Have you got a set of CA Certificates in the
/etc/grid-security/certificates directory that includes the one you
are using?
Steve
On Mon, 5 Oct 2009, satyanarayan rao wrote:
Sorry for posting again.. but i am really stuck up,
please help.
Hello Everyone,
I am using condor 7.2.4 and Globus Toolkit, i want to enable GSI
authentication in condor
the configuration changes that i have done in condor_config file is as
follows:
*****************************************************************************************************
Start /etc/condor/condor_config******************************
SEC_DEFAULT_AUTHENTICATION = REQUIRED
SEC_DEFAULT_AUTHENTICATION_METHODS = GSI
SEC_READ_AUTHENTICATION = OPTIONAL
SEC_CLIENT_AUTHENTICATION = OPTIONAL
SEC_DEFAULT_ENCRYPTION = OPTIONAL
SEC_DEFAULT_INTEGRITY = REQUIRED
SEC_READ_INTEGRITY = OPTIONAL
SEC_CLIENT_INTEGRITY = OPTIONAL
SEC_READ_ENCRYPTION = OPTIONAL
SEC_CLIENT_ENCRYPTION = OPTIONAL
GSI_DAEMON_DIRECTORY = /etc/grid-security
GSI_ASSIST_GRIDMAP = /etc/grid-security/grid-mapfile
GSI_DAEMON_NAME = /O=Grid/OU=GlobusTest/OU=
simpleCA-grid-server.iiitm.ac.in/OU=iiitm.ac.in/CN=condor<
http://simpleca-grid-server.iiitm.ac.in/OU=iiitm.ac.in/CN=condor>
GSI_DAEMON_CERT = $(GSI_DAEMON_DIRECTORY)/hostcert.pem
GSI_DAEMON_KEY = $(GSI_DAEMON_DIRECTORY)/hostkey.pem
GSI_DAEMON_TRUSTED_CA_DIR = $(GSI_DAEMON_DIRECTORY)/certificates
GSI_DAEMON_PROXY = /tmp/x509up_u489
ALLOW_READ = *
ALLOW_DAEMON = *
ALLOW_NEGOTIATOR = *
ALLOW_ADMINISTRATOR = *
*******************************************************************************************End************************************************
The MasteLog message
[root@grid-server condor]# tail -f MasteLog
10/3 01:17:25 ******************************************************
10/3 01:17:25 ** condor_master (CONDOR_MASTER) STARTING UP
10/3 01:17:25 ** /usr/sbin/condor_master
10/3 01:17:25 ** SubsystemInfo: name=MASTER type=MASTER(2)
class=DAEMON(1)
10/3 01:17:25 ** Configuration: subsystem:MASTER local:<NONE>
class:DAEMON
10/3 01:17:25 ** $CondorVersion: 7.2.4 Aug 28 2009 BuildID:
Fedora-7.2.4-1.fc11 $
10/3 01:17:25 ** $CondorPlatform: I386-LINUX_F11 $
10/3 01:17:25 ** PID = 4667
10/3 01:17:25 ** Log last touched 10/3 01:17:10
10/3 01:17:25 ******************************************************
10/3 01:17:25 Using config source: /etc/condor/condor_config
10/3 01:17:25 Using local config sources:
10/3 01:17:25 /var/lib/condor/condor_config.local
10/3 01:17:25 DaemonCore: Command Socket at <192.168.33.188:33363>
10/3 01:17:25 Started DaemonCore process "/usr/sbin/condor_collector",
pid
and pgroup = 4668
10/3 01:17:28 Started DaemonCore process "/usr/sbin/condor_negotiator",
pid
and pgroup = 4669
10/3 01:17:28 Started DaemonCore process "/usr/sbin/condor_schedd", pid
and
pgroup = 4670
10/3 01:17:28 Started DaemonCore process "/usr/sbin/condor_startd", pid
and
pgroup = 4671
10/3 19:01:42 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:42 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure. Unsupported method: 32
10/3 19:01:42 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:42 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure. Unsupported method: 32
10/3 19:01:42 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:42 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure. Unsupported method: 32
10/3 19:01:47 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:47 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure. Unsupported method: 32
10/3 19:01:47 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:47 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure. Unsupported method: 32
10/3 19:01:47 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:47 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure. Unsupported method: 32
10/3 19:01:52 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:52 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure. Unsupported method: 32
10/3 19:01:52 condor_read(): recv() returned -1, errno = 104, assuming
failure reading 5 bytes from unknown source.
10/3 19:01:52 IO: Failed to read packet header
10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed:
Connection
refused (connect errno = 111).
10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
192.168.33.188:9618> failed.
10/3 19:01:52 Failed to start non-blocking update to <
192.168.33.188:9618>.
10/3 19:01:52 The COLLECTOR (pid 10011) exited with status 4
10/3 19:01:52 Sending obituary for "/usr/sbin/condor_collector"
10/3 19:01:52 restarting /usr/sbin/condor_collector in 10 seconds
10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed:
Connection
refused (connect errno = 111).
10/3 19:01:52 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:52 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure. Unsupported method: 32
10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
192.168.33.188:9618> failed.
10/3 19:01:52 Failed to start non-blocking update to <
192.168.33.188:9618>.
10/3 19:01:52 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:52 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure. Unsupported method: 32
10/3 19:01:52 The NEGOTIATOR (pid 10012) exited with status 4
10/3 19:01:52 Sending obituary for "/usr/sbin/condor_negotiator"
10/3 19:01:52 restarting /usr/sbin/condor_negotiator in 10 seconds
10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed:
Connection
refused (connect errno = 111).
10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
192.168.33.188:9618> failed.
10/3 19:01:52 Failed to start non-blocking update to <
192.168.33.188:9618>.
10/3 19:01:52 The SCHEDD (pid 10013) exited with status 4
10/3 19:01:52 Sending obituary for "/usr/sbin/condor_schedd"
10/3 19:01:52 restarting /usr/sbin/condor_schedd in 10 seconds
10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed:
Connection
refused (connect errno = 111).
10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
192.168.33.188:9618> failed.
10/3 19:01:52 Failed to start non-blocking update to <
192.168.33.188:9618>.
10/3 19:01:53 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:53 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure. Unsupported method: 32
10/3 19:01:58 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:58 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure. Unsupported method: 32
^C
Not able to figure out the problem
Didnt find help regarding this error in mail-list..
Any Help or idea would be appriciated..
Thanks
--
------------------------------------------------------------------
Steven C. Timm, Ph.D (630) 840-8525
timm@xxxxxxxx http://home.fnal.gov/~timm/ <http://home.fnal.gov/%7Etimm/>
Fermilab Computing Division, Scientific Computing Facilities,
Grid Facilities Department, FermiGrid Services Group, Assistant Group
Leader.
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}