Security
cancel
Showing results for 
Search instead for 
Did you mean: 

530 Login incorrect... Login failed. for FTP sessions with the correct password for 80% ftp users.

 
Highlighted
Occasional Advisor

530 Login incorrect... Login failed. for FTP sessions with the correct password for 80% ftp users.

We are not able to connect to one of our main production server through ftp accounts

Please see the error message :-
Connected to 10.114.1.241.
220 warusdb6 FTP server (Revision 1.009 Version wuftpd-2.6.1 Fri Nov 3
10:57:35 GMT 2006) ready.
Name (10.114.1.241:dwaadm): actadep
331 Password required for actadep.
Password:
530 Login incorrect.
Login failed.

+ The username & password are correct.
+ This is happening for almost 80% of ftp users.

Please see the details of FTP login happened :-

warusdb6:syslog # cat syslog.log |grep -i "FTP LOGIN FROM" |grep -i actadep |wc -l
1314
warusdb6:syslog # cat syslog.log |grep -i "FTP LOGIN FROM" |grep -i "Jun 13" |wc -l
4199
warusdb6:syslog # cat syslog.log |grep -i "FTP LOGIN FROM" |grep -i "Jun 12" |wc -l
29315
warusdb6:syslog # cat syslog.log |grep -i "FTP LOGIN FROM" |grep -i "Jun 11" |wc -l
33775
warusdb6:syslog # cat syslog.log |grep -i "FTP LOGIN FROM" |grep -i "Jun 10" |wc -l
33952


These are the FTP refused numbers :-

warusdb6:syslog # cat syslog.log |grep -i "FTP LOGIN REFUSED" |grep -i "Jun 13" |wc -l
21328
warusdb6:syslog # cat syslog.log |grep -i "FTP LOGIN REFUSED" |grep -i "Jun 12" |wc -l
4600
warusdb6:syslog # cat syslog.log |grep -i "FTP LOGIN REFUSED" |grep -i "Jun 11" |wc -l
78
warusdb6:syslog # cat syslog.log |grep -i "FTP LOGIN REFUSED" |grep -i "Jun 10" |wc -l
25


A] There is no .netrc file under user's home directory.

warusdb6: # grep -i actadep /etc/passwd
actadep:*:285:104:GB/C//Diageo/FTP User for acata:/interfaces/DEP/acta/./:/usr/b
warusdb6: # cd /interfaces/DEP/acta/./
warusdb6:acta # ll |grep -i .netrc
warusdb6:acta #
warusdb6:acta #

B] We don't have any file like ftpusers in /etc

warusdb6: # more /etc/ftpusers
/etc/ftpusers: No such file or directory
warusdb6: # cd /etc
warusdb6:etc # ll |grep -i ftp
dr-xr--r-- 4 bin bin 1024 Jun 13 01:39 ftpd
warusdb6:etc # cd ftpd
warusdb6:ftpd # ll
total 42
-r--r--r-- 1 root sys 234 Jun 12 2002 fred
dr-xr--r-- 2 bin bin 96 Nov 15 2000 ftp-exec
-r--r--r-- 1 root sys 6795 Jun 13 02:41 ftpaccess
-r-------- 1 root sys 6795 Jun 13 01:40 ftpaccess.13june2009
-r--r--r-- 1 root sys 5147 May 7 02:23 ftphosts
dr-xr--r-- 2 bin bin 96 Jul 10 2002 pids
warusdb6:ftpd # cd ftp-exec
warusdb6:ftp-exec # ll
total 0
warusdb6:ftp-exec # cd ..
warusdb6:ftpd # cd pids
warusdb6:pids # ll
total 16
-rw-r--r-- 1 root root 4096 Feb 8 2006 local
-rw-r--r-- 1 root root 4096 Jun 13 17:40 remote


C] Details of /etc/shells
warusdb6:pids # cd /etc
warusdb6:etc #
warusdb6:etc # ll |grep -i shells
-r-------- 1 root sys 179 Aug 23 2001 shells
warusdb6:etc # more shells
/usr/bin/ksh
/usr/bin/sh
/usr/bin/csh
/usr/bin/rksh
/usr/bin/rsh
/usr/bin/false
/sbin/sh
/sbin/false
/bin/ksh
/bin/sh
/bin/csh
/bin/rksh
/bin/rsh
/usr/bin/ftpshell
/usr/bin/keysh
7 REPLIES 7
Highlighted
Acclaimed Contributor

Re: 530 Login incorrect... Login failed. for FTP sessions with the correct password for 80% ftp users.

What is the /etc/passwd entry for actadep? (You can blankout the password field if you want.)

>-r-------- 1 root sys 179 Aug 23 2001 shells

This should be readable by everybody.
Highlighted
Occasional Advisor

Re: 530 Login incorrect... Login failed. for FTP sessions with the correct password for 80% ftp users.

The password is necessary for this, that even we can not change.

