I'm working on our new AlmaLinux 9-based OS install. Our existing install is CentOS Stream 8 running 10.0 LTS.
I'm trying to use the same setup for the 10.x install as I have for 10.0 but it's not happy with the idtoken (/etc/condor/tokens.d/condor@mypool) that works just fine for my other hosts. There's no KDC available, let alone involved.
The token is being generated by:
 condor_store_cred -c add
 umask 0077; condor_token_create -identity condor@mypool > /etc/condor/tokens.d/condor@mypool
This is done in the same script as works on our HTCondor 10.0 hosts.
I'm tring to join this test host to an existing 10.0 pool, since that's what is going to happen in production.
Just like our production hosts,ÂSEC_DEFAULT_AUTHENTICATION_METHODS is undefined.
As is sadly the case far too often, my googlefu is failing to find anything at all relevant.
06/28/23 13:13:23 Sending DC_SET_READY message to master <REDACTED.145:9618?addrs=REDACTED.145-9618+[2001-470-e9e7--2-350]-9618&alias=[REDACTED}&noUDP&sock=master_4455_5682>
06/28/23 13:13:23 TOKEN: No token found.
06/28/23 13:13:23 AUTH_ERROR: Cannot resolve network address for KDC in requested realm
06/28/23 13:13:23 SECMAN: required authentication with collector [REDACTED] failed, so aborting command UPDATE_STARTD_AD.
06/28/23 13:13:23 ERROR: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using SCITOKENS|AUTHENTICATE:1004:Failed to authenticate using KERBEROS|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS|AUTHENTICATE:1004:Failed to authenticate using FS
06/28/23 13:13:23 Collector update failed; will try to get a token request for trust domain [REDACTED], identity (default).
06/28/23 13:13:23 Failed to start non-blocking update to <REDACTED.140:9618>.
06/28/23 13:13:23 TOKEN: No token found.
06/28/23 13:13:23 AUTH_ERROR: Cannot resolve network address for KDC in requested realm
06/28/23 13:13:23 SECMAN: required authentication with collector [REDACTED] failed, so aborting command DC_START_TOKEN_REQUEST.
06/28/23 13:13:23 Failed to request a new token: DAEMON:1:failed to start command for token request with remote daemon at '<REDACTED.140:9618?alias=[REDACTED]>'.|AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using SCITOKENS|AUTHENTICATE:1004:Failed to authenticate using KERBEROS|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS|AUTHENTICATE:1004:Failed to authenticate using FS
06/28/23 13:13:49 State change: benchmarks completed
06/28/23 13:13:49 slot1: Changing activity: Benchmarking -> Idle
06/28/23 13:13:49 TOKEN: No token found.
06/28/23 13:13:49 AUTH_ERROR: Cannot resolve network address for KDC in requested realm
06/28/23 13:13:49 SECMAN: required authentication with collector [REDACTED] failed, so aborting command UPDATE_STARTD_AD.
06/28/23 13:13:49 ERROR: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using SCITOKENS|AUTHENTICATE:1004:Failed to authenticate using KERBEROS|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS|AUTHENTICATE:1004:Failed to authenticate using FS
06/28/23 13:13:49 Collector update failed; will try to get a token request for trust domain [REDACTED], identity (default).
06/28/23 13:13:49 Failed to start non-blocking update to <REDACTED.140:9618>.
06/28/23 13:13:49 TOKEN: No token found.
06/28/23 13:13:49 AUTH_ERROR: Cannot resolve network address for KDC in requested realm
06/28/23 13:13:49 SECMAN: required authentication with collector [REDACTED] failed, so aborting command DC_START_TOKEN_REQUEST.
06/28/23 13:13:49 Failed to request a new token: DAEMON:1:failed to start command for token request with remote daemon at '<REDACTED.140:9618?alias=[REDACTED]>'.|AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using SCITOKENS|AUTHENTICATE:1004:Failed to authenticate using KERBEROS|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS|AUTHENTICATE:1004:Failed to authenticate using FS
06/28/23 13:18:23 TOKEN: No token found.
06/28/23 13:18:23 AUTH_ERROR: Cannot resolve network address for KDC in requested realm
06/28/23 13:18:23 SECMAN: required authentication with collector [REDACTED] failed, so aborting command UPDATE_STARTD_AD.
06/28/23 13:18:23 ERROR: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using SCITOKENS|AUTHENTICATE:1004:Failed to authenticate using KERBEROS|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS|AUTHENTICATE:1004:Failed to authenticate using FS
06/28/23 13:18:23 Collector update failed; will try to get a token request for trust domain [REDACTED], identity (default).
06/28/23 13:18:23 Failed to start non-blocking update to <REDACTED.140:9618>.
06/28/23 13:18:23 TOKEN: No token found.
06/28/23 13:18:23 AUTH_ERROR: Cannot resolve network address for KDC in requested realm
06/28/23 13:18:23 SECMAN: required authentication with collector [REDACTED] failed, so aborting command DC_START_TOKEN_REQUEST.
06/28/23 13:18:23 Failed to request a new token: DAEMON:1:failed to start command for token request with remote daemon at '<REDACTED.140:9618?alias=[REDACTED]>'.|AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using SCITOKENS|AUTHENTICATE:1004:Failed to authenticate using KERBEROS|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS|AUTHENTICATE:1004:Failed to authenticate using FS
The CONDOR_HOST is the 140 address. This host is the 145 address.
Any hints or pointers would be appreciated.
thanks,
nomad
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}