Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] Antwort: Re: Antwort: Re: CREDD problems

Date: Wed, 22 Jul 2009 18:33:56 +0200
From: Tao.3.Chen@xxxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: [Condor-users] Antwort: Re: Antwort: Re: CREDD problems

Hi, Kevan
Thanks a lot!
x I followed what you said, but there is still the same problem... here are the steps I did:
(1) I check all firewall is off.
(2) execute the condor_store_cred –c add in each machine successfully
(3) I execute net stop condor && net start condor in each machine successfully
(4) so do I have to execute condor_store_cred add command? I tried, but failed, the output is:make sure your HOSTALLOW_WRITE setting includes this host.
also, I submit the jobs ,but still does not run ? so what is the problem? my condor version is 7.2.4, and the system is windows xp. I spend a lot of time, but still no improvement...
Tao

"Wilding, Kevan A" <kwilding@xxxxxxxxxxx>
Gesendet von: condor-users-bounces@xxxxxxxxxxx

07/22/2009 05:41 PM

Bitte antworten an
Condor-Users Mail List <condor-users@xxxxxxxxxxx>

An	"Condor-Users Mail List" <condor-users@xxxxxxxxxxx>
Kopie
Thema	Re: [Condor-users] Antwort: Re: CREDD problems

Tao,
I did a quick search in google – this states:
Starting simply: you need to run the “condor_store_cred –c add” command, and then restart Condor (using ‘net stop condor && net start condor”) before the LOCAL_CRED=<name>:<port> will appear in the ClassAd. I believe a condor_reconfig or a partial restart is not sufficient.
You run this command on the local machine from a cmd window. The mention of the Firewall is that you need to allow certain processes to run, and not be blocked by the firewall. I guess you are using Vista. You can add exceptions to the Firewall, and these are the actual executable files, e.g. add condor_master, condor_startd and condor_schedd. These are in the condor/bin folder.

I have never used the RunAsOwner=False, so perhaps someone else will pick up on this.

Kevan

From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Tao.3.Chen@xxxxxxxxxxxxxxxxxxxxxxxxxxx
Sent: 22 July 2009 16:12
To: Condor-Users Mail List
Subject: [Condor-users] Antwort: Re: CREDD problems

Hi, Kevan
Thank you so much for you suggestions!
I checked what you suggested:
(1) the condor_status shows that there is one Executor. In fact I have 3 machines, one Controller, one Executor, and the last one Submitter. also for more,
also I can run the jobs if I set the RunAsOwner = False, but the jobs won't run if I set RunAsOwner = True
(2) I closed the firewall, so there may not be any resistant.
(3) so what do you mean by net stop condor & net start condor? I won't join the Greedy pool, so maybe I don't have care about this?
(4) so my condor_host, I use the HOST name of computer, is that okay?
in the central manager config; CONDOR_HOST = $(FULL_HOSTNAME)
HOSTALLOW_NEGOTIATOR = $(CONDOR_HOST)
in the executor or submitter config; CONDOR_HOST = Controller ( Controller is the Host name of central manager)
(5) also I can execute the command: condor_store_cred -c add, it works, but if I use the condor_store_cred add, there will be a problem.
so do you have any ideas about my situation? Thans you a lot! I am miserable...

Tao

"Wilding, Kevan A" <kwilding@xxxxxxxxxxx>
Gesendet von: condor-users-bounces@xxxxxxxxxxx

07/22/2009 04:12 PM

Bitte antworten an
Condor-Users Mail List <condor-users@xxxxxxxxxxx>

An	"Condor-Users Mail List" <condor-users@xxxxxxxxxxx>
Kopie
Thema	Re: [Condor-users] CREDD problems

Hi,
There are a couple of main points you need to check. First, what does condor_status show, does this list any all of the machines in the pool? Next, you may need to add exceptions to the firewall to allow specific executables to execute.
You also need to stop and start the services, i.e. net stop condor & net start condor (the stop can be done through the task manager if it hangs).

The most important setting is CONDOR_HOST = which can either be the collector name or its ip address. This machine needs at minimum the port 9004 open in the firewall.
I just use condor_store_cred add ; and I am guessing the firewall is disallowing a change in the registry.