Any other help will be much appreciated !!
Highlighted
Occasional Advisor

Re: 530 Login incorrect... Login failed. for FTP sessions with the correct password for 80% ftp users.

Dennis !!

Do u want me to change /etc/shells to 777.

& this is not only for actadep user. it is for most of the users.

just for a snapshot, please see this :-

warusdb6: # tail -1000 /var/adm/syslog/syslog.log |grep -i "FTP LOGIN REFUSED" |more
Jun 13 19:01:28 warusdb6 ftpd[4463]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], citglprd
Jun 13 19:01:28 warusdb6 ftpd[4464]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], pixmlprd
Jun 13 19:01:28 warusdb6 ftpd[4465]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], pixmlprd
Jun 13 19:01:28 warusdb6 ftpd[4467]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], pixmlprd
Jun 13 19:01:28 warusdb6 ftpd[4468]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], otcghprd
Jun 13 19:01:28 warusdb6 ftpd[4470]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], pixmlprd
Jun 13 19:01:28 warusdb6 ftpd[4471]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], mausoprd
Jun 13 19:01:28 warusdb6 ftpd[4472]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], citjpprd
Jun 13 19:01:28 warusdb6 ftpd[4473]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], swsaspro
Jun 13 19:01:28 warusdb6 ftpd[4474]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], stepidep
Jun 13 19:01:28 warusdb6 ftpd[4429]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], aisdbprd
Jun 13 19:01:29 warusdb6 ftpd[4439]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], otcxsprd
Jun 13 19:01:30 warusdb6 ftpd[4475]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], mausdprd
Jun 13 19:01:30 warusdb6 ftpd[4431]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], otcngprd
Jun 13 19:01:30 warusdb6 ftpd[4445]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], pixmlprd
Jun 13 19:01:30 warusdb6 ftpd[4459]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], pixmlprd
Jun 13 19:01:30 warusdb6 ftpd[4462]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], stepidep
Jun 13 19:01:30 warusdb6 ftpd[4469]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], spiusprd
Jun 13 19:01:51 warusdb6 ftpd[4579]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], mirinprd
Jun 13 19:01:51 warusdb6 ftpd[4580]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], mirinprd
Jun 13 19:01:52 warusdb6 ftpd[4581]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], mirsuprd
Jun 13 19:01:52 warusdb6 ftpd[4582]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], mirsuprd
Jun 13 19:01:57 warusdb6 ftpd[4636]: FTP LOGIN REFUSED (access denied) FROM warusxip01.diageo.net [10.114.55.121], scbprd
.
.
.
and so on !!
Highlighted
Honored Contributor

Re: 530 Login incorrect... Login failed. for FTP sessions with the correct password for 80% ftp users.

> Do u want me to change /etc/shells to 777.

NEVER change any data file to 777! This makes the file executable (which is always wrong) and anyone on the computer can trash the contents of the file. Change it to be readable as Dennis suggests:

chmod 644 /etc/shells

Are these accounts normal users that can login with a shell prompt? If so, check to see if their accounts are disabled.





Bill Hassell, sysadmin
Highlighted
Trusted Contributor

Re: 530 Login incorrect... Login failed. for FTP sessions with the correct password for 80% ftp users.

Hi Kshitij,

Here is the setting of /etc/shells on my machine.

As suggested, change it to 644.

-rw-r--r-- 1 sys 107 Mar 31 2003 /etc/shells

Also, did you check the configuration of /etc/ftpd/ftpaccess.

For testing purpose only, try by-passing the ftpaccess file and check if you can able to access ftp.

before doing ftp run: inetd -c

Good Luck!!
" Let Villagers Be Happy!! "
Highlighted
Occasional Advisor

Re: 530 Login incorrect... Login failed. for FTP sessions with the correct password for 80% ftp users.

fixed the issue after making changed to /etc/ftpd/ftpaccess

made

limit remote 100 SaSu|Any1800-0600 /etc/msgs/msg.toomany
to
limit remote 200 SaSu|Any1800-0600 /etc/msgs/msg.toomany


warusdb6:rc.config.d # grep ^limit /etc/ftpd/ftpaccess
limit local 20 Any /etc/msgs/msg.toomany
limit remote 200 SaSu|Any1800-0600 /etc/msgs/msg.toomany
limit remote 60 Any /etc/msgs/msg.toomany
Highlighted
Acclaimed Contributor

Re: 530 Login incorrect... Login failed. for FTP sessions with the correct password for 80% ftp users.

>The password is necessary for this

I meant that if you were concerned about security, you didn't have to show us the password field of the /etc/passwd entry.

>Do you want me to change /etc/shells to 777.

No, just 444 == a=r

>Expert in this area This member has accumulated 40000 or more points
Jun 14, 2009 00:21:36 GMT 5 pts
> Do u want me to change /etc/shells to 777.

>Bill: chmod 644 /etc/shells

No need for write permission to anybody, since root can aways write.