[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] SSL Authentication fails for remote submission



Thanks Maarteen.Â

In my StartdLog, I see
authenticationÂof <hosta> did not result in a valid mapped user name, which is required for this command (1112 QMGMT_WRITE_CMD), so aborting
reason for authentication failure: AUTHENTICATE:1003:Failed to authenticate with any method|Failed to authenticate using SSL

My mapfile looks like this
SSLÂ Â "/CN = centralmanager"Â Âusera@xxxxxxxxxx

I get the middle from doing openssl x509 -text -noout -in cert.cer | grep Subject




On Tue, Jul 30, 2024 at 8:20âAM Maarten Litmaath <Maarten.Litmaath@xxxxxxx> wrote:
Hi Rita,
a proxy ought not be necessary. In fact, Jaime Frey needed to make
major modifications to allow proxies to work with the SSL method.
Presumably it still works for plain certificates as well.
I have seen evidenceÂfor that with v9.0.20.


From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Rita <rmorgan466@xxxxxxxxx>
Sent: Tuesday, July 30, 2024 2:05 PM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] SSL Authentication fails for remote submission
Â
interesting. I didn't know I needed a proxy to get this working. Is that necessary?

On Mon, Jul 29, 2024 at 11:51âAM Maarten Litmaath <Maarten.Litmaath@xxxxxxx> wrote:
Hi Rita,
steps 2 and later on this page may point you in the right direction:


Depending on your environment, you may not need the various
settings referring to contents of the /etc/grid-security directory.



From:ÂHTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Rita <rmorgan466@xxxxxxxxx>
Sent:ÂMonday, July 29, 2024 2:09 PM
To:ÂHTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject:Â[HTCondor-users] SSL Authentication fails for remote submission
Â
Is there a configuration I can refer to for remote job submissions where my authentication method is SSL?

I am able to submit when I have CLAIMTOBE. When I enable SSL, I see this on the remote ScheddLog

SSL Auth: SSL Authentication fails; client status is -1; server status is 0; terminating.

On the submission host I see
ERROR: Failed to connect to queue manager queueserver
AUTHENTICATE:1003:Failed to authenticate with any method
AUTHENTICATE:1004:Failed to authenticate using SSL

I have ALL_DEBUG = D_SECURITY:2 in both servers.

Any other suggestions?


--
--- Get your facts first, then you can distort them as you please.--
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/


--
--- Get your facts first, then you can distort them as you please.--
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/


--
--- Get your facts first, then you can distort them as you please.--