Unsolved
5 Posts
0
3461
Is the FTP/SFTP server in VNXe3200 NAS share protocols unfinished/broken?
VNXe3200 storage system here with operating system version 3.1.8.9340299
I've before never used the FTP/SFTP servers option which is present on the NAS Servers "Sharing Protocols" configuration screen in the Unisphere web gui app, I've been running this machine for about 4 years now and only needed iSCSI, CIFS and NFS shares hosted off of it.
I now need to be able to use the SFTP server feature to be able to receive incoming system backup files from my Cisco CUCM VoIP phone system which has outgrown the old Linux box I was using as an SFTP file repository so I tried adding the SFTP service to my main CIFS NAS Server configs. It seemed to set up successfully, but I cannot successfully log in with an SFTP session from any network client (Linux command line, WinSCP, FileZilla, etc). I wish to have it use an active directory domain account just like the CIFS service is using for authentication, but I cannot get a successful SFTP session connected.
Here's a snippet from a WinSCP session log, which seems to show that it's actually making the initial connection but when it tries to do some actual work within that session.... I presume grab a directory listing off the server to display on the client screen, the session suddenly suffers an unexpected closed network connection immediately after this "primary command failed" which I'm guessing is an "ls -l"
There seems to be a grand total of Diddly and Squat available for documentation about the FTP/SFTP servers in the VNXe3200. And what's available for the VNX is too different to be useful.
WinSCP Session Logfile:
. 2018-10-19 20:45:56.544 Looking up host "172.21.5.121"
. 2018-10-19 20:45:56.544 Connecting to 172.21.5.121 port 22
. 2018-10-19 20:45:56.566 Server version: SSH-2.0-OpenSSH_5.1
. 2018-10-19 20:45:56.566 We claim version: SSH-2.0-WinSCP_release_4.1.9
. 2018-10-19 20:45:56.566 SSPI: acquired credentials for: voipbackup@CITYNET.CWF
. 2018-10-19 20:45:56.566 Cannot convert IP address to SPN: DNS is not trusted
. 2018-10-19 20:45:56.566 GSSKEX disabled: The operation completed successfully.
. 2018-10-19 20:45:56.567 Using SSH protocol version 2
. 2018-10-19 20:45:56.567 Doing Diffie-Hellman group exchange
. 2018-10-19 20:45:56.613 Doing Diffie-Hellman key exchange with hash SHA-1
. 2018-10-19 20:45:56.690 Host key fingerprint is:
. 2018-10-19 20:45:56.690 ssh-rsa 2048 48:f5:12:0e:b6:f9:23:f8:39:07:b7:2c:04:7b:91:5d
. 2018-10-19 20:45:56.690 Initialised AES-256 SDCTR client->server encryption
. 2018-10-19 20:45:56.690 Initialised HMAC-SHA1 client->server MAC algorithm
. 2018-10-19 20:45:56.690 Initialised AES-256 SDCTR server->client encryption
. 2018-10-19 20:45:56.690 Initialised HMAC-SHA1 server->client MAC algorithm
! 2018-10-19 20:45:56.730 Using username "voipbackup@citynet.cwf".
. 2018-10-19 20:45:59.542 Prompt (6, SSH password, , &Password: )
. 2018-10-19 20:46:06.876 Sent password
. 2018-10-19 20:46:06.890 Access granted
. 2018-10-19 20:46:06.890 Opened channel for session
. 2018-10-19 20:46:06.891 Primary command failed; attempting fallback
. 2018-10-19 20:46:06.891 Server unexpectedly closed network connection
* 2018-10-19 20:46:06.894 (ESshFatal) Server unexpectedly closed network connection.
* 2018-10-19 20:46:06.894 Authentication log (see session log for details):
* 2018-10-19 20:46:06.894 Using username "voipbackup@citynet.cwf".
* 2018-10-19 20:46:06.894
* 2018-10-19 20:46:06.894 Authentication failed.
