Network and Storage Protocols
Network and Storage Protocols
I've been trying to get FTP file access going by means of anonymous FTP login, but something's a miss... It's ONTAP 188.8.131.52 simulator - and I've followed all the steps described in http://now.netapp.com/NOW/knowledge/docs/ontap/rel7261_vs/html/ontap/filesag/index.html , under "File access using FTP" section. Here it is, in short:
options ftpd.enable on
options ftpd.auth_style ntfs
I've created a volume called "vol1", with a qtree named "anonymous" and entered the path into the /etc/cifs_homedir.cfg file: /vol/vol1/anonymous
cifs load homedir -f
options ftpd.anonymous.enable on
options ftpd.anonymous.name anonymous
options ftpd.anonymous.home_dir /vol/vol1/anonymous
In the end, I've tried creating an FTP connection from my laptop to it but I got the following error report:
C:\Documents and Settings\Laptop>ftp 192.168.0.130
Connected to 192.168.0.130.
220 simulator FTP server (NetApp Release 184.108.40.206: Wed Jun 25 07:59:11 PDT 2008)
User (192.168.0.130:(none)): anonymous
331 Guest login ok, send ident as password.
530 Login incorrect - User has no home directory.
For password I just hit Enter, later on I tried other ideas (guest, anonymous, etc) but none worked... I'd say that User has no home directory is indicative enough to suggest there's something wrong with mapping anonymous user with his homedirectory /vol/vol1/anonymous? Any thoughts?
My first thought is a permission or user mapping issue.
The auth_style doesn't matter much if you're just doing anonymous. It matters when you're doing real users.
So it will depend on what the security style of the qtree is and what the permissions are at the top level of that qtree.
Keep in mind that your anonymous user will be treated as user 'ftp' as defined in the /etc/passwd file on the controller.
So, if the qtree style is UNIX, you will need to be sure that the uid of ftp can at least read and access that qtree. Keep in mind
this includes the the root of the volume as well. If the qtree style if ntfs (or even mixed), you will either have to have a Windows
user called 'ftp' or you will need to map the UNIX user 'ftp' to some other Windows user so that user mapping can be done.
Then that user (whatever you choose from above) will need to be able to access and read the path of the home directory you
The error message can be a bit deceiving. It's says "No user home directory", but you can get that if user ftp can't
reach that directory as well.
Hope this helps.
Does your explanation means, that a UNIX user named Drift can not access a FTP directory. Only a Windows user can access a FTP directory?
My qtree style is set to NTFS
My ftpd settings is as follow:
pfa-9m-01> options ftpd
ftpd.idle_timeout 900s (value might be overwritten in takeover)
ftpd.max_connections 500 (value might be overwritten in takeover)
ftpd.max_connections_threshold 0% (value might be overwritten in takeover)
When trying to access my FTP homedir with username: drift and password: xXxXxXx I´m getting this error.
ftp> open 10.224.13.67
Connected to 10.224.13.67.
220 pfa-9m-01 FTP server (Data ONTAP Release 7.3: Thu Jul 24 15:55:58 PDT 2008 (IBM)) ready
User (10.224.13.67:(none)): drift
331 Password required for drift.
530 Login incorrect.
For UNIX user to access a directory path on a NTFS qtree, he would need a valid user mapping to a Windows user. This is needed to calculate/validate user Drift's claim to have access to the specified path. Failing this FTP subsytems returns path inaccessible error as "user has no homedirectory".
Can you please check if you have a default Windows user set in option wafl.default_nt_user. Or you can have a user mapping defined to drift to any Windows user in /etc/usermap.cfg.
You can verify it using command "wcc -u drift". This should reflect desired mapping after setting either of the above option. Now anonymous FTP login should work for you.
try changing :
I've tried changing auth_style and you're right, it doesn't change anything... As for the qtree, I've set it to NTLM and set permissions to Full Control for everyone. Also, I've tried changing the home directory path - and it's still the same problem.
So, you think if I set the qtree security style to NTFS I will need a user called "ftp" to access it anonymously? I was actually going for a possibility of an anonymous ftp acess, for most of the users here. It's a simple workgroup of XP platforms. Can I somehow work around it so I can access it as any user?
Ok. This is sounding more like a user mapping issue. You can verify this by turning on the option cifs.trace_login and watching the console when you login.
It's all fine and good that you have the permissions set to everyone / full, however you must still be able to map to a Windows user so that the permissions can be applied. In this case, you will need to map either use "Drift" or user "ftp" to a valid Windows user. If you have a Windows user "Drift" or "ftp" already, you should be set. If not you will need to map some Windows user to one of those 2 users via the /etc/usermap.cfg file.
Hope this helps
A suggestion on mapping users.
If you need to map a user from cifs/unix, you will need to change your usermap.cfg with an entry like this:
filername\administrator == root
Make sure that you have local administrator privileges for the user on the filer.
Hope this helps.
Make sure you have permissions to the whole /vol/xxx path down to the directory you are using.
If there are locked down permissions at say /vol/testvol before you get to /vol/testvol/ftpdir, then
even if ftpdir is wide open, you will get the "no home directory" error. Just something to check.
This has bugged me for many years and I've just worked around it. Netapp support always goes down the rathole of permissions and mappings, but I have found the following always gives me root access using ftp:
On new filer install, no protocols yet configured, on the console I disable security.rules.enable .
Next I license CIFS and run cifs setup. I'll not join AD , but set it up for workgroup. In this process, the administrator account is created and passworded identical to the root password. ( the security option above allows this).
Viola! Once this is done, for some reason,I can now login as root via ftp. Of course all I've enabled is ftpd.enable on.
Noone, literally NO ONE has told me why this works....in 10 friggen years! I use the process ALL the time as I like ftp....( use htpp/cifs shares/nfs exports too..)
i don want any anonymous as my username
also when i enable ftpd.anonymous.enable on... it accepts any dummy password to logon..
can we give a specific username and password so that we can login via those credentials only..
so that even if they have path for ftp and username... unless they specify exact password they shouldn't be able to log on.