# VsFtpd + LDAP



## claykinney (Jan 30, 2010)

Fresh install of 8.0.

I am currently trying to get vsftpd to authenticate virtual users using ldap. I have this working in fedora linux but would like to move to freebsd and start moving away from fedora.

I have nss_ldap port installed and running the command getent passwd or getent group successfully shows the users and groups in the ldap directory (on a linux host for now).

I google this issue and came across a few pages talking about pam and pam_ldap. So I followed suit and installed the pam_ldap port but I am still not having any success.

Can anyone give me any insight into why I cannot make vsftpd use ldap virtual users?

On another note....why does the vsftpd port not install a startup script in /etc/rc.d, like the other services? it just seems to install the daemon in /usr/local/libexec/vsftpd...and adding vsftpd_enable=yes to /etc/rc.conf has no effect on a reboot and having it start. I created a small bash startup script that calls the daemon and put it under /usr/local/etc/rc.d....but still no luck there either

Anyway...been using freebsd for rsync backups for a year or so and would like to get a better understanding of how things work in the bsd world.

Any help will be appreciated.

Clay


----------



## claykinney (Jan 30, 2010)

Scratch the second half of my post. I found the startup script for vsftpd and have it working when the box reboots....

But I am still scratching my head over the vsftpd/pam/ldap problem....

Clay


----------



## dennylin93 (Jan 30, 2010)

In theory, there shouldn't be anything different between FreeBSD and Fedora if the same software is used.

Try installing the same software that was used on Fedora and port the configuration files as well. They might require some modifications though.

There's an article about LDAP Authentication, but I don't know if it will help.

Try looking inside /var/log/ for error messages as well.


----------



## claykinney (Jan 30, 2010)

Yea I did copy over the vsftpd.conf file and tweak as needed. Plus I read the LDAP document. I looked at the PAM stuff...and I think that is where the problem lies...

As for the logs...they only show a failed login for user "someuser" but it does not really show any debug information.

Is there a setting I can set in vsftpd.conf to increase the log output? If there is I must have missed it looking over the variables located here...Man Page

Thanks for the reply....I have successfully made this work using slackware (no pam), fedora, and ubuntu. I just cannot figure out why it will not work with FreeBSD....

Anyone...I know someone out there has come across this before....

Thanks


----------



## claykinney (Jan 30, 2010)

I swear this was not showing in the logs late last nite....but it seems that pam_ldap could not find the file ldap.conf...


```
vsftpd[83977]: pam_ldap: missing file "/usr/local/etc/ldap.conf"
```

So I made a symlink from nss_ldap.conf to ldap.conf in the /usr/local/etc/ directory.

Now all is good...


----------

