I am unable to telnet or ftp into my linux box from my windows laptop, however can "pull" files from XP to Linux. I checked the firewall, it allows both telnet and ftp and I also disabled firewall entirely to be sure that's not the problem.

Typing commands
>which telnet
shows
/usr/kerberos/bin/telnet
and
>which ftp
shows
/usr/kerberos/bin/ftp
so I believe the programs are installed.

I tried >ftp linuxboxname
and get
ftp: connect: connection refused

telnet from the linux box to self gives
trying 192.168.2.4...
telnet: unable to connect to remote host: connection refused

It seems clear the linux box is NOT allowing incoming connections either to telnet or ftp, but what to do about it?

I also used a command which shows the ports which both services are using and they're both using the standard ports (21 & 23) but I can't remember which command it was anymore.

Any suggestions how to troubleshoot this problem? Connectivity to the internet is fine, but without these two services it won't be much use on my home network. Thanks.

Hi, and welcome to LQ!

/etc/xinetd.d
holds the things you want ... but really
you shouldn't use either since they send
passwords plain-text.
use ssh and scp/sftp respectively.



Cheers,
Tink

Thanks for the tip, it got me closer. I edited the file krb5-telnet to change disable = yes to no. Now I can telnet into my linux box, just have to put up with an error message saying "cannot resolve network address for KDC in requested realm while getting credentials" and then it works. The krb5-telnet files mentions "kerberized telnet server accepts normal telnet sessions", so that's good enough. I also ensured kerberos is not enabled.

Now. about the ftp ... (I know both telnet and ftp are security risks but it's my little home network behind a firewall ... should I ever decide to run a web server I'd have to change).

From linux to Windows I can connect ftp, pull files to linux, but not push a file to windows. Error is:
227 entering passive mode (192,168,2,2,19,140)
mput: 550 bogus.txt: access is denied

ftp from Windows to linux
user oracle: 530 must perform authentication before identifying user.
Login failed.

root also fails.

I could find no files in xinetd.d pertaining to ftp ... can anyone point me in another direction?

On the one DeadRat machine that we have here
there's a
/etc/xinetd.d/gssftp
Are you positive you did install the ftp-daemon?

rpm -qa | grep -i ftp


Cheers,
Tink

Thanks for pointing out the file I missed, the contents look about the same:

service ftp
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/kerberos/sbin/ftpd
server_args = -l -a
logn_on_failure += USERID
# disable = yes
disable = no
}


and there appears to be alot of ftp stuff installed:

[root@redbox xinetd.d]# vi gssftp
[root@redbox xinetd.d]# rpm -qa | grep -i ftp
gftp-2.0.14-2
tftp-0.32-4
lftp-2.6.3-3
ftp-0.17-17

I tried gftp, nice gui interface but the results are the same as ftp. Thanks for your help.

After having changed the disabled = yes to no,
did you
skill -HUP xinetd
?


Cheers,
Tink

Sorry, I didn't specify. disable was already = no, but I did run
>/sbin/service xinetd restart
for good measure.

otuput is:
stopping xinetd: [ ok ]
starting xinetd: [ok ]

and ftp still can't put files.

Hmmm ...

Can you ftp locally?

Another place to look is /etc/hosts.allow
and /etc/hosts.deny


Cheers,
Tink

I'm getting the impression that the problem is simply that he has ftp clients installed on the box, but no ftp servers. The 4 things found by rpm -qa |grep -i rpm are all clients. You may want to try installing vsftpd (very secure ftp deamon), or alot of people like proftp. Then you'd have a server. If you issue the command "[stuff]$ ftp localhost" and you don't get asked for a username or logon, you don't have a ftp server installed.

Peace,
JimBass

Sorry for the delay, I was out all week and just today got home again.

Thanks also for all the help, next on my to-do list is giving affro's to everyone.

You were right, I didn't have FTP server installed. I installed more packages, and command
# rpm -qa | grep -i ftp
now shows:
gftp-2.0.14-2
tftp-server-0.32-4
tftp-0.32-4
lftp-2.6.3-3
vsftpd-1.2.0-4
ftp-0.17-17

I checked hosts.allow, the file is empty but from what I've read that appears to mean all requests are allowed, so I'm best off not messing with it. Correct?

I also ran /sbin/service xinetd restart and rebooted. Still can't pull files from other machines onto my linux box.

Exact sequence, user oracle on linux box connecting to XP laptop "bob" with username "root" on xp:

#ftp bob
connected to bob
220-Microsoft FTP service
500 'AUTH GSSAPI': command not understood
500 'AUTH KERBEROS_V4'" command not understood
KERBEROS_V4 rejected as an authentication type
Name (bobracle): root
331 password required for root.
Password:
230-welcome to bob.
230 User root logged in.
Remote system type is Windows_NT.
ftp>mput bogus.txt
mput bogus.txt? y
227 entering passive mode (192,168,2,2,19,137)
550 bogus.txt: Access is denied.
ftp>

I created the "root" user on XP laptop and confirmed it does have permissions on the directory I'm trying to put files from linux.

