C:\Users\calibration>Condor_status -af:h Name OpSys Arch LocalCredd HasWindowsRunAsOwner
Remark: only aherdskbld04.lgs-net.com is configured to run jobs as owner.
I can observe that this machine is selected by schedd but not send to the machine.
NOt sure what I set not correct. Must be a small setting somewhere I am missing....
-----------------------
-----------------------
> Gesendet: Mittwoch, 03. Oktober 2018 um 20:53 Uhr
> Von: "John M Knoeller" <johnkn@xxxxxxxxxxx>
> An: "HTCondor-Users Mail List" <htcondor-users@xxxxxxxxxxx>
> Betreff: Re: [HTCondor-users] Fwd: Re: Cannot sent jobs as Owner in WindowsOS
>
> either run_as_owner or RunAsOwner will work. and yes, load_profile conflicts with run_as_owner.
> you must set one or the other but you cannot set both.
>
> -tj
>
> -----Original Message-----
> From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of rb
> Sent: Tuesday, October 2, 2018 5:00 AM
> To: htcondor-users@xxxxxxxxxxx
> Subject: Re: [HTCondor-users] Fwd: Re: Cannot sent jobs as Owner in WindowsOS
>
>
> Hi TJ
>
> Sorry for the delay, I was on PTO the past couple of days.
> To your question pls see attachment.
> only machine AherSRVBLD28 (Pool), AherDSKBLD03 (submitter) and AHERDSKBLD04 (Node) was configured to run Jobs as Owner.
>
> a)
> Do I need to specify in the Submission file
> Run_As_owner or RunAsOwner?
>
> b)
> by default we have
> load_profile = True
> in the submission file.
> Is this a conflict to "Run_as_owner"
>
>
> Best regards,
> Robert
>
>
>
>
> -----------------------
>
> -----------------------
>
>
> > Gesendet: Donnerstag, 27. September 2018 um 23:49 Uhr
> > Von: "John M Knoeller" <johnkn@xxxxxxxxxxx>
> > An: "HTCondor-Users Mail List" <htcondor-users@xxxxxxxxxxx>
> > Betreff: Re: [HTCondor-users] Fwd: Aw: Re: Cannot sent jobs as Owner in WindowsOS
> >
> > This part of the condor_q -analyze output
> >
> > 1 ( ( ( OpSys == "WINNT51" || OpSys == "WINNT52" || OpSys == "WINNT60" || OpSys == "WINNT61" ) || ( ( OpSys == "WINDOWS" || OpSys == "LINUX" ) && Arch == "X86_64" ) ) )
> > 0 REMOVE
> > 2 ( TARGET.HasWindowsRunAsOwner && ( TARGET.LocalCredd is "AHERSRVBLD28.lgs-net.com" )
> >
> >
> > is saying that there are no machines in your pool that are ARCH == X86_64 and also support WindowsRunAsOwner and are using the necessary value for LocalCredd
> >
> >
> > What Does
> >
> > condor_status -af:h Name OpSys Arch LocalCredd HasWindowsRunAsOwner
> >
> >
> > show?
> >
> > -tj
> >
> >
> >
> >
> > From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of rb
> > Sent: Thursday, September 27, 2018 8:40 AM
> > To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
> > Subject: [HTCondor-users] Fwd: Aw: Re: Cannot sent jobs as Owner in WindowsOS
> >
> >
> > Von: rb
> > Datum: 19. September 2018 um 11:02
> > An: "Todd Tannenbaum"
> > Betreff: Aw: Re: [HTCondor-users] Cannot sent jobs as Owner in WindowsOS
> >
> >
> >
> > Hello Todd,
> >
> > thanks for the additional hints.
> > I was able to move a bit forward, but was not yet successful.
> > Eg I was able to specify a condor-pool PW. Jobs are now picked up by condor, however non of them are picked by the nodes as it seems the requirements are not matching.
> > (Remark: Jobs are matching and running when using the default temp user from condor)
> >
> >
> > I attach the condor config files I created now. One for master, one submitter, one node.
