take a long time to login to vsftp server

Hi all,

I'm using FC7 with vsftp.

A big problem is when user login to my server, after they enter a password, they need to wait a very long time to login. I disabled SELinux but still same.
After login, everything works fine.
Any one have idea that can let user immidiate login after they enter password?
Thanks a lot!!
ubspressAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
There might be problems with resolving network addresses to names.
If an ident call is done by the server to the client (not exactly needed or useful) it might add to the network setup time.

the ftp server setup is probably to blame.
if you do want logging with machine names check the DNS config so that it resolves
the reverse also.
0
Gabriel OrozcoSolution ArchitectCommented:
try adding:

 UserReverseDNS  off

To vsftpd.conf
reference:
http://www.experts-exchange.com/Software/Server_Software/File_Servers/FTP/Q_22795404.html
0
ubspressAuthor Commented:
After i add UserReverseDNS  off to vsftpd.conf, I can not start vsftpd. seems  UserReverseDNS  off is not an option of vsftpd....

The problem still not solved...
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

Gabriel OrozcoSolution ArchitectCommented:
my mistake

try without the "r"

UseReverseDNS  off
0
Gabriel OrozcoSolution ArchitectCommented:
in fact, please use these two:

UseReverseDNS off
IdentLookups off
0
Gabriel OrozcoSolution ArchitectCommented:
this FAQ say it can have something to do with PAM on some platforms... please check it
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.3/FAQ
0
ubspressAuthor Commented:
Both "UseReverseDNS off" and "IdentLookups off" can not work.
The vsftpd can not start with error code 500. OOPS: unrecognised variable in config file.

My user can login, but need to wait a very long time to wait for the login.

Problem still not solved...
0
nociSoftware EngineerCommented:
An identlookup can take 2 minutes to timeout if it is filtered on some firewall in stead of rejected [ if used used]
An DNS lookup failing will mostly be in the range of 30 seconds per configured DNS server.

Those lookups are not necessary, identlookups are hardly trustworthy.
It is along the systems that connects that tells the FTP server the username of the user that wishes to connect. But that system can be tell anything it wants, possibly the truth.

Reverse DNS, there are some countries around the pacific ocean that have no support for reverse DNS. (i.e the resolution of PTR records in the <address bytewise reversed>.in-addr.arpa zone).

The trick is to not ask the questions for answers you won't need anyway, then there is no wait penalty.

In the manual page of the product i cannot see the above mentioned variables.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Gabriel OrozcoSolution ArchitectCommented:
pretty bad I picked up these options from a google search on vsftpd.conf

but from the man page
15.5.1. Daemon Options
# listen_ipv6  When enabled, vsftpd runs in stand-alone mode, but listens only to IPv6 sockets. This directive cannot be used in conjunction with the listen directive.
The default value is NO.

# session_support  When enabled, vsftpd attempts to maintain login sessions for each user through Pluggable Authentication Modules (PAM). Refer to Chapter 16 Pluggable Authentication Modules (PAM) for more information. If session logging is not necessary, disabling this option allows vsftpd to run with less processes and lower privileges.

The default value is YES.    <-------- CHANGE TO NO AND TEST

it is also advisable to check if your server's dns can resolve reverse dns from your client
0
ubspressAuthor Commented:
problem solved.
the problem arised due to DNS. I did not set the nat out on my firewall.
so either I remove my pri/sec dns or add a nat out and should work..
thanks for everyone contribution
0
nociSoftware EngineerCommented:
#20757645 should have started the path leading to DNS problems, but was not followed up onto on EE.
The problem will still not be resolved for some parts of the world this way.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.