User is not able to connect to serverA via ftp from serverB:
Ftp service is not active in /etc/inetd.conf
#-> grep -i ftp /etc/inetd.conf
#ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l -a -o -u 022
# Before uncommenting the "tftp" entry below, please make sure
Unhashed the ftp and run (inetd –c) to re-read the configuration from the file /etc/inetd.conf.
#-> inetd –c
Syslog.log :
Jan 23 13:18:41 serverA inetd[4002]: Rereading configuration
Jan 23 13:18:41 serverA inetd[4002]: ftp/tcp: Added service, server /usr/lbin/ftpd
Jan 23 13:18:41 serverA inetd[4002]: Configuration complete
Still user complain the account is getting “login incorrect error”
Jan 23 13:32:14 serverA ftpd[2576]: FTP server (Revision 5.0 Version wuftpd-2.6.1 Thu Apr 29 06:48:40 GMT 2010) ready.
Jan 23 13:32:17 serverA ftpd[2576]: ACCESS DENIED (not in any class) TO serverB[10.136.xxx.xxx]
Jan 23 13:32:17 serverA ftpd[2576]: FTP LOGIN REFUSED (access denied) FROM serverB[10.136.xxx.xxx], xxxxxxxx
While investigation it was found that ftpaccess do not hold below entries.
#-> cat ftpaccess
banner /etc/issue
Add below line to this ftpacces file :
#-> cat ftpaccess
loginfails 3
class local real *.domain 0.0.0.0
class remote real *
limit local 60 Any /etc/msgs/msg.toomany
limit remote 60 Any /etc/msgs/msg.toomany
readme README* login
readme README* cwd=*
message /etc/motd login
message .message cwd=*
banner /etc/issue
suppresshostname yes
suppressversion yes
compress yes local remote
tar yes local remote
# allow use of private file for SITE GROUP and SITE GPASS?
private yes
# passwd-check <none|trivial|rfc822> [<enforce|warn>]
passwd-check rfc822 warn
log commands real
log transfers anonymous,real inbound,outbound
# all the following default to "yes" for everybody
delete no guest,anonymous # delete permission?
overwrite no guest,anonymous # overwrite permission?
rename no guest,anonymous # rename permission?
chmod no guest,anonymous # chmod permission?
umask no guest,anonymous # umask permission?
This resolve the issue, now user is able to connect to server and (login incorrect message is gone now)
No comments:
Post a Comment