The Dreaded TFTP error 2 (Access Violation)
Craig White
plug-discuss@lists.plug.phoenix.az.us
20 Dec 2002 06:37:24 -0700
On Fri, 2002-12-20 at 01:22, Dallas Helquist wrote:
> DISCLAIMER: I know nothing about thinclients. :)
>
> First idea - as root do a /sbin/iptables -F to flush the firewall rules,
> then try the thinclient again. Most likely that will work. I believe the
> default "medium" security setting in RH8 blocks most ports. If that does
> not, leave the iptables flushed while you check the following:
>
> The /etc/hosts.allow you show - is that from the server or the client? If
> it is the server, it needs to allow 192.168.100.151 as well.
>
> You should also have a /etc/xinet.d/tftp file. Edit that and make sure that
> disable = no. If it doesn't, change it and restart xinetd.
>
> Your files should be in the /tftpboot directory. Looking at your example
> below, they should be in /tftpboot/lts.
>
>
> That is it for my ideas. If the above doesn't work, look through
> /var/log/messages and /var/log/secure for entries relating to tftpd and post
> those.
>
> -dallas
>
>
> ----- Original Message -----
> From: "George Gambill" <ggambill@computer-guidance.com>
> To: <plug-discuss@lists.plug.phoenix.az.us>
> Sent: Thursday, December 19, 2002 1:06 PM
> Subject: The Dreaded TFTP error 2 (Access Violation)
>
>
> > The Dreaded TFTP error 2 (Access Violation)
> >
> > Booting the ThinClient (ws001) form a RH 8 server displays the following
> Me:
> > Me: 192.168.100.151, Server: 192.168.100.66
> > Both are correct indicating DHCP is alive and well
> >
> > Then comes the dreaded TFTP error 2 (Access Violation) message(s):
> >
> > Loading 192.168.100.66:/lts/vmlinuz-2.4.19-ltsp-1 .TFTP error 2 (Access
> > Violation)
> > Unable to load file"
> >
> > The "Loading 192.168.100.66:/lts/vmlinuz-2.4.19-ltsp-1" portion of the
> TFTP
> > message looks good.
> >
> > The ".TFTP error 2 (Access Violation): portion of the TFTP message does
> not
> > look so good.
> > Nor does the "Unable to load file".
> >
> > /lts/vmlinuz-2.4.19-ltsp-1 is actually in /ltspboot/lts/
> > (/ltspboot/lts/vmlinuz-2.4.19-ltsp-1) but the documentation claims this is
> > OK.
> > Permissions on /tftpboot/lts/vmlinuz-2.4.19-ltsp-1 are now 655 (I
> changed
> > them while Easter Egging)
> > Permissions on /tftpboot/ are 755
> > Permissions on /tftpboot/lts/ are 755
> >
> > Just in case, I created /lts/ and copied vmlinuz-2.4.19-ltsp-1 to it. No
> > luck.
> >
> > FYI, this is a simple network, no DNS required, no Router required, only
> two
> > machines (on of which it ThinClient) one hub, two connections, no outside
> > connection. The server was setup with "medium security" which may be an
> > issue (haven't got to that part of the book yet)
> >
> > /opt/ltsp/i386/etc/lts.conf contains (in part):
> > [default]
> > SERVER = 192.168.100.66
> > [ws001]
> > XSERVER = auto
> > USE_NFS_SWAP = N
> > SWAPFILE_SIZE = 48m
> > RUNLEVEL = 5
> >
> > chkconfig -list | grep tftp shows it on (running).
> >
> > /etc/hosts contains (in total):
> > 127.0.0.1 nowhere localhost.colaldomain localhost
> > 192.168.100.66 server
> > 192.168.100.151 ws001
> >
> > /etc/hosts.conf contains (in total):
> > order hosts,bind
> >
> > /etc/hosts.allow contains the following (in total):
> > ALL: 192.168.100. : ALLOW
> > swat: 126.0.0.1 : ALLOW
> > swat: 192.168.100. :ALLOW
> > swat: 192.168.100.66 : ALLOW
> > swat: 192.168.100.151 :ALLOW
> > in.tftpd: 192.168.100.66
> > swat: ALL : DENY
> >
> > /etc/hosts.deny contains (in total):
> > swat: ALL EXCEPT 127.0.0.1
> > ALL: ALL
> >
> > /etc/xinetd.d/services (contains in part):
> > disable = yes
> > only_from = 127.0.0.1
> > as does /etc/xinetd.d/dervers
> >
> > /opt/ltsp/i386/etc/;ts/cpnf contains (in part)
> > [DEFAULT}
> > SERVER = 192.168.100.66
> > # DNS_SERVER = 192.168.100.66
> > SEARCH_DOMAIN = "cgcltsp.org
> > XSERVER = auto
> > [ws001]
> > USE_NFS_SWAP = N
> > SWAPFILE_SIZE = 48 m
> >
> > /etc/exports contains (in total):
> > /opt/ltsp/i286 192.168.100.66/255.255.255.0 (no,no_root_squash, sync)
> > /var/opt/ltsp/swapfiles 192.168.100.66/255.255.255.0
> > (no,no_root_squash, sync)
> >
> > Any thoughts would be greatly appreciated.
> >
-----
for setup purposes...firewall rules & tcp-wrappers should probably be
removed from contention...
service iptables stop
/etc/hosts.allow
all: all
(you weren't allowing the workstation to connect)
//etc/hosts.deny should all be commented out
if you aren't going to use dns...is /etc/nsswitch.conf gonna allow that?
hosts: files nisplus dns
Craig