HPE Community
Operating System - HP-UX
1833476 Members
3123 Online
110052 Solutions
New Discussion

FTP log message

 
Rootberry
Advisor

‎02-13-2006 06:17 AM

‎02-13-2006 06:17 AM

FTP log message

We repeatedly are getting messages in the log file pertainint to FTP athentication. I will copy and paste it below

"Feb 12 16:14:12 akl ftpd[4115]: pam_authenticate: Authentication failed 134217759 Feb 12 16:14:15 akl ftpd[4116]: pam_authenticate: Authentication failed 134217759 Feb 12 16:14:23 akl ftpd[4117]: pam_authenticate: Authentication failed 134217759 Feb 12 16:14:28 akl ftpd[4118]: pam_authenticate: Authentication failed 134217759 Feb 12 16:14:33 akl ftpd[4119]: pam_authenticate: Authentication failed 134217759 Feb 12 16:14:41 akl ftpd[4120]: pam_authenticate: Authentication failed 134217759 Feb 12 16:14:43 akl ftpd[4121]: pam_authenticate: Authentication failed 134217759"

Any ideas what this is or how to resolve it?
0 Kudos
7 REPLIES 7
Geoff Wild
Honored Contributor

‎02-13-2006 06:27 AM

‎02-13-2006 06:27 AM

Re: FTP log message

What is in /etc/pam.conf for ftp?

# grep ftp /etc/pam.conf
ftp auth required libpam_hpsec.so.1
ftp auth required libpam_unix.so.1
ftp account required libpam_hpsec.so.1
ftp account required libpam_unix.so.1
ftp session required libpam_hpsec.so.1 bypass_limit_login bypass_umask bypass_nologin
ftp session required libpam_unix.so.1


Also - did this just happening or was it always happening....

What OS version are you running?

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
paolo barila
Valued Contributor

‎02-13-2006 06:31 AM

‎02-13-2006 06:31 AM

Re: FTP log message

Hi,
a ftp user is trying to ftp with a wrong password

Yuo should see also

Feb 13 20:27:16 ftpd[10763]: User root: Login incorrect
Feb 13 20:27:16 nettuno ftpd[10763]: failed login from ...

Check in /etc/inetd.conf
if you have -l option on ftp:

ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l <----
share share share
0 Kudos
Rootberry
Advisor

‎02-13-2006 06:33 AM

‎02-13-2006 06:33 AM

Re: FTP log message

You were right, I should have posted that info...thanks for helping me help myself ;)

Here's whats in the /etc/pam.conf
root[/etc] >grep ftp /etc/pam.conf | pg
ftp account required /usr/lib/security/libpam_unix.1
ftp auth required /usr/lib/security/libpam_unix.1

Version is HP-UX 11.00

Its been an on going issue. Some days are worse than others.
0 Kudos
Rootberry
Advisor

‎02-13-2006 06:39 AM

‎02-13-2006 06:39 AM

Re: FTP log message

root[/etc] >grep ftp inetd.conf | pg
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -t 120
# Before uncommenting the "tftp" entry below, please make sure
# that you have a "tftp" user in /etc/passwd. If you don't
# have one, please consult the tftpd(1M) manual entry for
tftp dgram udp wait root /usr/lbin/tftpd tftpd\
0 Kudos
Jeff Schussele
Honored Contributor

‎02-13-2006 06:48 AM

‎02-13-2006 06:48 AM

Re: FTP log message

Hi,

It may not be an incorrect PW, it could also be that the account is disabled for any one or more reasons:

1) Account inactivity
2) Exceeded max incorrect PW attempts
3) Past PW lifetime
4) Past account lifetime
5) Pw required & a null PW
6) Admin lock
7) Pw is a *

Run the following command on the account

/usr/lbin/getprpw -m lockout user_name

man getprpw for details on what the return means.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Rootberry
Advisor

‎02-13-2006 08:20 AM

‎02-13-2006 08:20 AM

Re: FTP log message

Thanks to all for the responses. In this scenario it turned out, our email notification was grabbing the whole story.

So after thumbing through the syslog we will be updating the script to capture logon failures as well.

All the responses were very informative.

-John
0 Kudos
Rootberry
Advisor

‎02-13-2006 08:21 AM

‎02-13-2006 08:21 AM

Re: FTP log message

See above reply
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.