ood morning, i need your help please
from EXTERNAL sender somedy is trying to ftp by a public ip address this way
ftp 190.13.96.8
Connected to 190.13.96.8.
220 pricing01c FTP server ready.
Name (190.13.96.8:g803162): synverse
331 Password required for synverse.
Password:
530 Login incorrect.
Login failed.
ftp>
WE reset the passwd, localy from pricing01c trying to ftp but is not working
/produccion/explotacion/xptol # hostname
pricing01c
/produccion/explotacion/xptol # ftp pricing01c
Connected to 10.80.1.29.
220 pricing01c FTP server ready.
Name (10.80.1.29:xptol): synverse
331 Password required for synverse.
Password:
530 Login incorrect.
Login failed.
I cheked out the user and it exists:
/produccion/explotacion/xptol # grep synverse /etc/passwd
synverse:x:1141:118:661/C/*CDPTMR//DPE_CO_COLOMBIA TELECOMUNICACIONES SA-MIDRANGE - Usuario FTP synverse:/produccion01/explotacion/xproaming/tap3/dat/recepcion/archivos:/bin/false
This is the OS
etc/ftpd # uname -a
SunOS pricing01c 5.10 Generic_144488-01 sun4u sparc SUNW,SPARC-Enterprise
I checked out thet user into the ftpd directoty and found nothing:
etc/ftpd # ls -lrt
total 14
-rw-r--r-- 1 root sys 946 Jan 21 2005 ftpconversions
-rw-r--r-- 1 root sys 104 Jan 21 2005 ftpgroups
-rw-r--r-- 1 root sys 114 Jan 21 2005 ftpservers
-rw-r--r-- 1 root sys 108 Jan 21 2005 ftphosts
-rw-r--r-- 1 root sys 437 Feb 7 2011 ftpusers
-rw-r--r-- 1 root sys 1530 Mar 9 2011 ftpaccess
/etc/ftpd # uname -a
SunOS pricing01c 5.10 Generic_144488-01 sun4u sparc SUNW,SPARC-Enterprise
/etc/ftpd #
/etc/ftpd # grep synverse ftp*
The admin found the account disabled because of multiple retries but enable and reset the passwd again, and we tried one more time bat failed
What else can i check it out ?
I appreciate your help in advanced
The ftpaccess
file is probably blocking the user, as a guess, something is not configured correctly in there.
Reference: Controlling FTP Server Access - System Administration Guide: Network Services
First thing to check:
Usually there is a line in the file to allow access based on network ipv4 address, example: 10.192.*
Work through all of the settings carefully one by one because there are other kinds of settings to check. ftp is a security risk, so this file exists to control access.
FWIW: We disabled ftp in favor of sftp, with Putty (free) on all of the windows desktops that needed sftp access to files.
Thank you very much for your help, to be honest is hard to me understand each line of this file, so ive got the edited file so far, dont know if it can help
/etc/ftpd # cat ftpaccess
# ident "@(#)ftpaccess 1.2 03/05/14 SMI"
#
# FTP server configuration file, see ftpaccess(4).
#
class realusers real *
class guestusers guest *
class anonusers anonymous *
loginfails 3
passwd-check trivial warn
private no
shutdown /etc/ftpd/shutdown.msg
# email user@hostname
# guestuser username
# rhostlookup no
keepalive yes
recvbuf 65536 real,guest,anonymous
sendbuf 65536 real,guest,anonymous
# flush-wait no anonymous
# passive ports 0.0.0.0/0 32768 65535
# timeout data 600
# timeout idle 300
banner /etc/ftpd/banner.msg
greeting brief
message /etc/ftpd/welcome.msg login
message .message cwd=*
readme README* login
readme README* cwd=*
# quota-info *
chmod no anonymous
delete no anonymous
overwrite no anonymous
rename no anonymous
umask no anonymous
compress yes realusers guestusers anonusers
tar yes realusers guestusers anonusers
path-filter guest,anonymous /etc/ftpd/filename.msg ^[[:alnum:]._-]*$ ^[.-]
noretrieve relative class=anonusers /
allow-retrieve relative class=anonusers /pub
upload class=anonusers * * no nodirs
# upload class=anonusers * /incoming yes ftpadm ftpadm 0440 nodirs
# log commands real,guest,anonymous
# log security real,guest,anonymous
# log transfers real,guest,anonymous inbound,outbound
# xferlog format %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa %u %Xc %Xs %Xr
# limit-time anonymous 30
# limit anonusers 10 Wk0730-1800 /etc/ftpd/toomany.msg
# limit anonusers 50 SaSu|Any1800-0730 /etc/ftpd/toomany.msg
We tested another user using ftp and itworks
etc/ftpd # ftp proscltol01c
Connected to pricing01c.
220 pricing01c FTP server ready.
Name (pricing01c:xptol): xptol
331 Password required for xptol.
Password:
230 User xptol logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
Have you added this account to /etc/ftpusers by any chance? Confusingly that is a list of users NOT permitted to login with ftp.
Another thought is that the account might be locked. Do you get any output from pam_tally2
?
Kind regards,
Robin