Discussion:
[gt-user] GridFTP errors when setting -UDT option or using gsiftp in globus_ftp_client
Patrice Rosay
2014-09-17 17:28:34 UTC
Permalink
Hi,

I'm trying to evaluate a GridFTP server.v6, on a single debian server.
I've installed globus debian packages, and configured simpleca certificates as described by the installation doc

I have 2 issues preventing me to use it as a media file exchange system.

1/ Testing a basic command fails:

globus-url-copy -v file:///etc/group gsiftp://127.0.0.1/tmp/group
Source: file:///etc/
Dest: gsiftp://127.0.0.1/tmp/
group
Error is 7

error: globus_ftp_control: gss_init_sec_context failed
OpenSSL Error: a_verify.c:221: in library: asn1 encoding routines, function ASN1_item_verify: EVP lib
OpenSSL Error: rsa_eay.c:721: in library: rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check failed
OpenSSL Error: rsa_pk1.c:100: in library: rsa routines, function RSA_padding_check_PKCS1_type_1: block type is not 01

The security configuration looks ok:

sudo grid-cert-diagnostics
Checking Environment Variables
==============================
Checking if HOME is set... /root
Checking if GLOBUS_LOCATION is set... no
Checking for default GLOBUS_LOCATION... /usr
Checking if X509_CERT_DIR is set... no
Checking if X509_USER_CERT is set... no
Checking if X509_USER_KEY is set... no
Checking if X509_USER_PROXY is set... no
Checking if GRIDMAP is set... no

Checking Security Directories
=======================
Determining trusted cert path... /etc/grid-security/certificates
Checking for cog.properties... not found
Checking for default gridmap location... /etc/grid-security/grid-mapfile
Checking if default gridmap exists... yes

Checking trusted certificates...
================================
Getting trusted certificate list...
Checking CA file /etc/grid-security/certificates/49bde50b.0... ok
Checking that certificate hash matches filename... ok
Checking CA certificate name for 49bde50b.0...ok (/O=Grid/OU=GlobusTest/OU=simpleCA-teed/CN=Globus Simple CA)
Checking if signing policy exists for 49bde50b.0... ok
Verifying certificate chain for 49bde50b.0... ok


As far as I can tell, the installation looks ok:
sudo globus-gridftp-server -V
globus_gridftp_server: 7.11 (1408739578-85)
globus_gfork: 4.6 (1408739578-85)
globus_xio_queue: 4.14 (1408739578-85)
globus_gridftp_server_file: 7.11 (1408739578-85)
globus_xio_udp: 4.14 (1408739578-85)
globus_usage_stats_module: 4.4 (1408739578-85)
globus_gsi_authz_callout_error_module: 3.4 (1408739578-85)
globus_gsi_authz: 3.9 (1408739578-85)
globus_xio_pipe: 3.7 (1408739578-85)
globus_xio_telnet: 4.14 (1408739578-85)
globus_xio_gssapi_ftp: 3.6 (1408739578-85)
globus_gridftp_server_control: 3.6 (1408739578-85)
globus_gsi_callback_module: 5.5 (1408739578-85)
globus_credential: 7.6 (1408739578-85)
globus_gsi_proxy: 7.6 (1408739578-85)
globus_gsi_openssl_error: 3.4 (1408739578-85)
globus_openssl: 4.5 (1408739578-85)
globus_gsi_gssapi: 11.12 (1408739578-85)
globus_sysconfig: 6.7 (1408739578-85)
globus_callout_module: 3.12 (1408739578-85)
globus_gss_assist: 10.11 (1408739578-85)
globus_xio_gsi: 3.5 (1408739578-85)
globus_xio_tcp: 4.14 (1408739578-85)
globus_xio_system_select: 4.14 (1408739578-85)
globus_xio_file: 4.14 (1408739578-85)
globus_io: 10.11 (1408739578-85)
globus_ftp_control: 5.11 (1408739578-85)
globus_gridftp_server: 7.11 (1408739578-85)
globus_xio: 4.14 (1408739578-85)
globus_extension_module: 15.25 (1409949382-85)
globus_callback_nonthreaded: 15.25 (1409949382-85)
globus_callback: 15.25 (1409949382-85)
globus_object: 15.25 (1409949382-85)
globus_error: 15.25 (1409949382-85)
globus_common: 15.25 (1409949382-85)
globus_thread_common: 15.25 (1409949382-85)
globus_thread_none: 15.25 (1409949382-85)
globus_thread: <no version>

What am I missing in the installation?


2/Using ftp over udt fails:

The following command
globus-url-copy -v file:///etc/group ftp://127.0.0.1/tmp/group

replies:
Source: file:///etc/
Dest: ftp://127.0.0.1/tmp/
group

error: globus_ftp_client: the server responded with an error
530 Login incorrect.

Ok, ifi set my ftp login and pass, in the ftp adress, it runs ok.

But, when I add the -udt option, it fails again:with the error:

error: globus_ftp_client: the server responded with an error
500 'SITE SETNETSTACK' not understood

I've set dc_whitelist udt,gsi,tcp and install the package

Any help would be very much appreciated,
Patrice

Loading...