New? Password refused though it is correct. Yes, really!

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
Bordonbert
500 Command not understood
Posts: 4
Joined: 2024-02-12 06:39
First name: Albert
Last name: Burton

New? Password refused though it is correct. Yes, really!

#1 Post by Bordonbert » 2024-02-12 07:13

Hi guys. Sorry, I know this is a perennial query with not too many solutions which can be offered but I have to ask. I know there are cases of password refusal which can't be explained and are usually put down to "user error", (i.e. f***wit syndrome). I get the problem with inexperienced users and new ideas. This one is definitely not in the usual league as everything else is reported to be fine and the password can be guaranteed correct.

I have a remote family member with a NAS drive on their network. We have it set up with an FTP area for file swapping. All is well and I can access it and download and upload files just as I should - but only anonymously, which is obviously not ideal. However we know from that process that DNS is fine, ports are good and the server is being hit. Then I try to use a defined login and things deteriorate. The server accepts the username but refuses to accept the password. The Filezilla message string is as follows.

Status: Resolving address of woodsyonline.ddns.net
Status: Connecting to 114.152.79.80:5328...
Status: Connection established, waiting for welcome message...
Status: Plain FTP is insecure. Please switch to FTP over TLS.
Command: USER AWood
Response: 331 User AWood OK. Password required
Command: PASS ****
Response: 530 Login authentication failed
Error: Critical error: Could not connect to server

The details have been changed for security but the messages are exactly as reported in Filezilla. The password is a temporary one, very short and simple with no capitals. I have actually sat on the phone with my sister with her managing her NAS drive and reset the password and it is still immediately refused, and even after waiting some time which should not be necessary at all. I am using plain FTP as I decided to put off setting up FTP over TLS on her model until we had the process working fully.

Can anyone suggest anything that could be causing this?

User avatar
botg
Site Admin
Posts: 35443
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: New? Password refused though it is correct. Yes, really!

#2 Post by botg » 2024-02-12 08:50

To prevent guessing valid usernames, servers typically accept all usernames and only check for their existence once a password has been provided.

Please check your username, character case included.

Bordonbert
500 Command not understood
Posts: 4
Joined: 2024-02-12 06:39
First name: Albert
Last name: Burton

Re: New? Password refused though it is correct. Yes, really!

#3 Post by Bordonbert » 2024-02-12 11:28

Aha! Thanks for that bit of info Botg, I was completely unaware of that. I can assure you that the username is correct too for the same reason, case included. I have been trying to login with my sister sitting at the other end of the phone line managing the NAS drive in real time so the details were right in front of her face. I think the thing is to start from scratch with a new set of credentials and see if things turn out differently. I'll check out a new login and come back with the results.

Thank you for the heads up.

Bordonbert
500 Command not understood
Posts: 4
Joined: 2024-02-12 06:39
First name: Albert
Last name: Burton

Re: New? Password refused though it is correct. Yes, really!

#4 Post by Bordonbert » 2024-02-12 15:13

Just to round off here.

The clarts (Northern UK word for mud) are clearing a little. I couldn't get things to work at all so I simply hacked around with previous passwords that I could remember having used during the NAS setup with and found that a totally different login still worked. When we checked in the NAS management page it turned out to be, not an FTP login but a NAS access login. So setting up a username and password for FTP access is not what I was doing, despite the fact that that is what I thought was the case. FTP access is achieved with an overall NAS login. I don't get that at all. Is that actually the way things work? Is it not a security loophole in the NAS access area? Anyway, the problem seems to be solved as far as working access is concerned. Thanks to you Botg for pointing me in the right direction. It was the catalyst to finding where to go to get things up and running.

User avatar
boco
Contributor
Posts: 26861
Joined: 2006-05-01 03:28
Location: Germany

Re: New? Password refused though it is correct. Yes, really!

#5 Post by boco » 2024-02-12 15:37

Yes, that's possible. The FTP software is probably integrated with the NAS OS (usually some type of Linux) and uses system user credentials (aka Linux login). So the NAS does only have to manage privileges in one place.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

Bordonbert
500 Command not understood
Posts: 4
Joined: 2024-02-12 06:39
First name: Albert
Last name: Burton

Re: New? Password refused though it is correct. Yes, really!

#6 Post by Bordonbert » 2024-02-12 19:23

Thanks for the confirmation Boco. It seems it could be a bit "open door" to my mind. If you are given FTP rights then you also have a way into the whole system. But hey, what do I know? :wink:

I think this one is now pretty much explained. I'll have a look to see if system credentials for the NAS can be created with ultra limited, (maybe even FTP only?), permissions to cover this. Thanks both you guys, I knew you would get to the root of the issue.

User avatar
boco
Contributor
Posts: 26861
Joined: 2006-05-01 03:28
Location: Germany

Re: New? Password refused though it is correct. Yes, really!

#7 Post by boco » 2024-02-13 04:44

If you are given FTP rights then you also have a way into the whole system.
Not if the admin of said NAS does the job properly. You can strip all rights except FTP for any specific NAS login.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

Post Reply