FWIW, attached are two sets of configuration files I tried.
The “Anon_Config” set is the one I tried and failed with yesterday when I wrote.
The “Pool_Config” set is me trying to create a windows Pool. But when I try to register the credentials from the CM using “condor_store_cred -c -n 192.168.1.2” I get a security error telling me to check I have ADMINISTRATOR
privileges on the target host. I thought that’s what I did in the config file!
FYI:
- CM/AP/EP is at 192.168.1.2, aliased as “project1” and has its own windows machine name
- AP/EP is at 192.168.1.1, aliased as “project2” and has its own windows machine name
(there will be a total o f8 AP/EP machines “projectN” with Ips 192.168.1.N, but for now, just trying to get this to work on 2 machines )
They all have the same admin account username “adm-project” with the same password.
Non centralized AD server with domain accounts available, each machine manages its own local users.
I just want this to work, regardless of authentication. It is a completely autonomous setup, not connected to any network in any way.
Thanks again for any insight you may have.
Marwan
From: HTCondor-users
<htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of BADAWI Marwan via HTCondor-users
Sent: mardi 6 mai 2025 09:51
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Cc: BADAWI Marwan <marwan.badawi@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] Authentication on Windows without a domain
Sorry about that, I wrote the mail from memory because the machine with the logs does not have internet access.
The exact message is “SetEffectiveOwner security violation: attempting to set owner to dis-allowed value <username@submittingmachine>”
Here’s the scheduler log attached.
Thank you!
Marwan
Could you give us a little more information?
What version of HTCondor are you using.
Could you cut and paste about 20 lines before the failure message?
de-authorized does not appear anywhere in the current code base. Is this a typo?
...Tim
On 5/5/25 08:54, BADAWI Marwan via HTCondor-users wrote:
Hello all,
We are running a trial setup between individual Windows machines that each only have local users and no domain authentication. (If it helps, they have the same username account with the same password).
I cannot seem to find a way to allow condor to correctly authenticate and run jobs. Ikeep getting a security error in the SchedLog: “Seteffectiveowner security violation setting user to de-authorized user <username@submittingmachine>”
I activated HOST_BASED security and used ALLOW_* variables to only allow hosts in the same subnet like this (as taken from the
Host Based Security web page):
ALLOW_READ = 192.168.1.*
ALLOW_WRITE = 192.168.1.*
ALLOW_NEGOTIATOR = 192.168.1.*
ALLOW_NEGOTIATOR_SCHEDD = 192.168.1.*
ALLOW_WRITE_COLLECTOR = 192.168.1.*
ALLOW_WRITE_STARTD = 192.168.1.*
ALLOW_READ_COLLECTOR = 192.168.1.*
ALLOW_READ_STARTD = 192.168.1.*
ALLOW_CLIENT = 192.168.1.*
But it doesn’t seem to suffice.
RUN_AS_USER is deactivated in both the condor and job configurations.
Can anyone help with this issue?
Thank you!
Marwan Badawi
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
Join us in June at Throughput Computing 25: https://urldefense.com/v3/__https://osg-htc.org/htc25__;!!Mak6IKo!IqQhOOH1SH7NjxckWuVAV6Z3lk-tEHcAK5hyN9AnedrS9azWpZw52TL0NiB0t3AQYyoWU-HRYXlc4W8sgG_hZqfI_-CW$
The archives can be found at: https://www-auth.cs.wisc.edu/lists/htcondor-users/
--
Tim Theisen (he, him, his)
Release Manager
Center for High Throughput Computing
Department of Computer Sciences
University of Wisconsin - Madison
4261 Computer Sciences and Statistics
1210 W Dayton St
Madison, WI 53706-1685
+1 608 265 5736
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}