[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] probems with condor_store_cred



thanks again Todd.

Alas that command returns nothing
[root@vocms900 tmp]# condor_status -any -af Name MyType -const 'MyType == "CredD"'
[root@vocms900 tmp]#

Marco Mascheroni suggested that maybe our credmon fails to authenticate
with collector, which IIUC would explain why we can't find it.

/var/log/condor/CredLog in crab-sched-901 has following lines, which I can't translate into action items for me. IDTokens in the machine's /etc/condor/tokens.d is OK since schedd talks finely with collector.

Marco and Florian and hopefully going to help on that. We'll  let you know
if we need more assistance.

Thanks

Stefano


07/02/25 20:23:13 Will use TCP to update collector vocms4100.cern.ch <[2001:1458:301:47::100:12]:9620?alias=vocms4100.cern.ch>
07/02/25 20:23:14 SECMAN: resuming command 58 UPDATE_AD_GENERIC to collector cmssrv2313.fnal.gov:9620 from TCP port 17539 (non-blocking).
07/02/25 20:23:14 SECMAN: resuming command 58 UPDATE_AD_GENERIC to collector cmssrv2313.fnal.gov:9620 from TCP port 17539 (non-blocking).
07/02/25 20:23:14 SECMAN: new session, doing initial authentication.
07/02/25 20:23:14 SECMAN: Auth methods: FS,TOKEN
07/02/25 20:23:14 AUTHENTICATE: setting timeout for <[2620:6a:0:8421:f0:0:189:184]:9620?alias=cmssrv2313.fnal.gov> to 20.
07/02/25 20:23:14 HANDSHAKE: in handshake(my_methods = 'FS,TOKEN')
07/02/25 20:23:14 HANDSHAKE: handshake() - i am the client
07/02/25 20:23:14 HANDSHAKE: sending (methods == 2052) to server
07/02/25 20:23:14 HANDSHAKE: server replied (method = 4)
07/02/25 20:23:14 AUTHENTICATE_FS: used dir /tmp/FS_XXXxqqtLe, status: 0
07/02/25 20:23:14 AUTHENTICATE: method 4 (FS) failed.
07/02/25 20:23:14 HANDSHAKE: in handshake(my_methods = 'TOKEN')
07/02/25 20:23:14 HANDSHAKE: handshake() - i am the client
07/02/25 20:23:14 HANDSHAKE: sending (methods == 2048) to server
07/02/25 20:23:14 HANDSHAKE: server replied (method = 2048)
07/02/25 20:23:14 IDTOKENS: Examining /etc/condor/tokens.d/global_crab-sched-901.idtoken for valid tokens from issuer "cmsgwms-global.cern.ch".
07/02/25 20:23:14 Authentication was a Success.
07/02/25 20:23:14 AUTHENTICATION: setting default map to condor@password
07/02/25 20:23:14 AUTHENTICATION: post-map: current FQU is 'condor@password'
07/02/25 20:23:14 AUTHENTICATE: Exchanging keys with remote side.
07/02/25 20:23:14 AUTHENTICATE: Result of end of authenticate is 1.
07/02/25 20:23:14 SECMAN: generating AES key for session with collector cmssrv2313.fnal.gov:9620...
07/02/25 20:23:14 SECMAN: successfully enabled encryption!
07/02/25 20:23:14 SECMAN: successfully enabled message authenticator!
07/02/25 20:23:14 SECMAN: FAILED: Received "DENIED" from server for user crabschedd_crab-sched-901@xxxxxxx using method IDTOKENS.
07/02/25 20:23:14 ERROR: SECMAN:2010:Received "DENIED" from server for user crabschedd_crab-sched-901@xxxxxxx using method IDTOKENS.