Mailing List ArchivesAuthenticated access |
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesAuthenticated access |
|
|
Sean, I’m running my pool in exactly this
fashion and it does work. Your end-user’s credentials are only involved
on the submitting node, the domain\Condor user credentials are used on the
execution node. Each human user must store their credentials on their
submitting node/workstation. Condor uses those credentials to make sure the submitting
user has sufficient privileges to run a shadow on the submitting machine (in my
understanding anyway.) The key to making this work is that you
must log into each EXECUTION node as user domain\CONDOR and run
CONDOR_STORE_CRED. If you don’t have stored credentials for the
domain\CONDOR user, Condor can’t complete the login as that user and
therefore can’t run any jobs. Hope this helps. - From:
condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Sean Looper Does anyone know when and why the stored
credentials are used during the condor process? This credential issue is
the only thing causing me problems. I would rather just allow EVERYTHING
that Condor does to be done using the credentials stored for the
“domain\Condor” user. I am still getting problems with Condor
wanting my remote machines to have the credentials stored for the submitting
user. This is the only issue keeping me from deploying Condor over our
entire company. Sean From:
condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of YOUNGS, ANDY J - SSD I've found some trial and error necessary. I found that each machine's condor_config
file had to have the VM1_USER. And that user CAN NOT be logged in at the
time it's trying to run. I also found I've had to make sure the
machine is in read write list or store creditials itself just fails. The user's manual is helpful but one has
to closely reread some sections a few times and with some experimentation things come to light. I've seen most of this info in the mailing
list which has been very helpful. Regards Andy From:
condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Sean Looper Ok, so I have adjusted sooo many settings in the config
files to try and get this right, and still I have nothing. My goal is to
allow any user to submit jobs to the remote schedd running on a manager
machine. I have set the VM1_USER = domain\Condor as well as set
SOFT_UID_DOMAIN = True and TRUST_UID_DOMAIN=True. My problem is that the
pool will only process jobs that have been submitted using the domain\Condor
account. Any other jobs give me this error in the ShadowLog log: 6/7 18:10:22 Initializing a VANILLA shadow 6/7 18:10:22 (150.1) (3916): ERROR: Could not locate
credential for user ‘user@domain’ 6/7 18:10:22 (150.1) (3916): init_user_ids() failed! 6/7 18:10:22 (150.1) (3916): ERROR: Could not locate
credential for user ‘user@domain’ 6/7 18:10:22 (150.1) (3916): init_user_ids() failed! 6/7 18:10:22 (150.1) (3916): ERROR "set_user_priv()
failed!" at line 400 in file ..\src\condor_c++_util\uids.C I have used condor_store_cred on each machine in the pool
for the domain\Condor account. I am trying to get Condor to stop trying to verify that the
submitting user is indeed a member of the domain. The domain\Condor user
has full administrative rights and should be fine for running anything that is
submitted with its own credentials. Please someone tell me how I might
disable this feature. Thanks so much in advance! Sean
|