How to configure user authentication for BorderManager 3.9 FTP proxy and FTP client

  • Document ID:7001248
  • Creation Date:29-Aug-2008
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      BorderManager

Environment

Novell BorderManager 3.9
Novell BorderManager 3.9 Support Pack 1

Situation

Connection with FTP client to remote FTP server through the BorderManager FTP proxy fails when User Authentication is set to "Clear Text User (or) Password."  BorderManager replies to FTP client with error: Could not connect to server.

Resolution

To enable FTP proxy user authentication with clear text username and password, open iManager and go to BorderManager -> Proxy Services, select the BorderManager server, and go to Application Proxy -> FTP.  Check the following configuration:
  1. "Enable this proxy" must be checked.

  2. "Username/Password Separator" is set by default to the dollar sign ("$"), but can also be set to another symbol, such as the "at" sign ("@").  This character separates the eDirectory username, FTP username, and FTP hostname in the USER command, and the eDirectory user password and FTP password in the PASS command.  The sign set here is what BorderManager will expect the FTP client to use when connecting.

  3. "Anonymous FTP Email Address" is set to the email address to be used by the BorderManager to anonymously authenticate to an FTP server.  The default value is "NovellProxyCache@".

  4. "User Authentication" is set to "Clear Text User (or) Password" if users will be required to enter eDirectory credentials to log into the BorderManager proxy server.
When using an FTP client to access an FTP server through the BorderManager proxy, the FTP client must be configured to use the proxy, and to provide the eDirectory username and password.  FTP clients will send a USER and PASS command to BorderManager that must use the correct syntax.  BorderManager expects the following to be sent by the client:
USER john_smith.novell$anonymous$ftp.novell.com
PASS xxxxx$yyyyy
Where "john_smith.novell" is the eDirectory fully-distinguished username, "anonymous" is the remote FTP username, and "ftp.novell.com" is the remote FTP host.  "xxxxx" is the eDirectory password and "yyyyy" is the remote FTP password.  The separators in this case are dollar signs ("$"), but may be different depending on what is specified in the BorderManager FTP proxy configuration (see number 2 above).

Additional Information

Here is an example configuring the FileZilla FTP client to use the BorderManager FTP proxy:

FileZilla 3.x can be set up to support BorderManager using a user-defined FTP proxy login sequence:
  1. In FileZilla, go to Settings -> Connection -> FTP -> FTP Proxy.

  2. Under "Type of FTP Proxy," select "Custom."

  3. Enter the following syntax, assuming BorderManager is using the dollar sign separator:
    USER %s$%u$%h
    PASS %w$%p
    Here are the format specifications for the above script:
    %s - Proxy user
    %u - Username
    %h - Host
    %w - Proxy Password
    %p - Password

  4. Enter the IP address of the BorderManager FTP proxy in the "Proxy Host" field.

  5. In the "Proxy user" and "Proxy password" fields, enter the eDirectory fully-distinguished username (for example, "john_smith.novell") and the eDirectory user password that will be used to authenticate to BorderManager.