Solved

Changing the Default Library for FTP User Profile

Posted on 2004-04-09
34
1,557 Views
Last Modified: 2010-08-05
I'm setting up a user profile on the 400 for an external company to log in and upload a file to us.  I would like for them automatically default to the library they are to upload to, but when I log in with this profile, the FTP session tries to make the default library QGPL.  How do I change it to be the library they are to upload to?
0
Comment
Question by:kdemaria
  • 14
  • 14
  • 3
  • +2
34 Comments
 
LVL 3

Expert Comment

by:RQnone
ID: 10792699
There are 2 ways to handle depending on where you want them to end up, In a library or on the IFS

1) If you want them to end up in a library simply change the user profile
CHGUSRPRF USRPRF(MYFTPUSER) CURLIB(MYFTPLIB)    

This will show
 "MYFTPLIB" is current library.

2) If you want them to end up on the IFS you will need to change some configurations for the FTP server and the user.
 
Change the ftp server to use path and home directory  
CHGFTPA NAMEFMT(*PATH)  CURDIR(*HOMEDIR)

Dont forget to end then start the FTP server after making the above change.
ENDTCPSVR SERVER(*FTP)
STRTCPSVR SERVER(*FTP)

Then change the user profile you are using to connect
CHGUSRPRF USRPRF(MYFTPUSER)  HOMEDIR('/HOME/MYFTPUSER')

When the user connects they will be in whatever home directory you assign, just make sure it exists.

 
0
 

Author Comment

by:kdemaria
ID: 10792843
Actually, the current library is set to the library I want them to use already.  However, when I log into an FTP session using this ID, it still defaults the library to QGPL.
0
 
LVL 3

Expert Comment

by:RQnone
ID: 10792905
check the server configuration

CFGTCPAPP *FTP

Look for the paramiter CURDIR it should say *CURLIB yours proabably say QGPL.

If that is not it check the authority of the library an make sure your user has *ALL authority to it.  
0
 

Author Comment

by:kdemaria
ID: 10792955
I checked the server configuration and it says *CURLIB and the profile has *ALL authority on the library I want them to use.  I'm still getting "Not able to set library QGPL for user" when I try to start an FTP session with this profile.
0
 
LVL 3

Expert Comment

by:RQnone
ID: 10793214
It sounds like the configuration you have is correct but thare are a few things to check.

Make sure the user profile has the CURLIB set to the correct library and not *CRTDFT

Do a WRKREGINF and look at the following exit points to make sure your sytem is not overriding the settings
QIBM_QTMF_CLIENT_REQ
QIBM_QTMF_SERVER_REQ
QIBM_QTMF_SVR_LOGON  
QIBM_QTMF_SVR_LOGON  
QIBM_QTMF_SVR_LOGON  

If you find a program atatched to any of the exit points you need to find out what it is doing.
0
 

Author Comment

by:kdemaria
ID: 10793337
Current library on the user profile points to the library I want and there are no programs attached to any of the exit points. =/
0
 
LVL 3

Expert Comment

by:Mind_nl
ID: 10810811
The changes you make to the server configuration become active after you restarted the server.
0
 

Author Comment

by:kdemaria
ID: 10813321
The server configurations were already set to what was recommended above.  There's still a setting that's not quite right somewhere.
0
 
LVL 1

Expert Comment

by:MarcoMi66
ID: 10853294
Check the NAMEFMT paramter on CHGFTPA
0
 

Author Comment

by:kdemaria
ID: 10859742
The NAMEFMT parm is set to *LIB.
0
 

Author Comment

by:kdemaria
ID: 10873179
Increasing the points to 500.  I need to get this fixed.
0
 
LVL 1

Expert Comment

by:MarcoMi66
ID: 10883117
Which OS/400 Version is installed?
Which Telnet Client are you using?
0
 

Author Comment

by:kdemaria
ID: 10883207
We're on V5R2.  As far as which telnet client, I'm not sure what answer you're looking for.
0
 
LVL 1

Expert Comment

by:MarcoMi66
ID: 10883228
Are u using the telnet command from command prompt on a PC or are u using telnet command on the iSeries itself?
0
 

Author Comment

by:kdemaria
ID: 10883277
Actually, it would be an outside business partner.  I'm not sure what they would be using.  We're supposed to supply them with a user ID and password.  I've tried testing it using a command prompt.
0
 
LVL 1

Expert Comment

by:MarcoMi66
ID: 10883348
Question 1:
you mean that u have typed ftp at the command prompt, typed in user and password and then when you typed in the PWD command you received "QGPL is current library" even if the CURLIB parameter on the USRPRF is different?

Question 2:
What if you type cd <yourlibrayname> into the ftp client? Does the library change?
0
 

Author Comment

by:kdemaria
ID: 10883420
Answer 1:  Right now I have all libraries locked down and QGPL is set to *CHANGE for the user profile that I'm trying to test.  I can log onto the AS/400 using a telnet interface (Reflections, Client Access, Rumba, etc.), but when I try to connect via FTP, I get "Not able to set library QGPL for user XXXXX; logon rejected.  Login failed."

