Mailing List Archives
Authenticated access
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[HTCondor-users] authentication issue after upgrade
- Date: Thu, 22 May 2025 16:06:15 +0300
- From: Mihai Ciubancan <ciubancan@xxxxxxxx>
- Subject: [HTCondor-users] authentication issue after upgrade
Hello,
I had to upgrade HTCondor from 23.8.1 due to cgroupV2 problems(for the
gird site RO-07-NIPNE). And now I have version 24.7.1.
Unfortunately the authentication between nodes and collector is not
running anymore. I have try all 3 auth methods: recommended_v9_0,
recommended and host_based, and none works(before I used host_based). I
have created also the token but didn't helped. The error on the WN side
is:
05/22/25 15:43:29 Daemons::StartAllDaemons all daemons were started
05/22/25 15:43:30 Setting ready state 'Ready' for STARTD
05/22/25 15:43:34 SECMAN: FAILED: Received "DENIED" from server for user
condor@password using method PASSWORD.
05/22/25 15:43:34 ERROR: SECMAN:2010:Received "DENIED" from server for
user condor@password using method PASSWORD.
05/22/25 15:43:34 Collector update failed; will try to get a token
request for trust domain nipne.ro, identity (default).
05/22/25 15:43:34 Failed to start non-blocking update to
<192.168.181.11:9618>.
05/22/25 15:43:34 Token requested; please ask collector
condor1atlas.nipne.ro admin to approve request ID 8121747.
05/22/25 15:43:39 Token requested not yet approved; please ask collector
condor1atlas.nipne.ro admin to approve request ID 8121747.
05/22/25 15:43:44 Token requested not yet approved; please ask collector
condor1atlas.nipne.ro admin to approve request ID 8121747.
05/22/25 15:43:49 Token requested not yet approved; please ask collector
condor1atlas.nipne.ro admin to approve request ID 8121747.
05/22/25 15:43:54 Token requested not yet approved; please ask collector
condor1atlas.nipne.ro admin to approve request ID 8121747.
05/22/25 15:43:59 Token requested not yet approved; please ask collector
condor1atlas.nipne.ro admin to approve request ID 8121747.
05/22/25 15:44:05 Token requested not yet approved; please ask collector
condor1atlas.nipne.ro admin to approve request ID 8121747.
05/22/25 15:44:10 Token requested not yet approved; please ask collector
condor1atlas.nipne.ro admin to approve request ID 8121747.
On the Collector side I have:
05/22/25 15:43:30 DC_AUTHENTICATE: received DC_AUTHENTICATE from
<192.168.181.22:35711>
05/22/25 15:43:30 SECMAN: new session, doing initial authentication.
05/22/25 15:43:30 Returning to DC while we wait for socket to
authenticate.
05/22/25 15:43:30 AUTHENTICATE: setting timeout for (unknown) to 20.
05/22/25 15:43:30 HANDSHAKE: in handshake(my_methods = 'PASSWORD,FS')
05/22/25 15:43:30 HANDSHAKE: handshake() - i am the server
05/22/25 15:43:30 HANDSHAKE: client sent (methods == 516)
05/22/25 15:43:30 HANDSHAKE: i picked (method == 512)
05/22/25 15:43:30 HANDSHAKE: client received (method == 512)
05/22/25 15:43:30 Will return to DC because authentication is
incomplete.
05/22/25 15:43:30 AUTHENTICATE: auth would still block
05/22/25 15:43:30 Will return to DC to continue authentication..
05/22/25 15:43:30 Authentication was a Success.
05/22/25 15:43:30 AUTHENTICATION: setting default map to condor@password
05/22/25 15:43:30 AUTHENTICATION: post-map: current FQU is
'condor@password'
05/22/25 15:43:30 AUTHENTICATE: Exchanging keys with remote side.
05/22/25 15:43:30 AUTHENTICATE: Result of end of authenticate is 1.
05/22/25 15:43:30 DC_AUTHENTICATE: authentication of 192.168.181.22
complete.
05/22/25 15:43:30 DC_AUTHENTICATE: generating AES key for session
condor1atlas:56762:1747917810:476...
05/22/25 15:43:30 DC_AUTHENTICATE: encryption enabled for session
condor1atlas:56762:1747917810:476
05/22/25 15:43:30 DC_AUTHENTICATE: message authenticator enabled with
key id condor1atlas:56762:1747917810:476.
05/22/25 15:43:30 DC_AUTHENTICATE: Success.
05/22/25 15:43:30 PERMISSION DENIED to condor@password from host
192.168.181.22 for command 0 (UPDATE_STARTD_AD), access level
ADVERTISE_STARTD: reason: cached result for ADVERTISE_STARTD; see first
case for the full reason
05/22/25 15:43:30 DC_AUTHENTICATE: Command not authorized, done!
05/22/25 15:43:30 DC_AUTHENTICATE: received DC_AUTHENTICATE from
<192.168.181.22:39497>
05/22/25 15:43:30 SECMAN: new session, doing initial authentication.
05/22/25 15:43:30 Returning to DC while we wait for socket to
authenticate.
05/22/25 15:43:30 AUTHENTICATE: setting timeout for (unknown) to 20.
05/22/25 15:43:30 HANDSHAKE: in handshake(my_methods = 'PASSWORD,FS')
05/22/25 15:43:30 HANDSHAKE: handshake() - i am the server
05/22/25 15:43:30 HANDSHAKE: client sent (methods == 516)
05/22/25 15:43:30 HANDSHAKE: i picked (method == 512)
05/22/25 15:43:30 HANDSHAKE: client received (method == 512)
05/22/25 15:43:30 Will return to DC because authentication is
incomplete.
05/22/25 15:43:30 AUTHENTICATE: auth would still block
05/22/25 15:43:30 Will return to DC to continue authentication..
05/22/25 15:43:30 Authentication was a Success.
05/22/25 15:43:30 AUTHENTICATION: setting default map to condor@password
05/22/25 15:43:30 AUTHENTICATION: post-map: current FQU is
'condor@password'
05/22/25 15:43:30 AUTHENTICATE: Exchanging keys with remote side.
05/22/25 15:43:30 AUTHENTICATE: Result of end of authenticate is 1.
05/22/25 15:43:30 DC_AUTHENTICATE: authentication of 192.168.181.22
complete.
05/22/25 15:43:30 DC_AUTHENTICATE: generating AES key for session
condor1atlas:56762:1747917810:477...
05/22/25 15:43:30 DC_AUTHENTICATE: encryption enabled for session
condor1atlas:56762:1747917810:477
05/22/25 15:43:30 DC_AUTHENTICATE: message authenticator enabled with
key id condor1atlas:56762:1747917810:477.
05/22/25 15:43:30 DC_AUTHENTICATE: Success.
05/22/25 15:43:30 SESSION: server duplicated AES to BLOWFISH key for
UDP.
05/22/25 15:43:30 DC_AUTHENTICATE: added incoming session id
condor1atlas:56762:1747917810:477 to cache for 86420 seconds (lease is
3620s, return address is
<192.168.181.22:9618?addrs=192.168.181.22-9618&alias=wn12.nipne.ro&noUDP&sock=startd_3213954_b27e>).
I don't know how to fix this. Maybe you have some ideas.
Best,
Mihai