Re: [HTCondor-users] probems with condor_store_cred

[Stefano Belforte <stefano.belforte@xxxxxxx>]

thanks again Todd.

Alas that command returns nothing
[root@vocms900 tmp]# condor_status -any -af Name MyType -const 'MyType == "CredD"'
[root@vocms900 tmp]#

Marco Mascheroni suggested that maybe our credmon fails to authenticate
with collector, which IIUC would explain why we can't find it.

/var/log/condor/CredLog in crab-sched-901 has following lines, which I can't translate into action items for me. IDTokens in the machine's /etc/condor/tokens.d is OK since schedd talks finely with collector.

Marco and Florian and hopefully going to help on that. We'll  let you know
if we need more assistance.

Thanks

Stefano

07/02/25 20:23:13 Will use TCP to update collector vocms4100.cern.ch <[2001:1458:301:47::100:12]:9620?alias=vocms4100.cern.ch>

07/02/25 20:23:14 SECMAN: resuming command 58 UPDATE_AD_GENERIC to collector cmssrv2313.fnal.gov:9620 from TCP port 17539 (non-blocking).

07/02/25 20:23:14 SECMAN: resuming command 58 UPDATE_AD_GENERIC to collector cmssrv2313.fnal.gov:9620 from TCP port 17539 (non-blocking).

07/02/25 20:23:14 SECMAN: new session, doing initial authentication.

07/02/25 20:23:14 SECMAN: Auth methods: FS,TOKEN

07/02/25 20:23:14 AUTHENTICATE: setting timeout for <[2620:6a:0:8421:f0:0:189:184]:9620?alias=cmssrv2313.fnal.gov> to 20.

07/02/25 20:23:14 HANDSHAKE: in handshake(my_methods = 'FS,TOKEN')

07/02/25 20:23:14 HANDSHAKE: handshake() - i am the client

07/02/25 20:23:14 HANDSHAKE: sending (methods == 2052) to server

07/02/25 20:23:14 HANDSHAKE: server replied (method = 4)

07/02/25 20:23:14 AUTHENTICATE_FS: used dir /tmp/FS_XXXxqqtLe, status: 0

07/02/25 20:23:14 AUTHENTICATE: method 4 (FS) failed.

07/02/25 20:23:14 HANDSHAKE: in handshake(my_methods = 'TOKEN')

07/02/25 20:23:14 HANDSHAKE: handshake() - i am the client

07/02/25 20:23:14 HANDSHAKE: sending (methods == 2048) to server

07/02/25 20:23:14 HANDSHAKE: server replied (method = 2048)

07/02/25 20:23:14 IDTOKENS: Examining /etc/condor/tokens.d/global_crab-sched-901.idtoken for valid tokens from issuer "cmsgwms-global.cern.ch".

07/02/25 20:23:14 Authentication was a Success.

07/02/25 20:23:14 AUTHENTICATION: setting default map to condor@password

07/02/25 20:23:14 AUTHENTICATION: post-map: current FQU is 'condor@password'

07/02/25 20:23:14 AUTHENTICATE: Exchanging keys with remote side.

07/02/25 20:23:14 AUTHENTICATE: Result of end of authenticate is 1.

07/02/25 20:23:14 SECMAN: generating AES key for session with collector cmssrv2313.fnal.gov:9620...

07/02/25 20:23:14 SECMAN: successfully enabled encryption!

07/02/25 20:23:14 SECMAN: successfully enabled message authenticator!

07/02/25 20:23:14 SECMAN: FAILED: Received "DENIED" from server for user crabschedd_crab-sched-901@xxxxxxx using method IDTOKENS.

07/02/25 20:23:14 ERROR: SECMAN:2010:Received "DENIED" from server for user crabschedd_crab-sched-901@xxxxxxx using method IDTOKENS.