Found some more info in my error logs. These lines appears in system.log every time I try accessing the FTP server via Terminal:
Apr 14 09:42:03 cembserver ftpd: ACCESS DENIED (not in any class) TO 172.16.0.135 [172.16.0.135]
Apr 14 09:42:03 cembserver ftpd: FTP LOGIN REFUSED (access denied) FROM 172.16.0.135 [172.16.0.135], meleftp
"meleftp" is the username that's trying to connect to the FTP server. That same sequence appears when I try any other username (that should have access to the FTP server).
When I try accessing FTP via CyberDuck (the first time):
Apr 14 09:07:52 cembserver ftpd: FTP LOGIN REFUSED (bad shell or username in /Library/FTPServer/Configuration/ftpusers) FROM 188.8.131.52 [184.108.40.206], meleftp
Apr 14 09:07:52 cembserver emond: Host at 220.127.116.11 will be blocked for at least 15.00 minutes
Apr 14 09:07:52 cembserver afctl: Firewall not running or managed by another entity, rule not added
Later, I tried accessing via Cyberduck and I get this:
Apr 14 09:47:20 cembserver ftpd: ACCESS DENIED (not in any class) TO 18.104.22.168 [22.214.171.124]
Apr 14 09:47:20 cembserver ftpd: FTP LOGIN REFUSED (access denied) FROM 126.96.36.199 [188.8.131.52], meleftp
Apr 14 09:47:20 cembserver emond: Host at 184.108.40.206 will be blocked for at least 15.00 minutes
Apr 14 09:47:20 cembserver afctl: Firewall not running or managed by another entity, rule not added
What does the "FTP LOGIN REFUSED (bad shell or username in /Library/FTPServer/Configuration/ftpusers)" section mean? Do I have a corrupted file or something?
Launch Terminal.app and issue the command
and see what's listed in there, as a start. It should be a text list of users cleared for ftp use.
Also check the FTP server configuration, as corruptions have also been reported in this file:
That can be reset from the default version of the file located in that same directory.
Make sure the users have a login shell preference set in their login preferences via System Preferences or (more commonly) via Workgroup Manager.
And for completeness, make sure your DNS isn't messed up. You should get a "There is nothing to change" diagnostic from this command:
sudo changeip -checkhostname
Also try sftp. That does no-password logins, and it's a whole lot easier to deal with around firewalls, and it doesn't spray cleartext users and passwords around on what is undoubtedly an insecure network.
[Here is a previous thread|http://discussions.info.apple.com/message.jspa?messageID=6413664], and there are links there to another thread or two.
Checking FTP Users yields:
I assume this is the default list? I tried just typing the name of a valid user at the end of the list, but it didn't allow that user to login.
Checking FTP Access yields:
upload /Library/FTPServer/FTPRoot /uploads yes ftp daemon 0666 nodirs
upload /Library/FTPServer/FTPRoot /uploads/mkdirs yes ftp daemon 0666 dirs 0777
limit anonusers 50 Any /Library/FTPServer/Messages/limit.txt
limit realusers 3 Any /Library/FTPServer/Messages/limit.txt
Checking the hostname got:
2011-04-14 10:42:52.723 serveradmin[65576:903] Exception in doCommand: * -[NSCFDictionary setObject:forKey:]: attempt to insert nil value (key: context)
dirserv:error = "NILRESPONSEERR (* -[NSCFDictionary setObject:forKey:]: attempt to insert nil value (key: context))"
When I try SFTP, I get I/O Error: connection failed. Connect timed out.
The password workaround suggested here (http://discussions.apple.com/thread.jspa?messageID=6282950) doesn't work. When I get to step three, it won't allow me to do that, even though I'm authenticated as the server's admin.
This link did work for me though:
Resetting the ftpaccess file back to defaults fixed it and I'm not able to log in to my FTP server. Thanks for pointing me in the right direction and helping MrHoffman!
Message was edited by: chris.wilcoxson
Please launch Terminal.app and issue the command:
sudo changeip -checkhostname
If what you showed with that stackdump was the result of issuing that command, then there looks to be a low-level system configuration error or a problem with DNS services.
Mac OS X Server requires DNS on a private network and (based on the references to 172.16.0.135) you appear to be using the private "class B" block (as it used to be called). You will want to configure local DNS services within this block for at least your Mac OS X Server box itself (and it's usually preferred to just configure it all and to run DNS services for the whole of your private network), while you will have problems if you attempt to use your ISP DNS servers as your primary source.
Make sure you have IPv6 shut off for testing, as that can cause path issues.
I don't recommend running Mac OS X Server as a router, and (based on some of what you've posted) that might well be the case here. Mac boxes make for poor (slow, expensive, awkward, had to configure) IP network gateway/router boxes, and the usual sorts of system operations and configuration activities that occur on many servers can end up unexpectedly exposing ports to the Internet wilds. (There are a number of folks that have posted issues they've encountered here in the forums, too.)
The fix mentioned earlier was for 10.4 server boxes and a corruption of an ftp configuration file. I don't know that that error applies to 10.6. (Files can certainly get corrupted, but I'd not expect to see the network switch from working to not. That form of misbehavior usually implies some sort of DNS translation or IP routing error.)