Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] CREDD - Can't find address for credd host5.domain


Have you stored the pool password on host 6. The UNDEF means there is no stored pool password.

condor_store_cred -c -n HOST6 -p Pool_pwd add

This needs to be executed on a machine with a SCHEDD, but you can read the manual for more specific information.

mike


From: kschwarz@xxxxxxxxxxxxxx
To: condor-users@xxxxxxxxxxx
Date: 04/07/2011 07:17 AM
Subject: [Condor-users] CREDD - Can't find address for credd host5.domain
Sent by: condor-users-bounces@xxxxxxxxxxx





Hi,

I am using condor 7.4.4, and am trying to setup a CREDD in a pool of Windows machines (of three machines).
Central manager is setup on one machine (HOST3), CREDD is being configured on another machine (HOST5).
HOST5 is also a submit and execute host (during this access problem investigation only).
HOST6 is a submit and executor machine.

CREDD settings are:

for the whole pool:

####################################################################
## CREDD client settings
####################################################################
CREDD_HOST = host5
LOCAL_CREDD = host5
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True
##
## You'll also need to ensure that clients are configured to use
## PASSWORD authentication on any machine that can run jobs as the
## submitting user. For example,
##
SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
##
## And finally, you'll need to enable CONFIG-level access for all
## machines in the pool so that the pool password can be stored:
##
ALLOW_CONFIG = kschwarz@*, KSCHWARZ@*
SEC_CONFIG_NEGOTIATION = REQUIRED
SEC_CONFIG_AUTHENTICATION = REQUIRED
SEC_CONFIG_ENCRYPTION = REQUIRED
SEC_CONFIG_INTEGRITY = REQUIRED
#Domain name without wildcard in the beginning
UID_DOMAIN = domain


for the CREDD on HOST5 (in addition to the client setting above): Exactly the content of condor_config.local.credd as found in the condor distribution.

Looking in the CreddLog in HOST5, I find PERMISSION GRANTED messages for HOST5, but not for the other hosts (host6, for instance):

04/07 09:22:58 PERMISSION GRANTED to condor_pool@domain from host 10.13.4.184 for command 81100 (CREDD_NOP), access level DAEMON: reason: DAEMON authorization policy allows IP address 10.13.4.184; identifiers used for this remote host: 10.13.4.184,HOST5.domain

Note: 10.13.4.184 is the IP address of HOST5.domain (the Credd host).

Running the following command (as in Condor Manual) to check if credd is defined on the hosts:

C:\TEMP> condor_status -f "%-15s\t" Name -f "%s\n" ifThenElse(isUndefined(LocalCredd),\"UNDEF\",LocalCredd)
HOST5.domain           host5
HOST6.domain           UNDEF


Looking in the StartLog in HOST6, I have found the error message:

04/07 09:27:40 Can't find address for credd host5.domain

I have tried opening all permission to see if it fix the problem without success.

Any idea of what is preventing HOST6 to find HOST5?

Thanks,
Klaus
This message is intended solely for the use of its addressee and may contain privileged or confidential information. All information contained herein shall be treated as confidential and shall not be disclosed to any third party without Embraer’s prior written approval. If you are not the addressee you should not distribute, copy or file this message. In this case, please notify the sender and destroy its contents immediately.
Esta mensagem é para uso exclusivo de seu destinatário e pode conter informações privilegiadas e confidenciais. Todas as informações aqui contidas devem ser tratadas como confidenciais e não devem ser divulgadas a terceiros sem o prévio consentimento por escrito da Embraer. Se você não é o destinatário não deve distribuir, copiar ou arquivar a mensagem. Neste caso, por favor, notifique o remetente da mesma e destrua imediatamente a mensagem._______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/