> > The submission files contain a line: "Run_as_owner = true"
> >
> > a) Basically I copied the content of the ..\etc\condor_config.local.credd into the condor config file of the pool manager running CREDD
> > b) copied
> > CREDD_HOST = credd.cs.wisc.edu
> > CREDD_CACHE_LOCALLY = True
> >
> > STARTER_ALLOW_RUNAS_OWNER = True
> >
> > ALLOW_CONFIG = Administrator@*
> > SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
> > SEC_CONFIG_NEGOTIATION = REQUIRED
> > SEC_CONFIG_AUTHENTICATION = REQUIRED
> > SEC_CONFIG_ENCRYPTION = REQUIRED
> > SEC_CONFIG_INTEGRITY = REQUIRED
> > into all processing and submitter machines.
> >
> >
> > When now running jobs they are stucked in the queue.
> > Running condor_q -analyze is giving the following message:
> >
> > WARNING: Be advised:
> > No resources matched request's constraints
> > The Requirements _expression_ for your job is:
> > ( ( ( OpSys == "WINNT51" || OpSys == "WINNT52" || OpSys == "WINNT60" ||
> > OpSys == "WINNT61" ) || ( ( OpSys == "WINDOWS" ||
> > OpSys == "LINUX" ) && Arch == "X86_64" ) ) ) &&
> > ( TARGET.Disk >= RequestDisk ) && ( TARGET.Memory >= RequestMemory ) &&
> > ( TARGET.HasFileTransfer ) && ( TARGET.HasWindowsRunAsOwner &&
> > ( TARGET.LocalCredd is "AHERSRVBLD28.lgs-net.com" ) )
> >
> > Suggestions:
> > Condition Machines Matched Suggestion
> > --------- ---------------- ----------
> > 1 ( ( ( OpSys == "WINNT51" || OpSys == "WINNT52" || OpSys == "WINNT60" || OpSys == "WINNT61" ) || ( ( OpSys == "WINDOWS" || OpSys == "LINUX" ) && Arch == "X86_64" ) ) )
> > 0 REMOVE
> > 2 ( TARGET.HasWindowsRunAsOwner && ( TARGET.LocalCredd is "AHERSRVBLD28.lgs-net.com" ) )
> > 0 REMOVE
> > 3 ( TARGET.Disk >= 3 ) 18
> > 4 ( TARGET.Memory >= ifthenelse(MemoryUsage isnt undefined,MemoryUsage,0) )
> > 18
> > 5 ( TARGET.HasFileTransfer ) 18
> > ---
> > 7163.000: Request is running.
> >
> >
> >
> >
> >
> >
> > Some questions:
> >
> > -Would this depend on the version of condor? I am running 8.4.10 on all machines?
> >
> > -My user is known in the domain. Would I need to add this user to the local users of each processing machine?
> >
> > -In the user manual in 7.2.5 "Condor_credd Daemon" a variable called "Local_credd" is mentioned. However I cannot find this variable in non of the examples. Is it necessary to specify this variable in the config file?
> >
> > - Do I need to use a pool PW? Or is it enought to use suggestion from "7.2.6 Executing Jobs with the User's Profile Loaded" and just set "load_profile = True" in submission file.
> >
> > - In usermanual 3.8.13.2 I find the following sentence: "Under Windows, HTCondor by default runs jobs under a dynamically created local account that exists for the duration of the job, but it can optionally run the job as the user account that owns the job if STARTER_ALLOW_RUNAS_OWNER is True and the job contains RunAsOwner=True."
> > Is it RunAsOwner = true or Run_As_Owner = true?
> >
> >
> > Btw:
> > whoami is giving: calibration@xxxxxxxxxxx<mailto:calibration@xxxxxxxxxxx>.
> > This is correct. I would like to have this user running jobs in the condor environment.
> >
> >
> > Best regards,
> > Robert
> >
> >
> >
> > -----------------------
> >
> > -----------------------
> >
> >
> > > Gesendet: Donnerstag, 13. September 2018 um 22:31 Uhr
> > > Von: "Todd Tannenbaum" <tannenba@xxxxxxxxxxx<mailto:tannenba@xxxxxxxxxxx>>
> > > An: "HTCondor-Users Mail List" <htcondor-users@xxxxxxxxxxx<mailto:htcondor-users@xxxxxxxxxxx>>, rb <robertbosch@xxxxxx<mailto:robertbosch@xxxxxx>>
> > > Betreff: Re: [HTCondor-users] Cannot sent jobs as Owner in WindowsOS
> > >
> > > On 9/12/2018 5:02 AM, rb wrote:
> > > > I would like to send and process the job as "owner".
