Thread: FTP not working from Linux clients
View Single Post
  #9 (permalink)  
Old 2007-08-10
drhex2000 drhex2000 is offline
Junior Member
  
Join Date: 2007-08-08
Posts: 22
Rep Power: 0
drhex2000 has an average reputation (10+)
Default Re: FTP not working from Linux clients
Hi everybody,
here's the official "solution":

Solution ID: #sk19288



Product: VPN-1 Pro (VPN-1/FW-1)

Version: NG, NG AI

Last Modified: 12-Mar-2007

Symptoms



* RedHat 8 Linux FTP client cannot logon to any FTP servers when a FTP security server is enabled on the firewall

* The FTP session is closed by the firewall as soon as the FTP username is entered during the logon phase



Cause

The FTP client is trying to use Kerberos authentication to logon to the FTP server. The reason the security server blocks the connection is because the client sends the AUTH command before

the USER command, whereas the security server by default blocks all commands that come before the USER command.

Solution

This issue occurs with the RedHat 8 Linux FTP client, and potentially any other KRB5 enabled FTP client.



If an FTP security server is not in use on the firewall, the client will be able to logon to the FTP server, but the following error message may be generated by the FTP client:



KERBEROS_V4 rejected as an authentication type



The FTP security server closes the connection, because the FTP client sends the "AUTH" command instead of the "USER" command to the FTP server. "AUTH" is not an allowed command by the FireWall-1 FTP security server.



To resolve this issue, remove kerberos authentication on the FTP client. One way to accomplish this is to remove /usr/kerberos/* from the $PATH variable on the RedHat 8 FTP client.


Thanks to Danny in helping me get to the bottom of this!

Best regards,

Florian
Reply With Quote