Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Run htcondor as domain user on Windows

Hi Leon,

You should be able to piece together specifically why the daemons are being denied during authorization from the logs. You can build a complete picture by looking at the other/server side of the conversation (Collector in this case). I do also have some questions about your setup:
  • Is your pool only Windows or is it a mix of Windows/Linux?
  • Is `use SECURITY:HOST_BASED` still in the configuration of the newer versioned condor?
  • Is HTCondor being ran as a service for these Windows instillations?

-Cole Bollig
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Leon Thielen <L.Thielen@xxxxxxxxxxxx>
Sent: Thursday, August 15, 2024 7:31 AM
To: htcondor-users@xxxxxxxxxxx <htcondor-users@xxxxxxxxxxx>
Subject: [HTCondor-users] Run htcondor as domain user on Windows
 

Hi,

We have been working successfully with HTCondor 8.x for many years.

We also use HTCondor 8.x to carry out GUI tests.

With the program QF-Test we can test our application automatically.

An open desktop is required.

 

I know:

“Running the HTCondor services as any other account (such as a domain user) is not supported and could be problematic.”

From <https://htcondor.readthedocs.io/en/v8_8/admin-manual/installation-startup-shutdown-reconfiguration.html>

 

But for us the following worked:

HTCondor 8.8.15 use SECURITY : HOST_BASED

1. autologin as test-user

2. start condor_master as test-user

So we can perform 24x7 GUI test.

 

But with the change to 23.012 there are problems.

 

All services start but the hosts are not in the cluster (condor_status does not list the hosts) and therefore do not receive any jobs.

 

In the MasterLog :

08/15/24 09:30:10 Setting ready state 'Ready' for STARTD

08/15/24 09:30:10 SECMAN: FAILED: Received "DENIED" from server for user condor@xxxxxxxxxxxxxxx using method IDTOKENS.

08/15/24 09:30:10 ERROR: SECMAN:2010:Received "DENIED" from server for user condor@xxxxxxxxxxxxxxx using method IDTOKENS.

08/15/24 09:30:10 Collector update failed; will try to get a token request for trust domain cmhost, identity (default).

08/15/24 09:30:10 Failed to start non-blocking update to <10.20.49.82:9618>.

 

Can anyone help me with the solution?

 

Thanks for your help in advance

Leon

 

 

 

Dipl.-Ing. Leon Thielen
Software Development

MAGMA Gießereitechnologie GmbH

P: +49 241 88901 244 
Kackertstrasse 16-18, 52072 Aachen, Germany 
www.magmasoft.de
L.Thielen@xxxxxxxxxxxx

 GERMANY ● USA ● BRAZIL ● SINGAPORE ● SOUTH KOREA ● CHINA ● INDIA ● TURKEY ● CZECH REPUBLIC

International MAGMA User Meeting 2024 - October 9-11 | RADISSON BLU - Frankfurt

MAGMA Gießereitechnologie GmbH | Kackertstraße 16-18, 52072 Aachen, Germany | Legal form: GmbH, Register court: Aachen HRB 3912, Value added tax identification number: DE121745780 | Management: Dr. Marc C. Schneider (CEO and President), Dipl.-Ing. Mathieu Weber (Managing Director)