Tao,
I did a quick search in google –
this states:
Starting
simply: you need to run the “condor_store_cred –c add”
command, and then restart Condor (using ‘net stop condor
&& net start condor”) before the
LOCAL_CRED=<name>:<port> will appear in the ClassAd. I
believe a condor_reconfig or a partial restart is not sufficient.
You run this command on the local machine from a cmd window. The
mention of the Firewall is that you need to allow certain processes to run, and
not be blocked by the firewall. I guess you are using Vista. You can add
exceptions to the Firewall, and these are the actual executable files,
e.g. add condor_master, condor_startd and condor_schedd. These are in the
condor/bin folder.
I have never used the RunAsOwner=False, so perhaps someone else
will pick up on this.
Kevan
From: condor-users-bounces@xxxxxxxxxxx
[mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Tao.3.Chen@xxxxxxxxxxxxxxxxxxxxxxxxxxx
Sent: 22 July 2009 16:12
To: Condor-Users Mail List
Subject: [Condor-users] Antwort: Re: CREDD problems
Hi, Kevan
Thank you so much for you suggestions!
I checked what you suggested:
(1) the condor_status shows that there is one Executor. In
fact I have 3 machines, one Controller, one Executor, and the last
one Submitter. also for more,
also I can run the jobs if I set the RunAsOwner = False, but the
jobs won't run if I set RunAsOwner = True
(2) I closed the firewall, so there may not be any resistant.
(3) so what do you mean by net stop condor
& net start condor? I won't join the Greedy pool, so maybe I don't
have care about this?
(4) so my condor_host, I use the HOST name of computer, is that okay?
in the central manager config; CONDOR_HOST = $(FULL_HOSTNAME)
HOSTALLOW_NEGOTIATOR = $(CONDOR_HOST)
in the executor or submitter config; CONDOR_HOST = Controller (
Controller is the Host name of central manager)
(5) also I can execute the command: condor_store_cred -c add, it works,
but if I use the condor_store_cred add, there will be a problem.
so do you have any ideas about my situation? Thans you a lot! I am
miserable...
Tao
|
"Wilding,
Kevan A" <kwilding@xxxxxxxxxxx>
Gesendet von:
condor-users-bounces@xxxxxxxxxxx
07/22/2009
04:12 PM
|
Bitte antworten an
Condor-Users Mail List <condor-users@xxxxxxxxxxx>
|
|
|
An
|
"Condor-Users
Mail List" <condor-users@xxxxxxxxxxx>
|
|
Kopie
|
|
|
Thema
|
Re:
[Condor-users] CREDD problems
|
|
Hi,
There
are a couple of main points you need to check. First, what does condor_status
show, does this list any all of the machines in the pool? Next, you may need to
add exceptions to the firewall to allow specific executables to execute.
You
also need to stop and start the services, i.e. net stop condor & net start
condor (the stop can be done through the task manager if it hangs).
The
most important setting is CONDOR_HOST = which can either be the collector name
or its ip address. This machine needs at minimum the port 9004 open in the
firewall.
I
just use condor_store_cred add ; and I am guessing the firewall is disallowing
a change in the registry.
Kevan
From:
condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On
Behalf Of Tao.3.Chen@xxxxxxxxxxxxxxxxxxxxxxxxxxx
Sent: 22 July 2009 13:57
To: condor-users@xxxxxxxxxxx
Subject: [Condor-users] CREDD problems
Hi,
Sorry for interruptting, Here is a new condor user who need
help for Credd infor!
I searched on internet and do what I could do, but I
still can't find the reason! could anyone give me some suggestions so
much? thank you a lot !!
I followed the condor manual step by step for run_as owner
security settings. also finally I used the command "condor_store_cred -c
add" to add the password into the pool in each machine succefully (I have
3machines: controller. executor and submitter).
But when I execute command: condor_store_cred add,
I will get output:
make sure your HOSTALLOW_WRITE setting includes this host.
Also I still can not run the jobs which with
RunAsOwner = True.
