Than 30 Concurrent Connections

# at ONCE, SIMPLY Increase this value. Note That excrething

# in Standalone Mode, in inetd Mode You Should Use An inetd Server

# That allows you to limited maximum number of processes per service

# (SUCH AS XINETD).

MaxInstances 30

# Set the user and group under which the server will run.

User Nobody

Group nogroup

# NORMALLY, WE WANT FILES to Be overwriteable.

AllowoverWrite on

# A Basic Anonymous Configuration, No Upload Directories.

User FTP

Group FTP

# W w c t "anonymous" AS Well AS "ftp"

Useralias anonymous ftp

# Ivit the maximum number of anonymous logins

MaxClients 10

# We want 'welcome.msg' displayed at login, and '.Message' Displayed

# in Each Newly Chdired Directory.

DisplayLogin Welcome.msg

DisplayFirstchdir .Message

# Ivit write everywhere in the anonymous chroot

Denyall

# Include /usr/local/etc/mod_ldap.conf

OpenLDAP profile

[root @ linux root] # cat /etc/openldap/slapd.conf

# $ OPENLDAP: PKG / LDAP / Servers / SLAPD / SLAPD.CONF, V 1.8.8.6 2001/04/20

23:32:43

Kurt EXP $

#

# See slapd.conf (5) for details on configuration options.

# This file shouth not be world readable. #

INCLUDE / Etc/openldap/schema/core.schema

INCLUDE / Etc/openldap/schema/cosine.schema

INCLUDE / Etc/openldap/schema/inetorgperson.schema

INCLUDE / Etc/openldap/schema/nis.schema

INCLUDE / Etc/openldap/schema/redhat/rfc822-mailmember.schema

INCLUDE / Etc/openldap/schema/redhat/autofs.schema

INCLUDE / Etc/openldap/schema/redhat/kerberosobilesObject.schema

Include / etc / OpenLDAP / Schema / Chen

INCLUDE / ETC / OpenLDAP / Schema / Posixaccount-ObjectClass

Include / etc / OpenLDAP / Schema / POSIXGROUP-OBJECTCLASS

#include / etc / OpenLDAP / Schema / qmail_schema

#include /etc/openldap/slapd.info.oc.conf

#include /etc/openldap/slapd.account.oc.conf

# Define Global Acls to Disable Default Read Access.

# Do not enable Referrals Until after you have a working Directory

# Service and an understanding of referrars.

#referral ldap: //root.openldap.org

#PIDFILE //VAR/Run/slapd.pid

#Argsfile //var/run/slapd.args

# Create a replication log in / var / lib / ldap for use by slurpd.

#replogfile /var/lib/ldap/master-slapd.replog

# Loading Dynamic Backend Modules:

# modulepath / usr / sbin / OpenLDAP

# ModuleLoad Back_LDap.la

# ModuLoad Back_LDBM.LA

# moduleLoad back_passwd.la

# ModuleLoad Back_Shell.la

# The Next Two Lines Allow Use of TLS for Connections Using A Dummy Test

# CERTIFICATE, But you shop generate a proper certificate by changing to

# / usr / share / ssl / ceert, running "make slapd.pem", and fixing permissions on

# slapd.pem so what the the ldap user or group can read it.

#TLSCERTIFICATEFILE /USR/SHARE/ssl/certs/slapd.pem

#TlscertificateKeyFile /usR/share/ssl/certs/slapd.pem####################################################################################################################################################################################################################################### ##########################################################

# ldbm Database Definitions

######################################################################################################################################################################################################################################################################################################## #####################

Database ldbm

SUFFIX "DC = Xuser, DC = Net"

Rootdn "CN = Manager, DC = Xuser, DC = Net"

#rootdn "cn = manager, dc = my-domain, dc = COM"

#rootdn "cn = manager, o = my Organization Name, C = US"

# Cleartext Passwords, Especially for the rootdn, Should

# be avoided. See slapsswd (8) and slapd.conf (5) for details.

# Use of strong authentication encouraged.

Rootpw secret

# rootpw secret

# rootpw {crypt} ijfyncsnctbyg

# The Database Directory Must Exist Prior To Running Slapd and

# Should Only Be Accessible By The Slapd / Tools. Mode 700 Recommended.

Directory / VAR / LIB / LDAP

# Ion to maintain

Index ObjectClass, UID, UidNumber, GidNumber, Memberuid EQ

INDEX CN, MAIL, Surname, Givenname Eq, Subinitial

# Replicas to Which WehibaGate Changes

#replica ldap-1.example.com:389 TLS = YES

# Bindmethod = SASL SASLMECH = GSSAPI

# Authcid=host/ldap-master.example.com@example.com

V. FAQQ: Enter the username in the local FTP localhost, password is entered back. Waiting for a long time to enter FTP Server

A: FTP 127.0.0.1

Q: Enter the username on the remote server on the remote server, password is entered back. Waiting for a long time to enter FTP Server

A: ldapserver localhost is changed to LDapServer 127.0.0.1

Q: [Root @ Linux MOD_LDAP-2.8.10] # ftp 127.0.0.1

Connected to 127.0.0.1 (127.0.0.1).

500 FTP Server Shut Down (Going Down At Tue Dec 17

19:00:00

.

FTP>

A: RM-RF / ETC / SHUTMSG

Q: Log in to FTP Server Tips 530 login incorrect.

Login Failed. I confirm the input user, password is determined to be correct

A: When you log in to ProftPD, you will output debugging information. You can

Find the answer. If you find this line No Such user 'XXXX' in debugging information may be a problem with MySQL / OpenLDAP.

Q: I saw a lot of introductions how to install the ProftPd article, read a lot of how to do, press how to do step by step, never installed successfully.

A: Many online articles on the Internet are more old, and many definitions are now not in use.

SqlConnectInfo Laftp @ localhost username password

SQLAUTHTYPES PLAINTEXT BACKEND

SQLAUTHORITATIVE

On

Sqldefaultgid 1001

Sqldefaultuid 1001

SqldoAuth

On

SqldogroupAuth

On

SQLGIDFIELD GID

Sqlgroupgidfield GID

SQLGroupMembersfield Members

SQLGROUPTABLE FTPGROUP

Sqlgroupnamefield Groupname

Sqlhomedirfield HomeDir

Sqlminuseruid 400

SqlminUsergid 400

SQLPasswordfield Passwd

SQluidField Uid

SQLUSERTABLE FTPUSER

SQLUSERNAMEFIELD UserID

SQLLoginCountfield Count

######################################################################################################################################################################################################################################################################################################## ######

LDAPSERVER "Localhost"

LDAPPREFIX "DC = Horde, DC = Net"

LDAPDN "CN = THEDN, DC = HORDE, DC = Net"

LDAPDNPASS "LDAP_DNPASS"

LDAPNEGATIVECACHE ON

Home address: http://www.9812.nethttp://www.kdeopen.comHttp://www.xaid.nethtp: //www.xuser.net

OICQ: 13721218

ICQ: 101888222

Author: Netkiller (Chen Jingfeng)

Tuesday, December 17, 2002, First Edition, "Proftpd MySQL / OpenLDAP User Certification" If there is any problem e-mail: Netkiller@9812.net

Disclaimer: Please keep this document complete

转载请注明原文地址:https://www.9cbs.com/read-126192.html

New Post(0)