Some FTP sessions fail when OES FTP server is handling multiple sessions

  • 7011487
  • 11-Dec-2012
  • 13-Dec-2012

Environment

Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Novell Open Enterprise Server 11 (OES 11) Linux

Situation

An OES FTP Server (OES running "Novell FTP" or "pure-ftpd") is using the setting "remote_server yes" in /etc/pure-ftpd/pure-ftpd.conf.  The FTP server is handling multiple simultaneous sessions.  In this environment, some FTP sessions might fail to login or fail to reach remote Novell volumes.

Resolution

OES 11 SP1 contains all existing fixes for this issue.
 
 
For OES 11 SP0:
 
The best recommendation is to update to OES 11 SP1 (which also requires SLES 11 SP2).  However, if this is not yet feasible:
 
The required OES updates were mostly contained in OES 11 SP0 July Maintenance (released early August 2012).  Another minor fix was released in OES 11 SP0 November Maintenance (release early December 2012).  If the system has these maintenance updates, these packages and minimum versions should be visible: 
 
novell-novfsd  3.0.3-5.5.1
novell-xtier-base  3.1.9-0.11.72
 
(This is not intended to mean that only these packages are needed.  But if their presence is confirmed, that is evidence that the necessary OES updates are present.)
 
A field-test build of pure-ftpd which contains improvements for this issue is also needed. This fix is not expected to be released to the public maintenance channel, since pure-ftpd is a SLES package and maintenance for SLES 11 SP1 has ended.  However, a build which can be used on OES 11 SP0 / SLES 11 SP1 can be obtained by emailing dpartrid@novell.com.
 
 
For OES 2 SP3:
 
The required OES updates were mostly contained in OES 2 SP3 July Maintenance (released early August 2012).  Another minor fix was released in OES 2 SP3 November Maintenance (release early December 2012).   If the system has these maintenance updates, these packages and minimum versions should be visible:  
 
novell-novfsd  3.0.2-0.11
novell-xtier-base  3.1.8-0.27
 
(This is not intended to mean that only these packages are needed.  But if their presence is confirmed, that is evidence that the necessary OES updates are present.)
 
The minimum update for the SLES pure-ftpd package is pure-ftpd 1.0.22-0.30.1, which can be found in the maintenance channel for SLES 10 SP4.

Cause

To accomplish remote server and volume access, an OES FTP server (pure-ftpd) performs an NCP login on behalf of the user with the command "nwlogin".  This is in addition to the normal LUM authentication which would take place even without "remote_server yes".  Nwlogin is part of the Novell Client for Linux.  Some versions of the Novell Client for Linux have had scalability problems, and some versions of pure-ftpd haven't used nwlogin as correctly as they should.