Rainer_EMC
8.6K Posts
0
October 22nd, 2018 07:00
should work fine
looks like you are using a user/password that the 3200 cannot resolve
If you use the same user+pass with a CIFS share on the 3200 does it work ?
cougar-xr7
5 Posts
0
October 22nd, 2018 12:00
The user/pass work perfectly fine when used to access a CIFS share.
Rainer_EMC
8.6K Posts
0
October 23rd, 2018 01:00
Is citynet.cwf the domain that the 3200 CIFS server is joined to ?
Rainer_EMC
8.6K Posts
0
October 24th, 2018 12:00
support should be able to pull the log files from the 3200 and get more details
Rainer_EMC
8.6K Posts
0
October 24th, 2018 12:00
for troubleshooting whether your ftp works at all you could also create a local user in the passwd file of the VDM like you do for NDMP
you just need to make sure that it either has a valid homedir or that default homedir options for ftp are set correcty
cougar-xr7
5 Posts
0
October 26th, 2018 19:00
Yes. The VNXe3200 is joined to active directory domain "CITYNET.CWF".
I've tried creating a local user, even made it an administrator.
The homedir option is left to the default value of "/"
I see no options available nor is there any online help or documentation available that describes how to make and specify custom paths for any SFTP home directory for users (local or AD domain users) on the VNXe series. I am attempting to do all the configurations thru the Unisphere web GUI and whatever it presents me with and allows me to do, since the only command line access is via the ssh login with the service user, which is Horribly Crippled in what it is permitted to see and do in the linux-based VNXe3200 host operating system (which appears to be derived from SuSE, which is incredibly frustrating since I've been a Linux power user since SuSE first appeared in the world, and a Linux user for more than 20 years, beginning with SLS and Slackware in the early 1990's. )
All attempts to login with command line SFTP from another Linux box , using a local user created under the "Manage Administration" webgui page, get a response of "Permission Denied".
Using an active directory user/pass actually get a little further along, as evidenced by this dialog:
(Note: 172.21.5.120 is the ip addr of my NAS server on the VNXe3200)
[root@vmsyslog1 ~]# sftp voipbackup@citynet.cwf@172.21.5.120
Connecting to 172.21.5.120...
Enter your credentials to activate an SFTP session:
voipbackup@citynet.cwf@172.21.5.120's password:
Request for subsystem 'sftp' failed on channel 0
Couldn't read packet: Connection reset by peer
[root@vmsyslog1 ~]#
I did find one "Release Notes" for a previous version of the VNXe system software that claimed that a bug that caused something similar of an error whenever the NAS server was being accessed via SFTP over an LACP bonded physical ethernet linkage had been supposedly fixed in that earlier release, but I'm running the latest available release version 3.1.8.9340299.
I am using LACP-bonded ethernet ports on both storage processors to connect to a Cisco 3850 switch stack configured with etherchannel to carry the NAS/CIFS traffic from the VNXe3200 to my primary network. For iSCSI communications, I use a separate 10Gbps private network built around a pair of Extreme (brand name) 10G dedicated switches.
cougar-xr7
5 Posts
0
November 2nd, 2018 12:00
I was able to figure out what the problem was (it's definitely a defect IMHO) and implement a workaround/fix myself that gets my immediate needs functional... no thanks to EMC support who have been remarkably slow to respond back to my service request, as well as not very confident with their own meager knowledge about the VNXe3200. I get the distinct impression that all love for this model is going to get dropped like a hot potato as once its EOL date looms close.
I won't say what I found and how I worked around it either, since my kludge worked for me but isn't something I want spread around and might come back to haunt me.
Rainer_EMC
8.6K Posts
0
November 5th, 2018 06:00
could you please post your SR number to that I can take a look what your workaround is ?
cougar-xr7
5 Posts
0
November 5th, 2018 18:00
I didn't give my workaround in the SR, I just merely closed it, with a note
that I was able to conjure up a workaround on my own.
--
Ruby Neal
- - - - - - - - - - - - - - - - - - - -
Network Manager
Information Technology Dept.
City of Wichita Falls, TX
Ruby.Neal@wichitafallstx.gov
(940)761-7431
On Mon, Nov 5, 2018 at 8:31 AM Rainer_EMC