Unable to telnet

UNIX Solaris
1

Hi guys,

After changing my workstation from domain rsm.renesas.com to my.renesas.local, I was unable to telnet to 1 of our Sun Solaris servers.

There r errors in the messages file:
Aug 15 17:35:26 rsmsso1.svc.rsm.renesas.com inetd[24447]: [ID 140027 daemon.erro
r] warning: can't verify hostname: gethostbyname(vc00235.my.renesas.local) faile
d
Aug 15 17:35:26 rsmsso1.svc.rsm.renesas.com inetd[24447]: [ID 913506 daemon.warn
ing] refused connect from 172.16.101.120 (name/address mismatch)

Any ideas what it is? Thanks!

2

When you are logged onto the server, do an

nslookup 172.16.101.120

to see what name it expects you to have. I am assuming your IP is 172.16.101.120.

What machine is this error log from?

3

Hi, thanks for the reply.

This error is from /var/adm/messages on the problematic sun solaris server.

root@rsmsso1.svc.rsm.renesas.com # nslookup 172.16.101.120
Server: w2ksrv30.rsm.renesas.com
Address: 172.16.101.240

Name: vc00235.my.renesas.local
Address: 172.16.101.120

4

Is that the same as your machine think it itself is?

5

Hi,

Previously, our workstation name is vc00235.rsm.renesas.com. However, our administrator changed the domain to vc00235.my.renesas.local. We r able to telnet to other sun servers, but only this 1.

We do not know why a domain changed in my workstation affects the telnet...

6

It looks like your system is setup so that telnet will refused the connection if it cannot validate the name.

What does /etc/nsswitch.conf say? It looks like gethostbyname() is not using DNS.

/etc/resolv.conf should be right otherwise nslookup would have failed.

7

Yea, really dun understand y..The resolv.conf n nsswitch.conf seems correct, they r the same as those telnet-able sun solaris server.

passwd: files
group: files
hosts: files dns
ipnodes: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
# At present there isn't a 'files' backend for netgroup; the system will
# figure it out pretty quickly, and won't use netgroups at all.
netgroup: files
automount: files
aliases: files
services: files
sendmailvars: files
printers: user files

auth_attr: files
prof_attr: files
project: files

Thanks!

8

Not sure, have you solved it or not?

Is your IP or name listed in /etc/hosts?

You might have to try writing a small C program to call "gethostbyname" and "gethostbyaddr" to track this down to see why telnet is failing.

9

Problem is not solved yet. Still checking why it fails.

10

Can you ftp in?

Do you have a filter setup for telnet in /etc/inetd.conf?

telnet  stream  tcp6    nowait  root    /usr/sbin/in.telnetd    in.telnetd
11

Hi, we r unable to telnet n also ftp.

/etc/inetd.conf seems correct.:confused:

12

hi. this is behaviour by design in the server machine. What's happening is that the sun server that is not letting you in has a /etc/hosts.allow (and/or a /etc/hosts.deny) file that specifies rules telling it whether it should let a connection in depending on the connecting user/hosts/domain/network etc...

Normally, hosts.allow and hosts.deny are only checked when a program calls hosts_access(). By default, sshd and other programs do check the files, but not daemons like in.telnetd and ftpd, because these are services handled by inetd and by default inetd doesn't have tcp_wrappers on. The sysadmin must have enabled tcp_wrappers to telnet or to the whole of inetd, and thus each connection gets run through the /etc/hosts.allow and /etc/hosts.deny ruleset.

If you have a domain name change, maybe you are no longer making it through the rules in /etc/hosts.allow and /etc/hosts.deny so just update those.

13

Are you try to

nslookup 172.16.101.120
nslookup vc00235.my.renesas.local

on your server 1 ?

arm_naja