Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_rm job, Permission denied to force removal

Hi Max,
Thanks for the reply, I set CONDOR_TOOL_DEBUG = D_FULLDEBUG
condor_rm -debug 2.0
01/21/25 11:34:14 Win32 sysapi_get_network_device_info_raw()
01/21/25 11:34:14 DCSchedd:actOnJobs: Action failed
Permission denied to remove job 2.0


Is this output useful?

config_val -dump _AUTHENTICATION
# Configuration from machine:

# Parameters with names that match _AUTHENTICATION:
CREDD.SEC_DAEMON_AUTHENTICATION_METHODS = PASSWORD
CREDD.SEC_DEFAULT_AUTHENTICATION = REQUIRED
CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS = NTSSPI
DISABLE_AUTHENTICATION_IP_CHECK = false
SEC_CLIENT_AUTHENTICATION = REQUIRED
SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
SEC_CONFIG_AUTHENTICATION = REQUIRED
SEC_DEFAULT_AUTHENTICATION = required
SEC_DEFAULT_AUTHENTICATION_METHODS = NTSSPI,IDTOKENS,PASSWORD,KERBEROS,SSL
SEC_DEFAULT_AUTHENTICATION_TIMEOUT = 20
SEC_ENABLE_MATCH_PASSWORD_AUTHENTICATION = true
SEC_READ_AUTHENTICATION = REQUIRED
# Contributing configuration file(s):
# Â Â Â D:\condor\condor_config
# Â Â Â D:\condor\condor_config.local

Thanks,
Andy

On Mon, Jan 20, 2025 at 4:36âAM KÃhn, Max (SCC) <max.fischer@xxxxxxx> wrote:
Hi Andy,

In my experience that usually happens if your security configuration allows unauthenticated access (`SEC_*_AUTHENTICATION_METHODS = ANONYMOUS`) or otherwise treat auth as optional (`SEC_*_AUTHENTICATION = OPTIONAL `). In this case the HTCondor daemons will âauthenticateâ your client first as anonymous, then try and execute your command - which often isnât allowed for anonymous users.

I recommend to use at least `SEC_*_AUTHENTICATION = PREFERRED`.
If thatâs not enough, set CONDOR_TOOL_DEBUG to include D_SECURITY and/or D_FULLDEBUG and run the command again with the `-debug` flag; this should show you how your client authenticates to the daemon and hopefully at what step things go wrong.

Cheers,
Max

> On 19. Jan 2025, at 15:02, Andy Barr <ajbarr@xxxxxxxxx> wrote:
>
> Hi,
> I'm trying to remove jobs that are in the HOLD state in my condor pool. This is a small windows OS only pool that I am working on setting up. I am the owner of the job
>
> OWNERÂ ÂBATCH_NAMEÂ Â SUBMITTEDÂ ÂDONEÂ ÂRUNÂ Â IDLEÂ ÂHOLDÂ TOTAL JOB_IDS
> ajbarr ID: 24Â Â Â 12/13 17:18Â Â Â _Â Â Â _Â Â Â _Â Â Â 1Â Â Â 1 24.0
>
> I'm using the command,
>
> condor_rm -force 24.0
> Permission denied to force removal of job 24.0
>
> Last, I get this error message in my SchedLog,
> 01/19/25 08:57:47 (pid:27872) QMGT command failed: anonymous user not permitted
>
> so it seems for some reason it thinks I'm an anonymous user?
> from a dos prompt I get,
> whoami
> company\ajbarr
>
> I am able to successfully run jobs on this pool.
>
> Thanks for your help,
> Andy
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
>
> The archives can be found at: https://www-auth.cs.wisc.edu/lists/htcondor-users/

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe

The archives can be found at: https://www-auth.cs.wisc.edu/lists/htcondor-users/