Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] Issues submitting a job GSI auth
- Date: Thu, 16 Feb 2006 17:04:50 -0800
- From: Adam Lathers <alathers@xxxxxxxxxxxxxx>
- Subject: [Condor-users] Issues submitting a job GSI auth
Hi all,
I'm SO confused, and really hopeful someone can tell me what I'm
doing wrong.
I have host A and B. for all intents and purposes they are separate
pools. A has a pool of workstations, and b is set to talk to itself
for collector/negotiator.
From host B, I'd like to submit a job directly to the pool managed
by A, using GSI as my auth mechanism.
tests:
if I do a globusrun -a -r hosta (from hostB)
I get:
GRAM Authentication test successful
globus-job-run also works.
if I try
condor_submit -pool hostA -r hostA init.submit
I get the following:
Submitting job(s)
ERROR: Failed to connect to queue manager hostA
AUTHENTICATE:1003:Failed to authenticate with any method
AUTHENTICATE:1004:Failed to authenticate using GSI
GSI:5004:Failed to get authorization from server. Either the server
does not trust your certificate, or you are not in the server's
authorization file (grid-mapfile)
AUTHENTICATE:1004:Failed to authenticate using KERBEROS
AUTHENTICATE:1004:Failed to authenticate using FS
in the logs on hostA I see;
2/16 15:34:50 (pid:28064) AUTHENTICATE: no available authentication
methods succeeded, failing!
2/16 15:34:50 (pid:28064) SCHEDD: authentication failed: AUTHENTICATE:
1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed
to authenticate using GSI|GSI:5004:Failed to map MYDNString to a
local user. Check the grid-mapfile.|AUTHENTICATE:1004:Failed to
authenticate using KERBEROS|AUTHENTICATE:1004:Failed to authenticate
using FS
2/16 15:34:50 (pid:28064) IO: Failed to read packet header
I made sure that hostA has the following set explicitly in the
global config:
GSI_DAEMON_DIRECTORY = /etc/grid-security
GSI_DAEMON_CERT = $(GSI_DAEMON_DIRECTORY)/hostcert.pem
GSI_DAEMON_KEY = $(GSI_DAEMON_DIRECTORY)/hostkey.pem
GSI_DAEMON_TRUSTED_CA_DIR = $(GSI_DAEMON_DIRECTORY)/certificates
GRIDMAPFILE = $(GSI_DAEMON_DIRECTORY)/grid-mapfile
and the signing policy for the CA that issued my cert is in the
certificates directory....I'm now at a loss. Any ideas?
Condor 6.7.13, for reference, and globus 4.0.1 on hostB, and 3.2 on
hostA
_______________________________________________________
Adam Lathers
NCMIR: National Center for Microscopy and Imaging Research
Distributed Systems Engineer
phone: (858) 822-0735
fax: (858) 822-0828
web: http://ncmir.ucsd.edu