Hey guys

We're running a few ftp servers, and have some ident problems.

Some of our users are behind a firewall, which blocks for ident requests.
We could disable the ident lookups totally, but we have some other users, which we require to run identd.

Then i was thinking about a feature, which disabled ident lookups for users, which ident was *@ip

Thanks in advance, BeBoo

what's wrong with

site addip <user> *@ip ???

if adding a user with a wildcard for an ident is your request you'll be happy to know it already does this

I've already done that, but it is still trying to lookup the ident on the machine.. and then fails the login, because the firewall blocks the connection..

as mr_F said, *@ip comletely disables ident check for predefined user. Even if site checks ident, it wont care if it does match or not (because you have specified *).

Yes, I'm 100% sure about that as I got some users too who are behind some spooky FW or they just can't ident because their ISP blocks it...

Btw, you could try to delete all IPs for that troubled user and just add * (just for test). I bet $100 that he'll be able to login (yep, even if site will check his ident as you've said and even if that ident doesn't match (but it will match cause we've specified "*" which means ANY ident, even none)).

Okay thanks, i will give that a try.

Well, that was 100 bucks for me then ;)

I dont know whether this is the correct forum to post further - but we localized the problem to be that ident thingie, cause our firewall logs told us that it was trying to connect to the identd, and after that the connection to the server times out.

We just get a
421 Timeout (15 seconds): closing control connection.
error, when trying to connect.

I'm not sure that it is caused by the ident lookup problem, but that was the most obivous thing i could think of.

We got TLS enabled and required on the servers if that makes a different

Nope, u still owe me $100... plus $100 for this reply.

Here how it looks like when your ident

Ident Request: server.ip.goes.here - UserID: ident.here
220 welcome.msg.goes.here
USER user.on.the.site
530 Login incorrect.
Connection failed
It doesn't matter if your mask is * or *@* or *@*.*.*.* or ident@ip or anything, site *will* send you the ident request. And only then (according to the specified mask) it will allow you in or not.