> > > > Not the default "condor-slot user" is procesing the job, but actually the person who is logged on the submitter and is sending the job.
> > > >
> > > > For this we created a user "calibration*. This user is registered in our domain and has admin-permission on all machines (All win 10) connected to the pool.
> > > >
> > > > For this I edited the config file on Submitter and Executing nodes:
> > > >
> > > > [...]
> > > > FILESYSTEM_DOMAIN = lgs-net.com
> > > > UID_DOMAIN = lgs-net.com
> > > > TRUST_UID_DOMAIN = true
> > > > SOFT_UID_DOMAIN = true
> > > > STARTER_ALLOW_RUNAS_OWNER = true
> > > > [...]
> > > >
> > > >
> > > > The submission files are having in addition following entry
> > > > [...]
> > > > Run_As_Owner = true
> > > > [...]
> > > >
> > > >
> > > > I also used "condor_store_cred add" on submitter and pool to store PW for user "calibration"
> > > >
> > > > Still its not working!
> > > > Jobs are created. Also .err and .out files. But they are not picked by Scheduler. Using "condor_q": No jobs in queue.
> > > >
> > > >
> > > > Can someone give some hints?
> > > >
> > >
> > > Did you do a condor_reconfig or restart HTCondor after changing the config settings on your execute and submit hosts?
> > >
> > > Also I don't see anything in your config re your CREDD_HOST etc, as described in the Microsoft Windows chapter in the HTCondor Manual for executing jobs as the Submitting User... specifically I am looking at this section:
> > >
http://htcondor.org/manual/v8.7/MicrosoftWindows.html#x75-5750008.2.4
> > > Perhaps you want to re-read and follow the configuration examples in that part of the Manual.
> > >
> > > Some additional ideas / suggestions:
> > >
> > > Are you running condor_submit as user "calibration" ? What does "whoami" report before submitting the job?
> > >
> > > Try submitting a very simple job and see if that runs as user "calibration". I would suggest running "whoami.exe" with a job event log and see what happens. For example --
> > > executable = whoami.exe
> > > output = test.out
> > > error = test.err
> > > log = test.log
> > > run_as_owner = true
> > > queue
> > >
> > > and then take a look at test.out, test.err, test.log.
> > >
> > > You say the job is successfully submitted but condor_q says no jobs in the queue... ??? what does "condor_q -allusers" say? Or is that because the job is quickly completing... what does condor_history say?
> > >
> > > Re the below observations: I am not the Windows expert, but I believe you should only need to run 'condor_store_cred add' on the submit node, which will then send the password (encrypted) and securely store it on the host running the condor_credd daemons. The execute node will securely fetch the password as needed.
> > >
> > > Hope the above helps,
> > > Todd
> > >
> > >
> > > > I made two observations:
> > > > 1) I cannot use "condor_store_cred add" on executing machines. It returns an error "operation failed". Make sure you have WRITE permission onto this node. Although "WRITE = *" is set in all config files.
> > > > 2) By default our Software adds "load_profile = true" in all submission files. Could this be a potential problem?
> > > >
> > > >
> > > >
> > > > Best regards,
> > > > Robert
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > -----------------------
> > > >
> > > > -----------------------
> > > >
> > > > _______________________________________________
> > > > HTCondor-users mailing list
> > > > To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx<mailto:htcondor-users-request@xxxxxxxxxxx> with a
> > > > subject: Unsubscribe
> > > > You can also unsubscribe by visiting
> > > >
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> > > >
> > > > The archives can be found at:
> > > >
https://lists.cs.wisc.edu/archive/htcondor-users/
> > > >
> > >
> > >
> > > --
> > > Todd Tannenbaum <tannenba@xxxxxxxxxxx<mailto:tannenba@xxxxxxxxxxx>> University of Wisconsin-Madison
> > > Center for High Throughput Computing Department of Computer Sciences
> > > HTCondor Technical Lead 1210 W. Dayton St. Rm #4257
> > > Phone: (608) 263-7132<tel:(608)%20263-7132> Madison, WI 53706-1685
> > >
> > _______________________________________________
> > HTCondor-users mailing list
> > To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> > subject: Unsubscribe
> > You can also unsubscribe by visiting
> >
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> >
> > The archives can be found at:
> >
https://lists.cs.wisc.edu/archive/htcondor-users/
>
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
>
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
>
https://lists.cs.wisc.edu/archive/htcondor-users/
>
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}