Answer 2:  I do not want them to be able to change directories.  I want them to be able to log into *only* the library they are to upload a file to.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 1

Expert Comment

by:MarcoMi66
ID: 10883650
I was able to replicate you problem in the following way (even if i got an error message slighty different),
 - I created a new user profile.
 - I changed QGPL authorization and gave the USER auth *CHANGE to QGPL
 - I changed his CURLIB to a library to which the user have not authorisation
 - I started the FTP client and made a logon.
 - My current "dir" was QGPL
 - I logoff from the FTP client
 - I changed QGPL authorization and gave the USER auth *EXCLUDE to QGPL
 - I started the FTP client and made a logon.
 - I received the following error:
"530 Not able to set ASP group for user TSTTLN; logon rejected. Accesso non riuscito."
I think it's possible to translate "Accesso non riuscito" in "Login failed".

So what I think is that the USER has not the authority to use some object needed.

What you should do is:
 - replicate the problem (do not close your ftp session)
 - do WRKACTJOB SBS(QSYSWRK) JOB(QTFPT*)
 - find your job
 - look at his JOBLOG

What you should find is an error message reporting the name of the object for which the user need authorisation (in my test was the USRPRF JOBD).
0
 

Author Comment

by:kdemaria
ID: 10889414
I tried doing that and the error message I receive is "ASP group for thread X'0000000000000001' set to *NONE."  Unfortunately this is not incredibly helpful to me.
0
 
LVL 1

Expert Comment

by:MarcoMi66
ID: 10892961
And when you have the
"Not able to set library QGPL for user XXXXX; logon rejected.  Login failed."
error: don't you find anything useful in the JOBLOG?
0
 

Expert Comment

by:lhamrick
ID: 10893000
No.  Unfortunately that's the only message I get in the joblog related to the login failure.
0
 
LVL 1

Expert Comment

by:MarcoMi66
ID: 10893331
How many QTFTP* jobs do you have?
0
 

Expert Comment

by:lhamrick
ID: 10893425
We have four running.  There was only one that had it's joblog updated when I received a login failure and the message I posted was all I received.
0
 
LVL 1

Expert Comment

by:MarcoMi66
ID: 10893545
Some other question to understand better...

Which is the value of QSECURITY sysval?
Are you using IASP?
What if you login with another user or with a user with USRCLS=*SECOFR?
What if you ftp using the iSeries Ftp Client?
0
 

Author Comment

by:kdemaria
ID: 10893586
QSECURITY = 40
I'm not sure what IASP is.
If I log on with my own user ID, I can login to FTP fine, but the default library is QGPL.  However, I never specified for it not to be.
I've never used the iSeries FTP Client and the outside user will more than likely just be using a command prompt (they're a UNIX shop).
0
 
LVL 1

Expert Comment

by:MarcoMi66
ID: 10893641
Just for testing purposes:
change the USRCLS of the test user to be *SECOFR and see if you can login to FTP
0
 

Author Comment

by:kdemaria
ID: 10894367
I am still not able to log in via FTP and I receive the same error both on the FTP session and the FTP job running in QSYSWRK.
0
 
LVL 1

Expert Comment

by:MarcoMi66
ID: 10899680
So, if the test user profile is not able to connect, whilst your usrprf is able to connect, i think there should be something different on the User Profile object.
Could you post the PRINT SCREEN of both usrprf so that we can check differences?
0
 

Author Comment

by:kdemaria
ID: 10900011
The difference between my user profile and this new one is that I have access to the world with mine, and the new profile is as restricted as you can possibly make it.  The new profile has no special authorities and is set to User Class *USER.
0
 
LVL 1

Expert Comment

by:MarcoMi66
ID: 10900921
I found this document on IBM KB.
It shows the correct steps for configure a ftp user with authority just to a single library. Please not the top "Caution Box"!!!

Here is the link.

http://www-912.ibm.com/s_dir/slkbase.nsf/1ac66549a21402188625680b0002037e/fc43073abb4e0d3286256ab1005c19b3?OpenDocument&Highlight=2,ftp,security,single,library

Hope it can help!
0
 
LVL 1

Accepted Solution

by:
MarcoMi66 earned 500 total points
ID: 10901077
Ok! Perhaps I found a significant information.
It seems that some security change has been implemented on V5R2.
On the following link, you'll find a "step-by-step" guide to set up Ftp Security using Operational Navigator.
http://www.midrangeserver.com/tfh/tfh082202-story06.html
Please let me know if this is somewhat useful.
0
 
LVL 1

Expert Comment

by:MarcoMi66
ID: 10901196
I think you have to check if the user has logon access to the FTP server
0
 
LVL 1

Expert Comment

by:MarcoMi66
ID: 10932613
Thank you KdeMaria.
Happy to have helped and thanks for points!
Me too have learned something new!!
0
 

Author Comment

by:kdemaria
ID: 10932624
Thanks for all the help!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now