HPE Community
Operating System - HP-UX
1753918 Members
7840 Online
108810 Solutions
New Discussion юеВ

FTP login fails before prompting for a password

 
K. Lesperance
Advisor

тАО10-02-2008 10:26 AM

тАО10-02-2008 10:26 AM

FTP login fails before prompting for a password

Hi,

When trying to ftp from an AIX system to an HP-UX 11.31 system, the login fails before it even prompts for a password:

rssap18:/home/hpzkeles>ftp -v rssapdb
Connected to rssapdb.ryder.com.
220 rssapdb.ryder.com FTP server (Revision 3.0 Version wuftpd-2.6.1 Wed Dec 19 08:45:38 GMT 2007) ready.
Name (rssapdb:hpzkeles): sapftp
331 Password required for sapftp.
530 Login incorrect.
Login failed.
ftp>

From the syslog, I'm guessing it's an issue with pam:

Oct 2 13:59:08 rssapdb ftpd[27650]: Data port : 20
Oct 2 13:59:08 rssapdb ftpd[27650]: FTP server (Revision 3.0 Version wuftpd-2.6.1 Wed Dec 19 08:45:38 GMT 2007) ready.
Oct 2 13:59:16 rssapdb ftpd[27650]: pam_authenticate:Authentication failed
Oct 2 13:59:16 rssapdb ftpd[27650]: User sapftp: Login incorrect
Oct 2 13:59:16 rssapdb ftpd[27650]: failed login from 168.218.96.203 [168.218.96.203]
Oct 2 14:04:49 rssapdb ftpd[27650]: FTP session closed

Our ftp entries for pam.conf look like this:

rssapdb -> /root
root # grep ftp /etc/pam.conf
ftp auth required libpam_hpsec.so.1
ftp auth required libpam_unix.so.1
ftp account required libpam_hpsec.so.1
ftp account required libpam_unix.so.1
ftp session required libpam_hpsec.so.1 bypass_limit_login bypass_umask bypass_nologin
ftp session required libpam_unix.so.1

If I connect from another HP-UX system, it's working:

rssapapp -> /etc
root # ftp rssapdb
Connected to rssapdb.ryder.com.
220 rssapdb.ryder.com FTP server (Revision 3.0 Version wuftpd-2.6.1 Wed Dec 19 08:45:38 GMT 2007) ready.
Name (rssapdb:hpzkeles): sapftp
331 Password required for sapftp.
Password:
230 User sapftp logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

Oct 2 14:10:08 rssapdb ftpd[29248]: Data port : 20
Oct 2 14:10:08 rssapdb ftpd[29248]: FTP server (Revision 3.0 Version wuftpd-2.6.1 Wed Dec 19 08:45:38 GMT 2007) ready.
Oct 2 14:10:13 rssapdb ftpd[29248]: FTP LOGIN FROM rssapapp.ryder.com [168.218.96.165], sapftp

I've also tried from HP-UX 11.11, and a RedHat Linux server, and am able to log in successfully. We even have another AIX server we can ftp from successfully (but I don't see how anything on the client side could be causing this). Any help with this one would be appreciated.
0 Kudos
12 REPLIES 12
Tim Nelson
Honored Contributor

тАО10-02-2008 12:38 PM

тАО10-02-2008 12:38 PM

Re: FTP login fails before prompting for a password

I do not have the answer but maybe discussing will find it.

-all other servers work except AIX server1. First assumption would be yes a client issue but... first,

any IP restrictions in either /var/adm/inetd.sec ?
ftp using tcp wrappers, look in hosts.deny for IP of AIX server

Does AIX server1 have any issue FTPing to any other server.

0 Kudos
K. Lesperance
Advisor

тАО10-02-2008 12:41 PM

тАО10-02-2008 12:41 PM

Re: FTP login fails before prompting for a password

Upon further investigation, I think it's the AIX client. Another AIX server can ftp to our host in question successfully, and the problem server can't FTP to other HP-UX hosts.

We're not using tcp wrappers, and there's no /var/adm/inetd.sec file.
0 Kudos
OldSchool
Honored Contributor

тАО10-02-2008 12:43 PM

тАО10-02-2008 12:43 PM

Re: FTP login fails before prompting for a password

also, on server rssapdb:

in inetd.conf: is the ftpd using the "-f" switch? if so, check for "deny" entries in /etc/ftpaccess
0 Kudos
OldSchool
Honored Contributor

тАО10-02-2008 12:48 PM

тАО10-02-2008 12:48 PM

Re: FTP login fails before prompting for a password

oopss ftpaccess activitate by

ftpd -a

sorry ...no points for this one
0 Kudos
K. Lesperance
Advisor

тАО10-02-2008 12:50 PM

тАО10-02-2008 12:50 PM

Re: FTP login fails before prompting for a password

inetd.conf looks like this:

ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l

there's also no /etc/ftpaccess (or /etc/ftpd/ftpaccess).
0 Kudos
Tim Nelson
Honored Contributor

тАО10-02-2008 12:52 PM

тАО10-02-2008 12:52 PM

Re: FTP login fails before prompting for a password

So,
FTP client options ( no global ftp client settings I can think of ) only command line options.

Maybe a patch issue with this AIX server ?

Does AIX to AIX work ?



0 Kudos
TTr
Honored Contributor

тАО10-02-2008 01:10 PM

тАО10-02-2008 01:10 PM

Re: FTP login fails before prompting for a password

> 220 rssapdb.ryder.com FTP server (Revision 3.0 Version wuftpd-2.6.1 Wed Dec 19 08:45:38 GMT 2007) ready.
> Name (rssapdb:hpzkeles): sapftp
> 331 Password required for sapftp.
> 530 Login incorrect.
> Login failed.
The hint here is that you are NOT prompted for a password. I bet that have a .netrc file on the AIX server which has an entry in it for the 11.31 server that contains a password entry but no login entry.
0 Kudos
Suraj K Sankari
Honored Contributor

тАО10-03-2008 12:11 AM

тАО10-03-2008 12:11 AM

Re: FTP login fails before prompting for a password

Hi,

1st check this files /etc/ftpaccess and /etc/ftpd/ftpaccess
If /etc/ftpacces file is not there then no issue this means every one can do ftp if file is there then make sure your ftpuser name should not be there in this file.

2nd In /etc/ftp/ftpaccess file should having this 5 lines

class users real,guest *
guestgroup ftp
suppressversion yes
log commands real,guest,anonymous
log transfers real,guest,anonymous * IN,OUT

3rd Edit the /etc/inetd.conf file and put -a -l
Ex.
ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -a -l

after changing the same restart your network with
inetd -c

then try ftp

Suraj
0 Kudos
K. Lesperance
Advisor

тАО10-03-2008 05:01 AM

тАО10-03-2008 05:01 AM

Re: FTP login fails before prompting for a password

Tim,

I tried AIX to AIX, and that's not working, either.

TTr,

I looked for a .netrc in my home directory, and I don't have one. This also doesn't work for other users. I was wondering if there was a global netrc file, but I don't see one in /etc.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.