[Asterisk-Users] Asterisk@Home, gssftp and polycom report

Don Murray asterisk at geeksrus.ca
Tue Mar 29 18:29:02 MST 2005 

Recommendation for Asterisk at home : install another ftp option rather 
than gssftp and tftp, such
as vsftpd.

Details for anyone who is interested:

I posted a week or so ago about how we had 3 polycom phones that were 
not updating their bootroms via the ftp server.  I was using gssftp 
rather than tftp as it is recommended not to use tftp with polycom 
phones on the wiki.  Gssftp is the alternative supplied on Asterisk at Home.

Anyway, I got kerberos authentication errors with gssftp and could not 
connect when I ftp'd by hand.  I fixed this by changing the line:
        server_args     = -l -a
to
        server_args     = -l
in the /etc/xinetd.d/gssftp file.

I still got kerberos errors when ftping in by hand, but I could put and 
get files no problem, there was only the errors on log in.  The phones 
were able to connect and upload their log files so I assumed that ftp 
access was working.

Anyway, after wasting a lot of time trying to get support through 
Polycom, and playing around with things, I finally decided that maybe 
these error messages were causing a problem for the phones.

I googled around on these errors and "gssftp" and I did not find much 
joy.  I couldn't find a definitive list of what possibilities go into 
"server_args" and kerberos seems rather arcane even for someone who has 
been a Linux user for 12 years like me.  (I guess I just moved from the 
"unsecure" days of Linux directly to the "ssh" days of Linux and 
bypassed the kerberos era.)

Anyway, the one thing I found by googling was that a lot of people have 
the same problem I have.  I could not find anyone saying "to fix that, 
do this configuration to gssftp".  Instead I found a lot of people 
saying "to fix that, install a nicer ftp like vsftpd".  So, I did.  And 
the phones worked immediately... just reboot and they could get their 
configurations and bootrom updates and I was off  to the races.

So... mucking around with gssftp wasted a lot of my time and now I 
really really hate it :)  My asterisk box is sitting pretty behind a 
firewall so I don't have a lot of need for network security.  With 
vsftpd I still get a funny kerberos message (I'm wondering if I can just 
uninstall kerberos because I really don't want to have anything to do 
with it... any comments?)  Here is what I get when I ftp to my asterisk 
box from the commandline:

220 (vsFTPd 1.2.1)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type

Anyway, I just thought this would be a good place to throw the idea out 
of using a different ftp option for Asterisk.  There is an vsftpd RPM in 
the CentOS distribution.  Also, thought I would report on this so that 
if anyone has the same errors they might have a chance of finding this 
post and  following the same steps.

Don

More information about the asterisk-users mailing list