Mailing List ArchivesAuthenticated access |
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesAuthenticated access |
|
User condor_pool is not an actual Windows user, right? The condor_pool is not an active directory user. This is the condor pool user, which is used by the daemons to communicate between each other. The pool password is required if you require the password credentials. E.g., SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
However, I have had problems excluding password from the authentication method, so I always use it but it is possible there is a better solution. Based on your error message it appears you are using this. If you figure out a different method for daemon authentication to work without using the pool password then I would love to know. Maybe an active directory account for condor_pool needs to be created and then stored in the cred.
The pool password needs to added on the machine running the cred (usually the central manager) and all other nodes. You can run the following command from the CM: condor_store_cred add -c -n <machine name> –p <pool password>
I generally script this based on a list of machines via Python, since our pool has 120 machines or so.
After running these commands you need to run a reconfig. condor_reconfig -all
Mike
From: htcondor-users-bounces@xxxxxxxxxxx [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of Ralph Finch
I ran condor_store_cred -c on the condor master machine (delta-mod, here) and made up a password, it didn't complain. User condor_pool is not an actual Windows user, right? But even so I have this output from the test command
And sure enough, my job seems to only run on my machine (-002), and -017, -018, and DELTA-MOD. Am I supposed to run condor_store_cred -c on every machine in the pool? Seems unlikely, what if someone had a pool of hundreds of machines? Is the condor_pool user thing fairly recent, I don't recall having to do this before. I'll study the manual on it.
On Fri, Jan 11, 2013 at 6:52 PM, O'Donnell, Michael <odonnellm@xxxxxxxx> wrote: Yes, the shadow log only shows up on the submit machine. I would need to look through Condor's manual with regard to switching of permissions when jobs are submitted and run to refresh my memory. Is it possible that the condor pool password is not stored on the execute machine. Because your job does run when your comment out the log file the problem might be related to permissions of the pool user, condor_pool@xxxxxxxxxxxx.
Run this command: condor_status -f "%s\t" Name -f "%s\n" ifThenElse(isUndefined(LocalCredd),\"UNDEF\",LocalCredd)
If you see undefined for any of your machines, or better the machine causing the problem, then you need to add the credentials for the condor_pool user.
Do you have a D:\ drive on the local machine or are you trying to write the log to your submit machine?
I can take a closer look on Monday if these suggestions do not help. Mike
On Fri, Jan 11, 2013 at 4:40 PM, Ralph Finch <ralphmariafinch@xxxxxxxxx> wrote: @Michael O'Donnell: No mapped drives, but I don't think that's the issue. I made a much simpler test case and it still didn't work. I commented out the line in the submit file trying to create the log file and things work, curiously, the similar lines create the output and error files don't cause troubles. I had run condor_credd and thought everything was good, but will revisit that issue. Ralph Finch Calif. Dept. of Water Resources
On Fri, Jan 11, 2013 at 12:16 PM, Nathan Panike <nwp@xxxxxxxxxxx> wrote: Hi Ralph:
_______________________________________________
--
|