Hi,
There are a couple of main
points you need to check. First, what does condor_status show, does this list
any all of the machines in the pool? Next, you may need to add exceptions to
the firewall to allow specific executables to execute.
You also need to stop and
start the services, i.e. net stop condor & net start condor (the stop can
be done through the task manager if it hangs).
The most important
setting is CONDOR_HOST = which can either be the collector name or its ip
address. This machine needs at minimum the port 9004 open in the firewall.
I just use
condor_store_cred add ; and I am guessing the firewall is disallowing a change
in the registry.
Kevan
From: condor-users-bounces@xxxxxxxxxxx
[mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Tao.3.Chen@xxxxxxxxxxxxxxxxxxxxxxxxxxx
Sent: 22 July 2009 13:57
To: condor-users@xxxxxxxxxxx
Subject: [Condor-users] CREDD problems
Hi,
Sorry for interruptting, Here is a new condor user who need help for
Credd infor!
I searched on internet and do what I could do, but I still can't
find the reason! could anyone give me some suggestions so much? thank
you a lot !!
I followed the condor manual step by step for run_as owner security
settings. also finally I used the command "condor_store_cred -c add"
to add the password into the pool in each machine succefully (I have 3machines:
controller. executor and submitter).
But when I execute command: condor_store_cred add,
I will get output:
make sure your HOSTALLOW_WRITE setting includes this host.
Also I still can not run the jobs which with RunAsOwner =
True.
Another thing that I found is the errors in the CreddLog file as follows.
the creddlog:
7/21 15:25:37
DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1002:Failure performing
handshake|AUTHENTICATE:1004:Failed to authenticate using NTSSPI
7/21 15:25:37
Return from Handler <DaemonCore::HandleReqSocketHandler>
7/21 15:25:39
Calling Handler <DaemonCore::HandleReqSocketHandler>
7/21 15:25:40
sspi_server_auth(): Oops! ASC() returned -2146893044!
7/21 15:25:40
sspi_server_auth(): Failed to impersonate (returns -2146893055)!
7/21 15:25:40
AUTHENTICATE: handshake failed!
7/21 15:25:40
DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1002:Failure performing
handshake|AUTHENTICATE:1004:Failed to authenticate using NTSSPI
7/21 15:25:40
Return from Handler <DaemonCore::HandleReqSocketHandler>
7/22 14:20:01
Calling Handler <DaemonCore::HandleReqSocketHandler>
7/22 14:20:01
getStoredCredential(): Could not locate credential for user
'condor_pool@Executor'
7/22 14:20:21
AUTHENTICATE: no available authentication methods succeeded, failing!
7/22 14:20:21
DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1003:Failed to authenticate
with any method|AUTHENTICATE:1004:Failed to authenticate using PASSWORD
7/22 14:20:21
Return from Handler <DaemonCore::HandleReqSocketHandler>
Here are some
epecial settings for controller:
HOSTALLOW_READ
= *
HOSTALLOW_WRITE
= *
HOSTALLOW_CONFIG
= $(CONDOR_HOST),$(HOSTALLOW_ADMINISTRATOR)
CREDD_HOST
= $(CONDOR_HOST):$(CREDD_PORT)
STARTER_ALLOW_RUNAS_OWNER
= True
CREDD_CACHE_LOCALLY
= True
SEC_CLIENT_AUTHENTICATION_METHODS
= NTSSPI, PASSWORD
ALLOW_CONFIG =
* (I also try IP: 192.168.*, but still does not work)
SEC_CONFIG_NEGOTIATION
= REQUIRED
SEC_CONFIG_AUTHENTICATION
= REQUIRED
SEC_CONFIG_ENCRYPTION
= REQUIRED
SEC_CONFIG_INTEGRITY
= REQUIRED
CREDD_LOG =
$(LOG)/CreddLog
CREDD_DEBUG =
D_COMMAND
MAX_CREDD_LOG =
50000000
Here are some
settings for executor/submitter:
STARTER_ALLOW_RUNAS_OWNER
= True
CREDD_CACHE_LOCALLY
= True
ALLOW_CONFIG =
*
SEC_CLIENT_AUTHENTICATION_METHODS
= NTSSPI, PASSWORD
SEC_CONFIG_NEGOITATION
= REQUIRED
SEC_CONFIG_AUTHENTICATION
= REQUIRED
SEC_CONFIG_ENCRYPTION
= REQUIRED
SEC_CONFIG_INTEGRITY
= REQUIRED
the log files
resule are as follows:
I check
the matchlog:
7/21 15:24:18
Rejected 12.0 Berti@* <192.168.***:1030>: no match
found
7/21 15:24:18
Matched 60.0 Berti@* <192.168.***:1030> preempting
none <192.168.****> Executor (this one matches due to
RunAsOwner = False)
7/21 15:25:38
Rejected 12.0 Berti@* <192.168.***:1030>: no match
found
7/21 15:25:58
Rejected 12.0 Berti@* <192.168.***:1030>: no match
found
the
startlog:
7/21 15:24:52
State change: No preempting claim, returning to owner
7/21 15:24:52
Changing state and activity: Preempting/Vacating -> Owner/Idle
7/21 15:24:52
State change: IS_OWNER is false
7/21 15:24:52
Changing state: Owner -> Unclaimed
7/21 15:30:05
condor_read(): timeout reading 5 bytes from <192.168.226.128:9620>.
7/21 15:30:05
IO: Failed to read packet header
7/21 15:30:05
AUTHENTICATE: handshake failed!
7/21 15:30:05
ERROR: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed
to authenticate using PASSWORD
7/21 15:35:25
condor_read(): timeout reading 5 bytes from <192.168.226.128:9620>.
7/21 15:35:25
IO: Failed to read packet header
7/21 15:35:25
AUTHENTICATE: handshake failed!
7/21 15:35:25
ERROR: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}