Anonymous FTP

igor · ‎2009-04-09

Hi!

I've been trying to get FTP file access going by means of anonymous FTP login, but something's a miss... It's ONTAP 7.2.5.1 simulator - and I've followed all the steps described in http://now.netapp.com/NOW/knowledge/docs/ontap/rel7261_vs/html/ontap/filesag/index.html , under "File access using FTP" section. Here it is, in short:

options ftpd.enable on

options ftpd.auth_style ntfs

I've created a volume called "vol1", with a qtree named "anonymous" and entered the path into the /etc/cifs_homedir.cfg file: /vol/vol1/anonymous

cifs load homedir -f

options ftpd.anonymous.enable on

options ftpd.anonymous.name anonymous

options ftpd.anonymous.home_dir /vol/vol1/anonymous

In the end, I've tried creating an FTP connection from my laptop to it but I got the following error report:

     C:\Documents and Settings\Laptop>ftp 192.168.0.130
     Connected to 192.168.0.130.
     220 simulator FTP server (NetApp Release 7.2.5.1: Wed Jun 25 07:59:11 PDT 2008)
     ready
     User (192.168.0.130:(none)): anonymous
     331 Guest login ok, send ident as password.
     Password:
     530 Login incorrect - User has no home directory.
     Login failed.
     ftp>

For password I just hit Enter, later on I tried other ideas (guest, anonymous, etc) but none worked... I'd say that User has no home directory is indicative enough to suggest there's something wrong with mapping anonymous user with his homedirectory /vol/vol1/anonymous? Any thoughts?

Thanx!

adamfox · ‎2009-04-09

My first thought is a permission or user mapping issue.

The auth_style doesn't matter much if you're just doing anonymous. It matters when you're doing real users.

So it will depend on what the security style of the qtree is and what the permissions are at the top level of that qtree.

Keep in mind that your anonymous user will be treated as user 'ftp' as defined in the /etc/passwd file on the controller.

So, if the qtree style is UNIX, you will need to be sure that the uid of ftp can at least read and access that qtree. Keep in mind

this includes the the root of the volume as well. If the qtree style if ntfs (or even mixed), you will either have to have a Windows

user called 'ftp' or you will need to map the UNIX user 'ftp' to some other Windows user so that user mapping can be done.

Then that user (whatever you choose from above) will need to be able to access and read the path of the home directory you

specified.

The error message can be a bit deceiving. It's says "No user home directory", but you can get that if user ftp can't

reach that directory as well.

Hope this helps.

veluxitcsde · ‎2009-04-16

Hi Adam

Does your explanation means, that a UNIX user named Drift can not access a FTP directory. Only a Windows user can access a FTP directory?

My qtree style is set to NTFS

My ftpd settings is as follow:

pfa-9m-01> options ftpd
ftpd.3way.enable             on
ftpd.anonymous.enable        on
ftpd.anonymous.home_dir      /vol/TAHITI/test
ftpd.anonymous.name          Drift
ftpd.auth_style              ntlm
ftpd.bypass_traverse_checking off
ftpd.dir.override
ftpd.dir.restriction         off
ftpd.enable                  on
ftpd.idle_timeout            900s       (value might be overwritten in takeover)
ftpd.locking                 none
ftpd.log.enable              on
ftpd.log.filesize            512k
ftpd.log.nfiles              6
ftpd.max_connections         500        (value might be overwritten in takeover)
ftpd.max_connections_threshold 0%         (value might be overwritten in takeover)
ftpd.tcp_window_size         28960
pfa-9m-01>

When trying to access my FTP homedir with username: drift and password: xXxXxXx I´m getting this error.

ftp> open 10.224.13.67
Connected to 10.224.13.67.
220 pfa-9m-01 FTP server (Data ONTAP Release 7.3: Thu Jul 24 15:55:58 PDT 2008 (IBM)) ready
User (10.224.13.67:(none)): drift
331 Password required for drift.
Password:
530 Login incorrect.
Login failed.
ftp>

saurabhg · ‎2009-04-16

Hi

For UNIX user to access a directory path on a NTFS qtree, he would need a valid user mapping to a Windows user. This is needed to calculate/validate user Drift's claim to have access to the specified path. Failing this FTP subsytems returns path inaccessible error as "user has no homedirectory".

Can you please check if you have a default Windows user set in option wafl.default_nt_user. Or you can have a user mapping defined to drift to any Windows user in /etc/usermap.cfg.

You can verify it using command "wcc -u drift". This should reflect desired mapping after setting either of the above option. Now anonymous FTP login should work for you.

VKALVEMULA · ‎2014-09-10

try changing :

ftpd.auth_style unix

igor · ‎2009-04-27

Hi, Adam!

I've tried changing auth_style and you're right, it doesn't change anything... As for the qtree, I've set it to NTLM and set permissions to Full Control for everyone. Also, I've tried changing the home directory path - and it's still the same problem.

So, you think if I set the qtree security style to NTFS I will need a user called "ftp" to access it anonymously? I was actually going for a possibility of an anonymous ftp acess, for most of the users here. It's a simple workgroup of XP platforms. Can I somehow work around it so I can access it as any user?

adamfox · ‎2009-04-27

Ok. This is sounding more like a user mapping issue. You can verify this by turning on the option cifs.trace_login and watching the console when you login.

It's all fine and good that you have the permissions set to everyone / full, however you must still be able to map to a Windows user so that the permissions can be applied. In this case, you will need to map either use "Drift" or user "ftp" to a valid Windows user. If you have a Windows user "Drift" or "ftp" already, you should be set. If not you will need to map some Windows user to one of those 2 users via the /etc/usermap.cfg file.

Hope this helps

anthonyfeigl · ‎2009-04-27

Hey Igor,

A suggestion on mapping users.

If you need to map a user from cifs/unix, you will need to change your usermap.cfg with an entry like this:

filername\administrator == root

Make sure that you have local administrator privileges for the user on the filer.

Hope this helps.

Anthony Feigl

mferris · ‎2011-07-28

Make sure you have permissions to the whole /vol/xxx path down to the directory you are using.

If there are locked down permissions at say /vol/testvol before you get to /vol/testvol/ftpdir, then

even if ftpdir is wide open, you will get the "no home directory" error. Just something to check.

Matt Ferris

karl_ridenour · ‎2014-06-24

This has bugged me for many years and I've just worked around it. Netapp support always goes down the rathole of permissions and mappings, but I have found the following always gives me root access using ftp:

On new filer install, no protocols yet configured, on the console I disable security.rules.enable .

Next I license CIFS and run cifs setup. I'll not join AD , but set it up for workgroup. In this process, the administrator account is created and passworded identical to the root password. ( the security option above allows this).

Viola! Once this is done, for some reason,I can now login as root via ftp. Of course all I've enabled is ftpd.enable on.

Noone, literally NO ONE has told me why this works....in 10 friggen years! I use the process ALL the time as I like ftp....( use htpp/cifs shares/nfs exports too..)

Cheers!

VKALVEMULA · ‎2014-09-10

hi Karl,

i don want any anonymous as my username

also when i enable ftpd.anonymous.enable on... it accepts any dummy password to logon..

ftpd.anonymous.enable on

ftpd.anonymous.home_dir /vol/test_ftp/qtree_ftp

ftpd.anonymous.name anonymous

can we give a specific username and password so that we can login via those credentials only..

so that even if they have path for ftp and username... unless they specify exact password they shouldn't be able to log on.