TFTP Open Timeout
-
FOG Version 1.1.1 running on a fresh install of CentOS 6.5 inside of VMware Player 6.0.1
When a client tries to PXE boot, it gets a DHCP IP address and tries to TFTP the undionly.kpxe file. The client gives the error “PXE-E32: TFTP open timeout”. The corresponding entry in /var/log/messages reads, “/tftpboot: Permission denied”I have searched the forums here, and tried all of the steps that I’ve found, including (but not necessarily limited to):
[LIST=1]
[]I have checked the permissions on the /tftpboot dir and all files, and they are all set at (currently) 666.
[]I have also tried 777 and 755 with no help.
[]I made sure that the files and dir are owned by fog:root
[]I have double-checked that SELinux is disabled and the the firewall is down.
[]I’ve checked that /etc/xinetd.conf and /etc/xinetd.d/tftp.conf are correct.
[]and probably a few other things that I can’t think of right now.
[/LIST]
Perhaps significantly, I have tried to TFTP from a local console on the FOG VM, and have received the same errors.Any ideas?
Thanks in advance!
-
have you verified that the tftp service is running?
-
hmm…interesting question. There is NOT a “tftpd” service running, and “service tftpd start” reports an unrecognized service. However, I thought tftp was handled by vsftp, and vsftpd IS running.
-
oh. wait. duh. TFTP is handled by in.tftpd, which is started and stopped by xinetd. /var/log/messages does have start and stop entries for in.tftpd surrounding each “permission denied” message.
-
check your ownership and permissions on the contents of the tftpboot directory
i believe they should be fog:root and 644 -
Just rechecked. Ownership is correct at fog:root; permissions currently more permissive at 666. have also tried 777 and 755 also; no luck.
-
Have you triple checked that SELinux is disabled?
I know that sounds like it’s a joke, but for some 6.5 installs, the selinux config is actually in two locations. Something with the way it installs forces the link that’s supposed to be created become its own file. So, editing /etc/sysconfig/selinux (this is supposed to be a symlink) doesn’t do JACK! Sorry. So in this case, I’d recommend checking the actual config located in /etc/selinux/config.
-
Thanks for the info, Tom. You are correct that the file in /etc/selinux/config was enforcing (I had no clue that file was even there!). I changed that to disabled, reset, and tried the client again. This time, I’m getting a different error message: PXE-T00: Permission denied.
/var/log/messages reads:
Jun 20 16:51:51 localhost xinetd[1777]: START: tftp pid=2987 from=192.168.0.107
Jun 20 16:51:51 localhost in.tftpd[2988]: RRQ from 192.168.0.107 filename undionly.kpxe
Jun 20 16:51:51 localhost in.tftpd[2988]: sending NAK (0, Permission denied) to 192.168.0.107Same results for local TFTP.
-
Can you try this:
[code]chown -R fog:root /tftpboot
chmod -R 644 /tftpboot[/code]Then try again with bootup?
-
Done, but no change.
-
Are you running iptables by chance?
-
[code]service iptables status[/code]
If they’re running you’ll get lot of output.
We recommend disabling with:
[code]chkconfig iptables off
service iptables stop[/code] -
“service iptables status” gives
iptables: Firewall is not running -
What returns with:
[code]setstatus[/code] -
bash: setstatus: command not found
-
Sorry syntax:
[code]sestatus[/code] -
Ah! That command worked:
SELinux status: disabled
-
Grrrrr
From the same system can you use the tftp command to download the default.ipxe file?
-
Negative. Permission denied. (That is, using the command prompt tftp utility on the FOG VM itself.)
-
Grrrr, indeed!
