Troubleshooting
Problem
An FTP client user attempts to log on to a z/OS FTP server. After the correct password is entered for user verification, the following server reply is received: 530 PASS command failed
Diagnosing The Problem
With the ACC and FLO DEBUG options specified for the FTP server (see the section "Documentation for FTP Server Problems" in the Technote MustGather: Collect Troubleshooting Data for FTP for the z/OS Communications Server for instructions on starting an FTP server trace), the following messages are included in the FTP server trace:
RA0786 pass: use __passwd() to verify the user
RA0809 pass: __passwd() failed - EDC5163I SAF/RACF extract error. (errno2=0x090C1C00)
RA0888 pass: The username access has been revoked
SR2910 reply: entered
SR2947 reply: --> 530 PASS command failed
In v1r12 and later, the messages appear as:
RA0862 pass: use __passwd() to verify the user
RA1100 pass: getpwnam() failed - EDC5163I SAF/RACF extract error.
(errno2=0B490808)
SR3360 reply: entered
SR3397 reply: --> 530 PASS command failed
Consider adding an ACCESSERRORMSGS TRUE statement to the FTP.DATA input used by the server (typically referenced via the SYSFTPD DD in the started proc). This will cause the server to provide more information to the end user about the nature of any logon failure (besides just '530 PASS command failed'). Some sites' security policies restrict providing more information in these cases, which is why ACCESSERRORMSGS defaults to FALSE.
Resolving The Problem
Each user logging in to the FTP server must have a UID defined in the user's OMVS segment. In this case, the user logging in does not have a UID defined in the OMVS segment, resulting in the PASS command failure. To resolve the problem, define a UID in the user's OMVS segment.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21221096