New Top Secret ACIDs Using FTP Get Logon Error
search cancel

New Top Secret ACIDs Using FTP Get Logon Error


Article ID: 94839


Updated On:


Top Secret Top Secret - LDAP


New ACIDs are trying to use FTP and fail with the following at a windows command prompt: 

U:\>ftp p01 
Connected to 
220-FTPSERVE IBM FTP CS V2R1 at, hh:mm:ss on yyyy-mm-dd. 
220 Connection will close if idle for more than 5 minutes. 
User ( xxxxxx
331 Send password please. 
530 PASS command failed 
Login failed. 
ftp> quit 
221 Quit command received. Goodbye. 

In the USS /var/syslog/info.log we see: 

D01 ftpd[67174654]: EZYFS50I ID=FTPSERVE CONN starts Client 
D01 ftps[67174654]: EZYFS57I ID=FTPSERVE ACCESS fails USERID= Reason=11 Text=The access to the user database by userid failed 
D01 ftps[67174654]: EZYFS52I ID=FTPSERVE CONN ends Input=0 bytes Output=0 bytes 

No violations appear in the Top Secret Violation report.


Component: TSSMVS


TSSUTIL reports violations on the z/OS side of things. 
TSSOERPT reports on the violations on the USS side of things. 

So if you dont see any violations on the zOS side with TSSUTIL side, run the TSSOERT to see if you are getting any violations on the USS side of things. 

TSSOERPT shows the following violation:

initUSP xxxxxx * N/A N/A 8 8 
mm/dd/yy yy.ddd FTPSERVE xxxx 
Failed - Current group incompletely defined as OpenMVS group

The ACID was missing a GID.


After adding a GROUP to the user ACID, the problem was resolved.

TSS ADD(acid) GROUP(groupname)

You cant attach a GID directly to a user. You attach a GID to a GROUP acid, then attach that GROUP acid to a user ACID.