So I found an interesting thing out today.  I have been working on trying to get two OS X ftp servers behind a virtual ip running on the Cisco CSS device.  I have been having problems with the connection completing and that there is a delay in completing the connection.  The delay was always about 11 seconds, I had opened a Cisco TAC Case and they couldn’t find anything.  I spent the better part of today doing packet captures trying to solve this problem.  First I found that the OS X server was trying to do dns lookups, well the vip wasn’t listed so I had to wait for that timeout to complete.  I then found out that there was still a delay in completing the connection.  After some more packet captures I found that by default the OS X server tries to use the identd service to determine the user that is accessing the service.  So after seeing this in the packet capture I figured out that I needed to stop the servers from trying to determine the user.  Here is what I found in the man page for identd: 

do_rfc931 noWhen specified, the xftpd(8) server will suppress the use ofRFC931 (AUTH/ident) to attempt to determine the username onthe client. This behavior may also be suppressed by providingthe command line argument ‘-I’ to xftpd(8).

I chose to add the above directive to my ftpaccess file, effectively disabling the check for AUTH/ident on the client. I did this by opening the Terminal (on the server), and issuing the commands below. Please note the use of two >’s – using only one > will screw up your ftpaccess file:

echo “do_rfc931 no” >> /Library/FTPServer/Configuration/ftpaccess

  serveradmin stop ftp && serveradmin start ftp  After running this configuration everything worked perfectly well and there is no longer any delay and the service is working perfectly well.