We recommend that you set up the advanced settings by running a batch job in z/OS executing the IBM FTP program. You can transpose the FTP proxy authentication scheme to the data set containing advanced settings.
For example, the input to your FTP batch job is the following sample:
//INPUT DD * proxy_host_URL_or_IP anonymous@ftp.ca.com proxy_userid Support_Online_user_id ACCT proxy_password /*
Notes:
In this case, you would edit the advanced settings data set as follows:
<ADVOPTIONS>
<FIREWALL>
<FIRECMD>HOST;</FIRECMD>
<FIRECMD>REMOTE_USER;@REMOTE_HOST; USER;</FIRECMD>
<FIRECMD>REMOTE_PW;</FIRECMD>
<FIRECMD>ACCT; PW;</FIRECMD>
</FIREWALL>
</ADVOPTIONS>
Sometimes, the FTP input does not easily translate into the FIRECMD elements. In that case, you can use the SYSOUT of the batch FTP job. Use the //INPUT DD * batch job that is described at the beginning of this section to look for specific FTP commands and note the specific sequence.
The following SYSOUT is an abbreviated listing. The listing highlights the relevant statements that are used to formulate the FIRECMD statements.
Note: Comments are indicated by ==>.
EZA1450I IBM FTP CS V1R9
EZA1772I FTP: EXIT has been set.
==> The EZA1554I message shows the IP address of the FTP proxy server, and
message 220 typically, but not always, displays the URL of the FTP proxy.
Either of these can be specified in the CA CSM FTP Proxy settings as
an IP address or the FTP proxy server name. This would translate to
<FIRECMD> HOST;</FIRECMD>.
EZA1554I Connecting to: 123.456.789.1 port: 21.
220 Secure FTP server running on ftpproxyserver
==> The EZA1701I message indicates that the FTP USER command accepts a
concatenated string to provide the FTP proxy user ID, the FTP user ID, and
the actual FTP site to connect after the authentication is completed. This
concatenated string would be translated as
<FIRECMD>REMOTE_USERID;@USER;@REMOTE_HOST;</FIRECMD>.
EZA1459I NAME (123.456.789.1:ZOSUSERID):
EZA1701I >>> USER anonymous@proxy_userid@ftp.ca.com
==> Message 331 is an FTP proxy reply that indicates that the PASS command
will accept a concatenated string to provide the passwords for both
the FTP proxy server and the FTP server. As it does not specify which should
be first, check the //INPUT DD * sample to see that the FTP server password
is first (anonymous). Typically, but not always, if the user IDs are
concatenated, the passwords are concatenated in the same order. That means,
as in this case, the FTP user ID is first, therefore the FTP password is
first. This concatenated string would be translated to
<FIRECMD>REMOTE_PW;@PW;</FIRECMD>.
331 password: use password@password
EZA1789I PASSWORD:
EZA1701I >>> PASS
==> The following replies indicate the FTP proxy has successfully
authenticated your FTP proxy credentials, and is logging in to the
FTP server. The FTP server is acknowledging you have successfully
logged in.
230-User proxy_userid authenticated by Secure FTP authentication
230-Connected to server. Logging in...
230-220 ftp.ca.com NcFTPd Server (licensed copy) ready.
230-331 User anonymous okay, need password.
230-230-You are user #18 of 4000 simultaneous users allowed.
The following sample is an example of using the SITE command. The server uses this command to provide system-specific services that are essential to file transfer but not sufficiently universal to be included as commands in the protocol.
<ADVOPTIONS> <FIREWALL> <FIRECMD>HOST;</FIRECMD> <FIRECMD>USER;</FIRECMD> <FIRECMD>PW;</FIRECMD> <FIRECMD>SITE;REMOTE_HOST;</FIRECMD> <FIRECMD>REMOTE_USER;</FIRECMD> <FIRECMD>REMOTE_PW;</FIRECMD> </FIREWALL> </ADVOPTIONS>
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|