Re: [HTCondor-users] condor_rm job, Permission denied to force removal

[KÃhn, Max (SCC) <max.fischer@xxxxxxx>]

Hi Andy,

In my experience that usually happens if your security configuration allows unauthenticated access (`SEC_*_AUTHENTICATION_METHODS = ANONYMOUS`) or otherwise treat auth as optional (`SEC_*_AUTHENTICATION = OPTIONAL `). In this case the HTCondor daemons will âauthenticateâ your client first as anonymous, then try and execute your command - which often isnât allowed for anonymous users.

I recommend to use at least `SEC_*_AUTHENTICATION = PREFERRED`.
If thatâs not enough, set CONDOR_TOOL_DEBUG to include D_SECURITY and/or D_FULLDEBUG and run the command again with the `-debug` flag; this should show you how your client authenticates to the daemon and hopefully at what step things go wrong.

Cheers,
Max

> On 19. Jan 2025, at 15:02, Andy Barr <ajbarr@xxxxxxxxx> wrote:
> 
> Hi,
> I'm trying to remove jobs that are in the HOLD state in my condor pool.  This is a small windows OS only pool that I am working on setting up.  I am the owner of the job
> 
> OWNER   BATCH_NAME    SUBMITTED   DONE   RUN    IDLE   HOLD  TOTAL JOB_IDS
> ajbarr ID: 24      12/13 17:18      _      _      _      1      1 24.0
> 
> I'm using the command,
> 
> condor_rm -force 24.0
> Permission denied to force removal of job 24.0
> 
> Last, I get this error message in my SchedLog,
> 01/19/25 08:57:47 (pid:27872) QMGT command failed: anonymous user not permitted
> 
> so it seems for some reason it thinks I'm an anonymous user?
> from a dos prompt I get,
> whoami
> company\ajbarr
> 
> I am able to successfully run jobs on this pool. 
> 
> Thanks for your help,
> Andy
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> 
> The archives can be found at: https://www-auth.cs.wisc.edu/lists/htcondor-users/

Attachment: smime.p7s
Description: S/MIME cryptographic signature