Solved Unable to connection TFTP.
-
I am having an issue getting Fog setup. I can’t connect to the TFTP server. I have gone through the troubleshooting steps on the Fog project website the best I could. Can’t find the config.php file.
I am running fog on a CentOS VM and I set it up a couple of weeks ago. This was a clean install of Fog and CentOS.
When trying to test on Windows, I get this.
Error on server : Permission denied
Connect request failed.When trying to have a blank VM do a PXE boot over the network I get this.
PXE-T00: Permission denied
PXE-E36: Error received from TFTP server
PXE-M0F: Exiting Intel PXE ROM.Not sure if I missed any details that are needed to help with this. If you need more information I will be happy to provide.
-
If you don’t want to disable selinux (or set to permissive) I’ve had luck under CentOS 7 using the following command:
$ sudo setsebool -P tftp_home_dir 1I thought I might expound a little. To test my Fog TFTP server, I used the TFTP client in Windows. If you would like to do the same, you need to permit TFTP through your Windows firewall.
When I first tried to pull the
undionly.kpxefile using the Windows client, I was given the following error:PS C:\Users\jarcher> tftp -i 172.19.1.30 GET undionly.kpxe Connect request failedLooking into my
/var/log/audit/audit.logfile I saw the following:$ sudo grep tftp /var/log/audit/audit.log ...lots of other stuff here... type=AVC msg=audit(1519225691.090:214): avc: denied { read } for pid=3164 comm="in.tftpd" name="undionly.kpxe" dev="dm-0" ino=34386610 scontext=system_u:system_r:tftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file ...also lots more here...if you use
audit2allowyou can get some hints on how to fix this error:$ sudo grep tftp /var/log/audit/audit.log | audit2allow -m tftpd module tftpd 1.0; require { type default_t; type tftpd_t; class file { getattr lock open read }; } #============= tftpd_t ============== #!!!! WARNING: 'default_t' is a base type. #!!!! This avc can be allowed using the boolean 'tftp_home_dir' allow tftpd_t default_t:file { getattr lock open read };Note, you might have to install the
policycoreutils-pythonpackage to getaudit2allowNow just run the original command I mentioned above to allow access to the files:
$ sudo setsebool -P tftp_home_dir 1SELinux is still set to enforcing:
$ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28And now the TFTP transfer works in Windows:
PS C:\Users\jarcher> tftp -i 172.19.1.30 GET undionly.kpxe Transfer successful: 95338 bytes in 1 second(s), 95338 bytes/s -
@Richard-Nihells Any news on this?
-
Thank you for the links! I will look over this material and get back with you once I have an update. Going to do the re-install as well as suggested.
-
Also Wayne put together a pretty detailed install guide here: https://wiki.fogproject.org/wiki/index.php?title=CentOS_7
-
@richard-nihells said in Unable to connection TFTP.:
Is that in the Fog documentation somewhere or just somewhere on Google?
Our documentation is community driven, and is mostly here: https://wiki.fogproject.org/wiki/index.php?title=Main_Page
-
@richard-nihells now that selinux is disabled, re-run the installer and try again. Also ensure you’ve setup firewalld correctly? That’s in the troubleshooting guide too (as well as our CentOS 7 tutorial).
-
I set selinux to permissive. I no longer get permission denied. Now I get connection timeout. I have my anti-virus suite and Windows Firewall disabled during this test.
-
I found that line in the troubleshooting guide and that is what is giving me the error for Windows that I listed above.
I haven’t touched selinux or changed its settings to permissive. Is that in the Fog documentation somewhere or just somewhere on Google?
-
Did you disable selinux or at least change the settings to permissive?
From a windows computer install the tftp client feature, then from a windows command prompt use the tftp client program to download undionly.kpxe from the fog server with
tftp -i <fog_server_ip> GET undionly.kpxe .If you can get the file then tftp is setup correctly and we need to focus on the pxe booting process at the cause.
