|
Because the Windows OS does not honor our IDTOKEN authentication, you still need to store the username and password for every Windows user that wants to submit jobs to a Windows schedd. This is one of the uses of condor_store_cred.
To store a Windows user credential, each user must run "condor_store_cred add" on a Windows machine that is running a Schedd (or Windows CREDD).
Are you running condor_submit on a Windows machine? or on a Linux machine?
Only the Windows version of condor_submit should ask you to run condor_store_cred first.
When a user runs condor_store_cred to store the Windows credential, it should look like this (CRAN8 is my NT domain name)
---------------------------------------------------
You can run this with -debug to get logging about what command is being sent and to which daemon. try this command
condor_store_cred -debug:D_HOSTNAME add
Which will log the command that is being sent and what condor daemon it is being sent to. You are looking for
and a bunch of messages about locating the address of the schedd. most likely you will see
but any method that gives you the address of the schedd is ok here.
-tj
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of APEL Martin via HTCondor-users <htcondor-users@xxxxxxxxxxx>
Sent: Wednesday, June 17, 2026 5:17 AM To: htcondor-users@xxxxxxxxxxx <htcondor-users@xxxxxxxxxxx> Cc: APEL Martin <Martin.APEL@xxxxxxx> Subject: [HTCondor-users] Trouble with authentication on Windows after upgrade from 8.9 to 25.11 ZjQcmQRYFpfptBannerEnd We have recently upgraded our HTCondor cluster from 8.9 to 25.11. The cluster contains Linux as well as Windows machines. All authentication and authorization is configured to use IDTOKENS, which works fine under Linux. However when using the same approach on Windows any submissions fail and tell me, that I need to use condor_store_cred. When I run condor_store_cred add I get an error ‘Operation failed because it is not allowed’ after entering the password. SchedLog contains entries such as
06/17/26 11:58:38 (pid:25592) WARNING: store_cred() for user user@domain attempted by user condor, rejecting
I have to add that the DNS domain is not identical to the Windows domain name. I have tried adding both domains to the ‘ALLOW_*’ configurations, I have tried enabling PASSWORD authentication, but nothing seems to help. I have a token for user@winDomain in my tokens.d directory, which allows me to run e.g. condor_status. I tried the same with a token for user@dnsdomain, condor_status works here as well. But condor_store_cred continues to fail in all these cases.
Any help would be very much appreciated.
Martin This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged. If you are not one of the named recipients or have received this email in error, (i) you should not read, disclose, or copy it, (ii) please notify sender of your receipt by reply email and delete this email and all attachments, (iii) Dassault Systèmes does not accept or assume any liability or responsibility for any use of or reliance on this email. Please be informed that your personal data are processed according to our data privacy policy as described on our website. Should you have any questions related to personal data protection, please contact 3DS Data Protection Officer https://www.3ds.com/privacy-policy/contact/
|