Summary
User ID TRAIN2 was unable to authenticate via FTP to z/OS system MTI3, receiving a ‘530 PASS command failed’ error, while TSO logon for the same ID worked successfully. The issue was caused by a missing OMVS segment on the RACF group associated with TRAIN2.
Symptom
| Field | Detail |
| User ID | TRAIN2 |
| FTP Server | FTPD1 — IBM FTP CS V2R4 at MTI3 |
| Error | 530 PASS command failed / Login failed |
| TSO Login | Working normally |
| Other IDs | TRAIN001 and TRAIN003 — FTP working fine |
FTP Error Output
| 220-FTPD1 IBM FTP CS V2R4 at MTI3, 17:38:41 on 2026-05-05. 220 Connection will close if idle for more than 5 minutes. 501 command OPTS aborted — no options supported for UTF8 User: TRAIN2 331 Send password please. 530 PASS command failed. Login failed. |
Investigation Steps
| # | Check | Finding |
| 1 | Password reset (TRAIN2 → AAYUSH) | No change — 530 error persisted |
| 2 | LU TRAIN2 OMVS — User OMVS segment | UID=0, HOME=/u/TRAIN2, PROGRAM=/bin/sh — all present and correct |
| 3 | LU TRAIN2 — Full RACF profile | ATTRIBUTES=SPECIAL, no revoke, no time restrictions, PASSDATE=26.125 |
| 4 | Compare working IDs (TRAIN001/TRAIN003) | FTP successful — confirmed server/network healthy |
| 5 | RACF group TRAINCGP — OMVS segment | OMVS segment MISSING from group — ROOT CAUSE identified |
Root Cause
The RACF group TRAINCGP (default group for TRAIN2) did not have an OMVS segment defined. FTP on z/OS runs under z/OS Unix System Services (USS) and requires OMVS segment resolution at the GROUP level during authentication — not just at the user level. TSO does not have this requirement, which is why TSO login continued to work while FTP failed.
Resolution
The OMVS segment was defined on the RACF group TRAINCGP. FTP login for TRAIN2 was immediately restored following this change.
| ALTGROUP TRAINCGP OMVS(GID(xxxx)) |
Key Lesson
On z/OS, the OMVS segment must be defined at both the USER and GROUP level for FTP authentication to succeed. A correctly defined user-level OMVS segment alone is not sufficient. When creating new user IDs that require FTP access, always verify that the associated RACF group also carries a valid OMVS segment.