You do not have a host certificate on 172.17.40.220. It should be in
/etc/grid-security/hostcert.pem by default, and the file is empty.
530-globus_sysconfig: File has zero length: File:
/etc/grid-security/hostcert.pem"
Please look at
http://globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin-simpleca
Lukasz
PS. Please, reply to the gt-user mailing list, not to me.
I just restarted the gridFTP service, and telnet the server
root@Estacion05:/home/user/Documentos# telnet 172.17.40.220 2811
Trying 172.17.40.220...
Connected to 172.17.40.220.
Escape character is '^]'.
220 masterglobus GridFTP Server 3.28 (gcc32dbg, 1297437357-80) [Globus
Toolkit 5.0.3] ready.
Then I tried again with globus-url-copy and I got all this output,
apparently there is something wrong with my certificates
root@Estacion05:/home/user/Documentos# globus-url-copy -vb -dbg
file:///home/user/ls.tmp gsiftp://172.17.40.220:2811/tmp/
Source:file:///home/user/
Dest: gsiftp://172.17.40.220:2811/tmp/
ls.tmp
debug: starting to put gsiftp://172.17.40.220:2811/tmp/ls.tmp
debug: connecting to gsiftp://172.17.40.220:2811/tmp/ls.tmp
debug: response from gsiftp://172.17.40.220:2811/tmp/ls.tmp:
220 masterglobus GridFTP Server 3.28 (gcc32dbg, 1297437357-80) [Globus
Toolkit 5.0.3] ready.
debug: authenticating with gsiftp://172.17.40.220:2811/tmp/ls.tmp
debug: response from gsiftp://172.17.40.220:2811/tmp/ls.tmp:
530-globus_xio: Server side credential failure
530-globus_gsi_gssapi: Error with gss credential handle
530-globus_credential: Valid credentials could not be found in any of the
possible locations specified by the credential search order.
530-Valid credentials could not be found in any of the possible locations
specified by the credential search order.
530-Attempt 1
530-globus_credential: Error reading host credential
530-globus_sysconfig: Error with certificate filename
530-globus_sysconfig: Error with certificate filename
530-globus_sysconfig: File has zero length: File:
/etc/grid-security/hostcert.pem
530-Attempt 2
530-globus_credential: Error reading proxy credential
530-globus_sysconfig: Could not find a valid proxy certificate file location
530-globus_sysconfig: Error with key filename
530-globus_sysconfig: File does not exist: /tmp/x509up_u0 is not a valid
file
530-Attempt 3
530-globus_credential: Error reading user credential
530-globus_sysconfig: Error with certificate filename: The user cert could
not be found in:
530-1) env. var. X509_USER_CERT
530-2) $HOME/.globus/usercert.pem
530-3) $HOME/.globus/usercred.p12
530-
530-
530 End.
debug: fault on connection to gsiftp://172.17.40.220:2811/tmp/ls.tmp
debug: data callback, error globus_ftp_client: the server responded with an
error, buffer 0xb76a5008, length 0, offset=0, eof=true
debug: operation complete
error: globus_ftp_client: the server responded with an error
530 530-globus_xio: Server side credential failure
530-globus_gsi_gssapi: Error with gss credential handle
530-globus_credential: Valid credentials could not be found in any of the
possible locations specified by the credential search order.
530-Valid credentials could not be found in any of the possible locations
specified by the credential search order.
530-Attempt 1
530-globus_credential: Error reading host credential
530-globus_sysconfig: Error with certificate filename
530-globus_sysconfig: Error with certificate filename
530-globus_sysconfig: File has zero length: File:
/etc/grid-security/hostcert.pem
530-Attempt 2
530-globus_credential: Error reading proxy credential
530-globus_sysconfig: Could not find a valid proxy certificate file location
530-globus_sysconfig: Error with key filename
530-globus_sysconfig: File does not exist: /tmp/x509up_u0 is not a valid
file
530-Attempt 3
530-globus_credential: Error reading user credential
530-globus_sysconfig: Error with certificate filename: The user cert could
not be found in:
530-1) env. var. X509_USER_CERT
530-2) $HOME/.globus/usercert.pem
530-3) $HOME/.globus/usercred.p12
530-
530-
530 End.
On 3/24/11 2:23 PM, Lukasz Lacinski wrote:
It should be server_args instead of server-args, otherwise the option
-i is not passed to a server.
