This post is more than 5 years old
4 Posts
0
1608
December 10th, 2010 15:00
Understanding FTP with a CIFS Server
Hello,
I am a new comer when it comes to understanding EMC technology so please forgive me if I have overlooked something simple with this inquiry. We have a CIFS server on a created VDM used for network storage by general users in our company, which is (as specified under the "CIFS Server Properties" page) a "Windows 2000/2003" server type. I know that EMC advertises that Celerras can have FTP, NTP, and CIFS services, but I expect those to be set up and managed seperately. The thing is, recently a network scan revealed that this VDM or CIFS Server (according to its network name we gave for the share) has FTP access to it, basically giving us the warning "FTP server (refering to the EMC share) does not support AUTH command". I didn't even know FTP access was enabled for our CIFS share. Perhaps it stems from me not fully understanding what the FTP access is to: is it to the VDM or to the CIFS Server? I am assuming that the VDM and the CIFS Server running on it are not considered the same thing, although we named our VDM in such a way as you would think that that is its only use (for CIFS only - thus FTP services were unexpected and perhaps a security issue on our network).
Can anyone help me sort this out, and also instruct me on whether it is possible to disable this FTP service, or as our scan recommended enable "AUTH" support (it thinks it is a Windows 2000/2003 server thus recommends a fix for Windows not applicable to the EMC). I apologize for the novice question. Any assistance would be much appreciated!
Best regards,
Josh
dynamox
9 Legend
•
20.4K Posts
0
December 10th, 2010 15:00
ftp is enabled on physical datamover, you can disable the service:
server_ftp server_2 -service -stop
dynamox
9 Legend
•
20.4K Posts
1
December 10th, 2010 15:00
more info
FTP on Celerra 5.6.47 A05
jmnielsen
4 Posts
0
December 13th, 2010 06:00
Okay, great! Simple enough. Thank you both for your help. That FTP guide will come in handy as well.
Thanks,
Josh
Rainer_EMC
4 Operator
•
8.6K Posts
1
December 13th, 2010 06:00
yes
and no - the secondary pulls the complete config of the primary on failover - so you don't need to disable it there
jmnielsen
4 Posts
0
December 13th, 2010 06:00
Thank you. So does that mean that no matter how many VDMs you have on a physical data mover they all share the same FTP service (and same username/password) based on which physical data mover they are on?
And I assume that if you don't disable the service as well on the secondary physical data mover that in the event of a failover of the primary DM to the secondary the FTP services would be restored while the VDMs are running on it?
Thanks,
Josh
jmnielsen
4 Posts
0
December 13th, 2010 11:00
Thanks EBoroush. I have bookmarked that reference.
Also I think I may have deciphered what the vulnerability scan of our CIFS server was expecting/talking about when it noted that it did not support the AUTH command. From some config documentation I read for a different internal FTP server we set up, enabling AUTH was a matter of enabling SSL connections. So perhaps this means the vulnerability detected on the EMC was that it is possibly running over FTP and not over FTPS. That is just a guess though.
-Josh