01/21/25 13:15:01 HANDSHAKE: in handshake(my_methods = 'NTSSPI,PASSWORD')
01/21/25 13:15:01 HANDSHAKE: handshake() - i am the client
01/21/25 13:15:01 HANDSHAKE: sending (methods == 528) to server
01/21/25 13:15:01 HANDSHAKE: server replied (method = 16)
01/21/25 13:15:01 Authentication was a Success.
01/21/25 13:15:01 AUTHENTICATION: setting default map to (null)
01/21/25 13:15:01 AUTHENTICATION: post-map: current FQU is '(null)'
This shows that NTSSPI (method bit 16) was the authentication method used, but for some reason
the authenticated identity could not be converted to a username.  (FQU is fully qualified user. )
I think we need to see the SchedLog, try adding this to your configuration, then reconfig the sched and reproduce the problem.Â
SCHEDD_DEBUG = $(SCHEDD_DEBUG) D_SECURITY:2
This will produce a lot of output in the SchedLog, but I think we need the detailed logging to give us some clue why NTSSPI authentication is succeeding, but the username ends up being anonymous anyway.
-tj
Hi John,
What Condor version? Â
$CondorVersion: 24.2.2 2024-12-04 BuildID: 772905 GitSHA: 2b56256d $
$CondorPlatform: x86_64_Windows10 $
Can you submit new jobs to the schedd?Â
Yes
Are you logged in to the machine that the SCHEDD is running on? or are you trying to remove jobs from a SCHEDD remotely? ÂSome authorization methods only work locally.ÂÂ
Yes, but I would like to be able to remove jobs from a SCHEDD remotely eventually.
If you are running Condor version 24 or later, you can try
condor_rm 2.0 -debug:D_SECURITY
01/21/25 13:15:01 Win32 sysapi_get_network_device_info_raw()
01/21/25 13:15:01 SECMAN: command 478 ACT_ON_JOBS to <
10.29.4.45:9618>
from TCP port 49801 (blocking).
01/21/25 13:15:01 SECMAN: new session, doing initial authentication.
01/21/25 13:15:01 SECMAN: Auth methods: NTSSPI,PASSWORD
01/21/25 13:15:01 AUTHENTICATE: setting timeout for <
10.29.4.45:9618?addrs=10.29.4.45-9618&alias=node1.company.com&noUDP&sock=schedd_15316_70f8>
to 20.
01/21/25 13:15:01 HANDSHAKE: in handshake(my_methods = 'NTSSPI,PASSWORD')
01/21/25 13:15:01 HANDSHAKE: handshake() - i am the client
01/21/25 13:15:01 HANDSHAKE: sending (methods == 528) to server
01/21/25 13:15:01 HANDSHAKE: server replied (method = 16)
01/21/25 13:15:01 Authentication was a Success.
01/21/25 13:15:01 AUTHENTICATION: setting default map to (null)
01/21/25 13:15:01 AUTHENTICATION: post-map: current FQU is '(null)'
01/21/25 13:15:01 AUTHENTICATE: Exchanging keys with remote side.
01/21/25 13:15:01 AUTHENTICATE: Result of end of authenticate is 1.
01/21/25 13:15:01 SECMAN: generating AES key for session with <
10.29.4.45:9618>...
01/21/25 13:15:01 SECMAN: successfully enabled encryption!
01/21/25 13:15:01 SECMAN: successfully enabled message authenticator!
01/21/25 13:15:01 SESSION: client duplicated AES to BLOWFISH key for UDP.
01/21/25 13:15:01 SECMAN: added session P01200537:17268:1737483301:11 to cache for 60 seconds (3600s lease).
01/21/25 13:15:01 SECMAN: startCommand succeeded.
01/21/25 13:15:01 DCSchedd:actOnJobs: Action failed
What Condor version? Â
Can you submit new jobs to the schedd?Â
Are you logged in to the machine that the SCHEDD is running on? or are you trying to remove jobs from a SCHEDD remotely? ÂSome authorization methods only work locally.ÂÂ
If you are running Condor version 24 or later, you can try
condor_rm 24.0 -debug:D_SECURITYÂ
To get more detailed logging, but we probably need D_SECURITY logging from the SchedLog to see why it is not authenticating you.Â
-tj
Hi,
I'm trying to remove jobs that are in the HOLD state in my condor pool. This is a small windows OS only pool that I am working on setting up. I am the owner of the job
OWNER Â BATCH_NAME Â ÂSUBMITTED Â DONE Â RUN Â ÂIDLE Â HOLD ÂTOTAL JOB_IDS
ajbarr ID: 24 Â Â Â12/13 17:18 Â Â Â_ Â Â Â_ Â Â Â_ Â Â Â1 Â Â Â1 24.0
I'm using the command,
condor_rm -force 24.0
Permission denied to force removal of job 24.0
Last, I get this error message in my SchedLog,
01/19/25 08:57:47 (pid:27872) QMGT command failed: anonymous user not permitted
so it seems for some reason it thinks I'm an anonymous user?
from a dos prompt I get,
whoami
company\ajbarr
I am able to successfully run jobs on this pool.Â
Thanks forÂyour help,
Andy
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to
htcondor-users-request@xxxxxxxxxxxÂwith a
subject: Unsubscribe
The archives can be found at:
https://www-auth.cs.wisc.edu/lists/htcondor-users/
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}