Lukasz
Yes, I am using xinet to start GridFTP. I configured it like this, giving
the option -i.
service gsiftp
{
instances = 100
socket_type = stream
wait = no
user = root
env += GLOBUS_LOCATION=/usr/local/globus
env += LD_LIBRARY_PATH=/usr/local/globus/lib
server = /usr/local/globus/sbin/globus-gridftp-server
server-args = -i
log_on_success += DURATION
disable = no
}
On 3/24/11 12:52 PM, Lukasz Lacinski wrote:
GridFTP server on 172.17.40.220 (MasterGlobus) is configured
incorrectly. I guess that you use xinetd/inetd to start GridFTP
server but GridFTP server is started without the option -i. It causes
that the GridFTP server runs as a standalone server and prints the
string "Server listening at<hostname>:<port>" to standard output. And
the standard output is a duplication of a TCP socket opened by
xinetd/inetd.
Lukasz
Thanks for your answer, I just did what you suggested and I get this:
root@Estacion05:/home/user# telnet 172.17.40.220 2811
Trying 172.17.40.220...
Connected to 172.17.40.220.
Escape character is '^]'.
Server listening at MasterGlobus:42758
At this point it just shows me nothing, it hangs there
Jorge
On 3/24/11 12:03 PM, Lukasz Lacinski wrote:
There is no GridFTP server listening on 172.17.40.220:2811. Please
telnet there:
$ telnet 172.17.40.220 2811
You should get something like this:
$ telnet 208.100.92.21 2811
Trying 208.100.92.21...
Connected to qb1.loni.org.
Escape character is '^]'.
220 qb1.loni.org GridFTP Server 3.23 (gcc64, 1278696115-80) [Globus
Toolkit 5.0.1] ready.
Lukasz
I added the -dbg option and got this:
root@Estacion05:/home/user# globus-url-copy -vb -dbg
file:///home/user/ls.tmp gsiftp://172.17.40.220:2811/tmp/
Source:file:///home/user/
Dest: gsiftp://172.17.40.220:2811/tmp/
ls.tmp
debug: starting to put gsiftp://172.17.40.220:2811/tmp/ls.tmp
debug: connecting to gsiftp://172.17.40.220:2811/tmp/ls.tmp
(here there is a pause, and after 5 minutes)
debug: aborting current operation
debug: data callback, error globus_ftp_client: the operation was
aborted,
buffer 0xb7701008, length 0, offset=0, eof=true
debug: operation complete
error: globus_ftp_client: the operation was aborted
Jorge
On 3/23/11 10:35 AM, Lukasz Lacinski wrote:
What do you get when you add the option -dbg?
Lukasz
On 3/23/11 10:19 AM, Jorge Jaramillo wrote:
Thanks Lukasz
But now I have other problem, when I try to transfer a file, the
command
just hangs there and shows me nothing. Am I doing anything wrong?
root@Estacion05:/home/user# globus-url-copy -vb
file:///home/user/ls.tmp
gsiftp://172.17.40.220:2811/tmp/
Source: file:///home/user/
Dest: gsiftp://172.17.40.220:2811/tmp/
ls.tmp
2011/3/23 Jorge Jaramillo<[email protected]>
Thanks Lukasz
But now I have other problem, when I try to transfer a file, the
command
just hangs there and shows me nothing. Am I doing anything wrong?
root@Estacion05:/home/user# globus-url-copy -vb
file:///home/user/ls.tmp
gsiftp://172.17.40.220:2811/tmp/
Source: file:///home/user/
Dest: gsiftp://172.17.40.220:2811/tmp/
ls.tmp
Jorge.
2011/3/23 Lukasz Lacinski<[email protected]>
Hi Jorge,
A GridFTP server does not use SSL protocol in control channel,
so openssl
s_client is not an appropriate client to communicate with a
GridFTP server.
You need to use globus-url-copy, uberftp or Globus Online
service instead.
Regards,
Lukasz
On 3/23/11 8:42 AM, Jorge Jaramillo wrote:
Hello everyone,
I configured GT.5.0.3 on a server and created a simple CA. Then
I send a
request from a client and got a certificate.
Now, I'm having some trouble on the client. Here is what I'm doing
root@Estacion05:/home/user# openssl verify -CApath
/etc/grid-security/certificates/ -purpose sslclient
~/.globus/usercert.pem
/root/.globus/usercert.pem: OK
root@Estacion05:/home/user# openssl s_client -ssl3 -cert
~/.globus/usercert.pem -key ~/.globus/userkey.pem -CApath
/etc/grid-security/certificates/ -connect 172.17.40.220:2811
Enter pass phrase for /root/.globus/userkey.pem:
CONNECTED(00000003)
2243:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:293:
I'm lost at this point, can anybody tell me what this error
refers to???
Thanks
Jorge