Another thing that I found is the errors in the CreddLog file as
follows.
the creddlog:
7/21 15:25:37 DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1002:Failure
performing handshake|AUTHENTICATE:1004:Failed to authenticate using NTSSPI
7/21 15:25:37 Return from Handler <DaemonCore::HandleReqSocketHandler>
7/21 15:25:39 Calling Handler <DaemonCore::HandleReqSocketHandler>
7/21 15:25:40 sspi_server_auth(): Oops! ASC() returned -2146893044!
7/21 15:25:40 sspi_server_auth(): Failed to impersonate (returns -2146893055)!
7/21 15:25:40 AUTHENTICATE: handshake failed!
7/21 15:25:40 DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1002:Failure
performing handshake|AUTHENTICATE:1004:Failed to authenticate using NTSSPI
7/21 15:25:40 Return from Handler <DaemonCore::HandleReqSocketHandler>
7/22 14:20:01 Calling Handler <DaemonCore::HandleReqSocketHandler>
7/22 14:20:01 getStoredCredential(): Could not locate credential for user
'condor_pool@Executor'
7/22 14:20:21 AUTHENTICATE: no available authentication methods succeeded,
failing!
7/22 14:20:21 DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1003:Failed to
authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using
PASSWORD
7/22 14:20:21 Return from Handler <DaemonCore::HandleReqSocketHandler>
Here are some epecial settings for controller:
HOSTALLOW_READ = *
HOSTALLOW_WRITE = *
HOSTALLOW_CONFIG = $(CONDOR_HOST),$(HOSTALLOW_ADMINISTRATOR)
CREDD_HOST = $(CONDOR_HOST):$(CREDD_PORT)
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True
SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
ALLOW_CONFIG = * (I also try IP: 192.168.*, but still does not
work)
SEC_CONFIG_NEGOTIATION = REQUIRED
SEC_CONFIG_AUTHENTICATION = REQUIRED
SEC_CONFIG_ENCRYPTION = REQUIRED
SEC_CONFIG_INTEGRITY = REQUIRED
CREDD_LOG = $(LOG)/CreddLog
CREDD_DEBUG = D_COMMAND
MAX_CREDD_LOG = 50000000
Here are some settings for executor/submitter:
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True
ALLOW_CONFIG = *
SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
SEC_CONFIG_NEGOITATION = REQUIRED
SEC_CONFIG_AUTHENTICATION = REQUIRED
SEC_CONFIG_ENCRYPTION = REQUIRED
SEC_CONFIG_INTEGRITY = REQUIRED
the log files resule are as follows:
I check the matchlog:
7/21 15:24:18 Rejected 12.0 Berti@*
<192.168.***:1030>: no match found
7/21 15:24:18 Matched 60.0 Berti@*
<192.168.***:1030> preempting none <192.168.****> Executor
(this one matches due to RunAsOwner = False)
7/21 15:25:38 Rejected 12.0 Berti@*
<192.168.***:1030>: no match found
7/21 15:25:58 Rejected 12.0 Berti@*
<192.168.***:1030>: no match found
the startlog:
7/21 15:24:52 State change: No preempting claim, returning to owner
7/21 15:24:52 Changing state and activity: Preempting/Vacating -> Owner/Idle
7/21 15:24:52 State change: IS_OWNER is false
7/21 15:24:52 Changing state: Owner -> Unclaimed
7/21 15:30:05 condor_read(): timeout reading 5 bytes from
<192.168.226.128:9620>.
7/21 15:30:05 IO: Failed to read packet header
7/21 15:30:05 AUTHENTICATE: handshake failed!
7/21 15:30:05 ERROR: AUTHENTICATE:1002:Failure performing
handshake|AUTHENTICATE:1004:Failed to authenticate using PASSWORD
7/21 15:35:25 condor_read(): timeout reading 5 bytes from
<192.168.226.128:9620>.
7/21 15:35:25 IO: Failed to read packet header
7/21 15:35:25 AUTHENTICATE: handshake failed!
7/21 15:35:25 ERROR: AUTHENTICATE:1002:Failure performing
handshake|AUTHENTICATE:1004:Failed _______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}