Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] About config and SECMAN: FAILED: Received "DENIED" from server for user unauthenticated@unmapped using method (no authentication)

1. I remebered I can use condor_status directly, no need to config it at version 8.2.2.
But condor 8.5 version must need to config SEC_CLIENT_AUTHENTICATION_METHODS , so that condor_status will work from any machine in the pool?

2. There is error: ERROR: SECMAN:2010:Received "DENIED" from server for user unauthenticated@unmapped using method (no authentication).
But I still can submit and run a job. How to avoid this error or just leave it alone?

3. Can anyone share a minimum config for a condor pool?

4. In condor_config file, it says:
##  If the local config file is not present, is it an error? (WARNING: This is a potential security issue.)
REQUIRE_LOCAL_CONFIG_FILE = false

But I just add a file named condor_config.local, and it works. Should I change REQUIRE_LOCAL_CONFIG_FILE to true?


Thanks,
Allen


NegotiatorLog:
----------------
11/21/15 21:06:31 ---------- Started Negotiation Cycle ----------
11/21/15 21:06:31 Phase 1:  Obtaining ads from collector ...
11/21/15 21:06:31   Getting startd private ads ...
11/21/15 21:06:31 SECMAN: FAILED: Received "DENIED" from server for user unauthenticated@unmapped using method (no authentication).
11/21/15 21:06:31 ERROR: SECMAN:2010:Received "DENIED" from server for user unauthenticated@unmapped using method (no authentication).
11/21/15 21:06:31 Couldn't fetch ads: communication error
11/21/15 21:06:31 Aborting negotiation cycle

Then I add a passwd for condor.
but, NegotiatorLog:
----------------
11/22/15 10:23:32 ---------- Started Negotiation Cycle ----------
11/22/15 10:23:32 Phase 1:  Obtaining ads from collector ...
11/22/15 10:23:32   Getting startd private ads ...
11/22/15 10:23:32 SECMAN: FAILED: Received "DENIED" from server for user condor_pool@node29 using method PASSWORD.
11/22/15 10:23:32 ERROR: SECMAN:2010:Received "DENIED" from server for user condor_pool@node29 using method PASSWORD.|AUTHENTICATE:1004:Failed to authenticate using FS
11/22/15 10:23:32 Couldn't fetch ads: communication error
11/22/15 10:23:32 Aborting negotiation cycle



condor_config.local:
-----------
use ROLE: Submit, Execute
CONDOR_HOST = 10.1.1.101
################################################################################
# Enable security
use SECURITY: Strong
#use SECURITY: HOST_BASED

# By default, must authenticate via filesystem or pool password
SEC_DEFAULT_AUTHENTICATION_METHODS = FS, PASSWORD
# Allow READ level access (e.g. condor_status) with ANONYMOUS authentication
SEC_READ_AUTHENTICATION_METHODS = $(SEC_DEFAULT_AUTHENTICATION_METHODS), ANONYMOUS
# Have tools like condor_status attempt ANONYMOUS authentication.  so that
# condor_status will work from any machine in the pool.
SEC_CLIENT_AUTHENTICATION_METHODS = $(SEC_DEFAULT_AUTHENTICATION_METHODS), ANONYMOUS

SEC_PASSWORD_FILE = /etc/condor/poolpassword

ALLOW_ADMINISTRATOR = 10.1.1.101
ALLOW_DAEMON = *
ALLOW_WRITE = *
ALLOW_ADVERTISE_MASTER = *
ALLOW_NEGOTIATOR = $(CONDOR_HOST)
ALLOW_READ = *

BIND_ALL_INTERFACES=TRUE