Also when trying to ftp locally:

#ftp 127.0.0.1
connected to 127.0.0.1
220 redbox FTP server (Version 5.60) ready.
334 using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: miscellaneous failure
GSSAPI error minor: nocredentials cache found
GSSAPI error: initializing context
GSSAPI authentication failed
334 suing authentication type KERBEROS_V4; ADAT must follow
KERBEROS_V4 accepted as an authentication type
Kerberos V4 krb_mk_req failed: You have no tickets cached
Name (127.0.0.1racle): oracle
530 must perform authentication before identifying USER.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

Could these GSSAPI and KERBEROS errors be significant?

Ok, I'm glad you installed an ftp server, but you now installe 2 ftp servers, and that is not a very good idea. You have both vsftpd (I like that one personally, but tftp-server is also ok) both at once will probably lead to problems. I would uninstall, or at least turn one off.

Now, when you do this sequence of events:

You are NOT using the linux ftp server to connect to the window$ box, you are using the linux client to connect to the microsoft ftp server. I do not think that windows comes with an ftp server turned on by default, but I would never in 1000 years install xp, due to security and memory hogginess of it. The reason that you may be getting denied by the xp box could be because it doesn't have a full or functional ftp server built into it. What the ftp server allows you to do is to log in, and get or send files. You should open a command prompt on windows, or use a GUI ftp interface, and connect to the linux box.

It isn't possible to "put" files from a server to a client through ftp, you can put or mput files from a client to a server, or get or mget client to a server, but not the other way around. If servers could "force" clients into accepting files, then every internet site would "force" open browsers and applications on your machine.

You definately have things backwards. The permissions on the linux side are fully unimportant, when connecting to the microsoft FTP. The client is what connects to the server, the server accepts and authenticates clients. The server holds the files in question (in general), and the client is used to add new files to the server, or copy files off of the server.

That may be caused by the multiple servers running, or some problem within kerberos. If you are trying to ftp into linux as user "root", most (I hope all) ftp servers are set to NEVER allow user root to use their service, as that is about the most unsecure thing you could ever do. The accounts that can use the service and any regular user, but not root. If you sign in regularly as user root, do yourself a favor, and stop doing it yesterday. I used to play as root all the time (bad habit from my window$ days), and at one point trying to remove all files recursively from /home/me/ and below, I put an extra space in the command, and managed to give the order "rm -rf / home/jim/". The space between / and home caused me to delete the first few directories in my root folder, and the very first in my alphabetical structure was /boot. I screwed myself in about 2 seconds, and had to reformat and rebuild. It was a stupid mistake on my part, but save yourself the embarassment and pain, and don't be a full time root.

Peace,
JimBass

Okay, back again after a long week away. Thanks Jim for your explanation, I am now clear on the roles of server and client. Armed with your info I checked my XP laptop and determined the XP server was not set up to allow "write" into the default FTP directory. Easily fixed.

I also removed the duplicate ftp server on my unix box, and using info I found in another linuxquestions post checked my ftp server configuration file, /etc/xinetd.d/gssftp

I removed the are "-a" from server_args = -l -a, restarted xinetd, and can now connect to the linux box from laptop. Hooray!

Thanks to everyone who offered advice, everything helped.

Hi,

I too have a 530 error on my Redhat machine using webmin.

I have included some possibly relevant info below:

rpm -qa | grep -i ftp
lftp-3.0.6-3
ftp-0.17-22
vsftpd-2.0.1-5

Do I need to install a ftp daemon? Not sure if it is installed and if it is not, I have no idea how to install it!

Under Extended Internet Service -> FTP, the service program appears as : /usr/kerberos/sbin/ftpd -l


Contents of gssftp

# default: off
# description: The kerberized FTP server accepts FTP connections \
# that can be authenticated with Kerberos 5.
service ftp
{
flags = REUSE
log_on_failure += USERID
socket_type = stream
user = root
server = /usr/kerberos/sbin/ftpd
server_args = -1
wait = no
}

I restarted xinetd service when I made changes.

After removing the -a as mentioned in the posts above, ftp connection produces this error:

connecting to 202.71.98.48 ...
Connected to 202.71.98.48 port 21
ftpd: invalid option -- 1
ftpd: Unknown flag -1 ignored.
220 www.mydomain.com FTP server (Version 5.60) ready.
! Receive error: Blocking call cancelled

! Connection failed


The "-1" is being ignored for some reason.

Please help!

Thanks in advance.

Hi,

I have read the above with interest but haven't found a solution to the following Ftp issue.

I'm using Mandriva 2005 Limited Edition and have enabled my LAN (which also has Redhat 8 and WinXP boxes attached).

All computers can happily access the web and the Redhat and WinXP boxes can Ftp to each other. Even the Mandriva box can Ftp outbound - but nothing inbound can get to Mandriva (not even itself).

I've already changed the line disable=yes to disable=no in the file proftpd-xinetd, and I'm signed-in as a normal user (not root).Basically I've done the same steps as I did for my Redhat installation which gave no problems.

Can anyone shed some light on this?

Kind regards.

Im not able to login throught telnet as root?

any ideas where to check for it?