|
Hi Rita,
also mind the double quote characters: they need to be ASCII
(they look alright in your example, but not in Ben's).
Have you tried bumping the log levels of the startd (and possibly
the other side) to get more details about the mapping machinery?
Something like this:
STARTD_DEBUG = D_FULLDEBUG D_SECURITY:2 D_ALWAYS:2 D_CAT
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Ben Jones <ben.dylan.jones@xxxxxxxxx>
Sent: Wednesday, July 31, 2024 2:10 PM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] SSL Authentication fails for remote submission
Have you tried a mapfile that looks like:
SSL â/CN=centralmanagerâ usera
Not sure about either the whitespace in yours, nor having the UID_DOMAIN in the user. But this is just the principle of making your mapfile look more like mine that is working, than knowing that it _will_ work.
On 31 Jul 2024, at 13:33, Rita <rmorgan466@xxxxxxxxx> wrote:
anyone? ;-)
Thanks Maarteen.
In my StartdLog, I see
authentication of <hosta> did not result in a valid mapped user name, which is required for this command (1112 QMGMT_WRITE_CMD), so aborting
reason for authentication failure: AUTHENTICATE:1003:Failed to authenticate with any method|Failed to authenticate using SSL
My mapfile looks like this
I get the middle from doing openssl x509 -text -noout -in cert.cer | grep Subject
Hi Rita,
a proxy ought not be necessary. In fact, Jaime Frey needed to make
major modifications to allow proxies to work with the SSL method.
Presumably it still works for plain certificates as well.
I have seen evidence for that with v9.0.20.
interesting. I didn't know I needed a proxy to get this working. Is that necessary?
Hi Rita,
steps 2 and later on this page may point you in the right direction:
Depending on your environment, you may not need the various
settings referring to contents of the /etc/grid-security directory.
Is there a configuration I can refer to for remote job submissions where my authentication method is SSL?
I am able to submit when I have CLAIMTOBE. When I enable SSL, I see this on the remote ScheddLog
SSL Auth: SSL Authentication fails; client status is -1; server status is 0; terminating.
On the submission host I see
ERROR: Failed to connect to queue manager queueserver
AUTHENTICATE:1003:Failed to authenticate with any method
AUTHENTICATE:1004:Failed to authenticate using SSL
I have ALL_DEBUG = D_SECURITY:2 in both servers.
Any other suggestions?
--
--- Get your facts first, then you can distort them as you please.--
--
--- Get your facts first, then you can distort them as you please.--
--
--- Get your facts first, then you can distort them as you please.--
--
--- Get your facts first, then you can distort them as you please.--
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to
htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}