Kevan

From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Tao.3.Chen@xxxxxxxxxxxxxxxxxxxxxxxxxxx
Sent: 22 July 2009 13:57
To: condor-users@xxxxxxxxxxx
Subject: [Condor-users] CREDD problems

Hi,
Sorry for interruptting, Here is a new condor user who need help for Credd infor!
I searched on internet and do what I could do, but I still can't find the reason! could anyone give me some suggestions so much? thank you a lot !!
I followed the condor manual step by step for run_as owner security settings. also finally I used the command "condor_store_cred -c add" to add the password into the pool in each machine succefully (I have 3machines: controller. executor and submitter).
But when I execute command: condor_store_cred add,
I will get output:
make sure your HOSTALLOW_WRITE setting includes this host.
Also I still can not run the jobs which with RunAsOwner = True.
Another thing that I found is the errors in the CreddLog file as follows.

the creddlog:
7/21 15:25:37 DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed to authenticate using NTSSPI
7/21 15:25:37 Return from Handler <DaemonCore::HandleReqSocketHandler>
7/21 15:25:39 Calling Handler <DaemonCore::HandleReqSocketHandler>
7/21 15:25:40 sspi_server_auth(): Oops! ASC() returned -2146893044!
7/21 15:25:40 sspi_server_auth(): Failed to impersonate (returns -2146893055)!
7/21 15:25:40 AUTHENTICATE: handshake failed!
7/21 15:25:40 DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed to authenticate using NTSSPI
7/21 15:25:40 Return from Handler <DaemonCore::HandleReqSocketHandler>

7/22 14:20:01 Calling Handler <DaemonCore::HandleReqSocketHandler>
7/22 14:20:01 getStoredCredential(): Could not locate credential for user 'condor_pool@Executor'
7/22 14:20:21 AUTHENTICATE: no available authentication methods succeeded, failing!
7/22 14:20:21 DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using PASSWORD
7/22 14:20:21 Return from Handler <DaemonCore::HandleReqSocketHandler>

Here are some epecial settings for controller:
HOSTALLOW_READ = *
HOSTALLOW_WRITE = *
HOSTALLOW_CONFIG = $(CONDOR_HOST),$(HOSTALLOW_ADMINISTRATOR)
CREDD_HOST = $(CONDOR_HOST):$(CREDD_PORT)
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True
SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
ALLOW_CONFIG = * (I also try IP: 192.168.*, but still does not work)
SEC_CONFIG_NEGOTIATION = REQUIRED
SEC_CONFIG_AUTHENTICATION = REQUIRED
SEC_CONFIG_ENCRYPTION = REQUIRED
SEC_CONFIG_INTEGRITY = REQUIRED
CREDD_LOG = $(LOG)/CreddLog
CREDD_DEBUG = D_COMMAND
MAX_CREDD_LOG = 50000000

Here are some settings for executor/submitter:
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True
ALLOW_CONFIG = *
SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
SEC_CONFIG_NEGOITATION = REQUIRED
SEC_CONFIG_AUTHENTICATION = REQUIRED
SEC_CONFIG_ENCRYPTION = REQUIRED
SEC_CONFIG_INTEGRITY = REQUIRED

the log files resule are as follows:
I check the matchlog:
7/21 15:24:18 Rejected 12.0 Berti@* <192.168.***:1030>: no match found
7/21 15:24:18 Matched 60.0 Berti@* <192.168.***:1030> preempting none <192.168.****> Executor (this one matches due to RunAsOwner = False)
7/21 15:25:38 Rejected 12.0 Berti@* <192.168.***:1030>: no match found
7/21 15:25:58 Rejected 12.0 Berti@* <192.168.***:1030>: no match found

the startlog:
7/21 15:24:52 State change: No preempting claim, returning to owner
7/21 15:24:52 Changing state and activity: Preempting/Vacating -> Owner/Idle
7/21 15:24:52 State change: IS_OWNER is false
7/21 15:24:52 Changing state: Owner -> Unclaimed
7/21 15:30:05 condor_read(): timeout reading 5 bytes from <192.168.226.128:9620>.
7/21 15:30:05 IO: Failed to read packet header
7/21 15:30:05 AUTHENTICATE: handshake failed!
7/21 15:30:05 ERROR: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed to authenticate using PASSWORD
7/21 15:35:25 condor_read(): timeout reading 5 bytes from <192.168.226.128:9620>.
7/21 15:35:25 IO: Failed to read packet header
7/21 15:35:25 AUTHENTICATE: handshake failed!
7/21 15:35:25 ERROR: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed _______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/_______________________________________________ Condor-users mailing list To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a subject: Unsubscribe You can also unsubscribe by visiting https://lists.cs.wisc.edu/mailman/listinfo/condor-users The archives can be found at: https://lists.cs.wisc.edu/archive/condor-users/

References:
- Re: [Condor-users] Antwort: Re: CREDD problems
  - From: Wilding, Kevan A

Prev by Date: [Condor-users] Questions about DAGMAN jobs & How to setup notification to other users in DAGMAN jobs?
Next by Date: Re: [Condor-users] Questions about DAGMAN jobs & How to setupnotification to other users in DAGMAN jobs?
Previous by thread: Re: [Condor-users] Antwort: Re: CREDD problems
Next by thread: [Condor-users] Questions about DAGMAN jobs & How to setup notification to other users in DAGMAN jobs?
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

[Condor-users] Antwort: Re: Antwort: Re: CREDD problems