[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] authentication issue after upgrade



Hello,

I had to upgrade HTCondor from 23.8.1 due to cgroupV2 problems(for the gird site RO-07-NIPNE). And now I have version 24.7.1. Unfortunately the authentication between nodes and collector is not running anymore. I have try all 3 auth methods: recommended_v9_0, recommended and host_based, and none works(before I used host_based). I have created also the token but didn't helped. The error on the WN side is:

05/22/25 15:43:29 Daemons::StartAllDaemons all daemons were started
05/22/25 15:43:30 Setting ready state 'Ready' for STARTD
05/22/25 15:43:34 SECMAN: FAILED: Received "DENIED" from server for user condor@password using method PASSWORD. 05/22/25 15:43:34 ERROR: SECMAN:2010:Received "DENIED" from server for user condor@password using method PASSWORD. 05/22/25 15:43:34 Collector update failed; will try to get a token request for trust domain nipne.ro, identity (default). 05/22/25 15:43:34 Failed to start non-blocking update to <192.168.181.11:9618>. 05/22/25 15:43:34 Token requested; please ask collector condor1atlas.nipne.ro admin to approve request ID 8121747. 05/22/25 15:43:39 Token requested not yet approved; please ask collector condor1atlas.nipne.ro admin to approve request ID 8121747. 05/22/25 15:43:44 Token requested not yet approved; please ask collector condor1atlas.nipne.ro admin to approve request ID 8121747. 05/22/25 15:43:49 Token requested not yet approved; please ask collector condor1atlas.nipne.ro admin to approve request ID 8121747. 05/22/25 15:43:54 Token requested not yet approved; please ask collector condor1atlas.nipne.ro admin to approve request ID 8121747. 05/22/25 15:43:59 Token requested not yet approved; please ask collector condor1atlas.nipne.ro admin to approve request ID 8121747. 05/22/25 15:44:05 Token requested not yet approved; please ask collector condor1atlas.nipne.ro admin to approve request ID 8121747. 05/22/25 15:44:10 Token requested not yet approved; please ask collector condor1atlas.nipne.ro admin to approve request ID 8121747.

On the Collector side I have:

05/22/25 15:43:30 DC_AUTHENTICATE: received DC_AUTHENTICATE from <192.168.181.22:35711>
05/22/25 15:43:30 SECMAN: new session, doing initial authentication.
05/22/25 15:43:30 Returning to DC while we wait for socket to authenticate.
05/22/25 15:43:30 AUTHENTICATE: setting timeout for (unknown) to 20.
05/22/25 15:43:30 HANDSHAKE: in handshake(my_methods = 'PASSWORD,FS')
05/22/25 15:43:30 HANDSHAKE: handshake() - i am the server
05/22/25 15:43:30 HANDSHAKE: client sent (methods == 516)
05/22/25 15:43:30 HANDSHAKE: i picked (method == 512)
05/22/25 15:43:30 HANDSHAKE: client received (method == 512)
05/22/25 15:43:30 Will return to DC because authentication is incomplete.
05/22/25 15:43:30 AUTHENTICATE: auth would still block
05/22/25 15:43:30 Will return to DC to continue authentication..
05/22/25 15:43:30 Authentication was a Success.
05/22/25 15:43:30 AUTHENTICATION: setting default map to condor@password
05/22/25 15:43:30 AUTHENTICATION: post-map: current FQU is 'condor@password'
05/22/25 15:43:30 AUTHENTICATE: Exchanging keys with remote side.
05/22/25 15:43:30 AUTHENTICATE: Result of end of authenticate is 1.
05/22/25 15:43:30 DC_AUTHENTICATE: authentication of 192.168.181.22 complete. 05/22/25 15:43:30 DC_AUTHENTICATE: generating AES key for session condor1atlas:56762:1747917810:476... 05/22/25 15:43:30 DC_AUTHENTICATE: encryption enabled for session condor1atlas:56762:1747917810:476 05/22/25 15:43:30 DC_AUTHENTICATE: message authenticator enabled with key id condor1atlas:56762:1747917810:476.
05/22/25 15:43:30 DC_AUTHENTICATE: Success.
05/22/25 15:43:30 PERMISSION DENIED to condor@password from host 192.168.181.22 for command 0 (UPDATE_STARTD_AD), access level ADVERTISE_STARTD: reason: cached result for ADVERTISE_STARTD; see first case for the full reason
05/22/25 15:43:30 DC_AUTHENTICATE: Command not authorized, done!
05/22/25 15:43:30 DC_AUTHENTICATE: received DC_AUTHENTICATE from <192.168.181.22:39497>
05/22/25 15:43:30 SECMAN: new session, doing initial authentication.
05/22/25 15:43:30 Returning to DC while we wait for socket to authenticate.
05/22/25 15:43:30 AUTHENTICATE: setting timeout for (unknown) to 20.
05/22/25 15:43:30 HANDSHAKE: in handshake(my_methods = 'PASSWORD,FS')
05/22/25 15:43:30 HANDSHAKE: handshake() - i am the server
05/22/25 15:43:30 HANDSHAKE: client sent (methods == 516)
05/22/25 15:43:30 HANDSHAKE: i picked (method == 512)
05/22/25 15:43:30 HANDSHAKE: client received (method == 512)
05/22/25 15:43:30 Will return to DC because authentication is incomplete.
05/22/25 15:43:30 AUTHENTICATE: auth would still block
05/22/25 15:43:30 Will return to DC to continue authentication..
05/22/25 15:43:30 Authentication was a Success.
05/22/25 15:43:30 AUTHENTICATION: setting default map to condor@password
05/22/25 15:43:30 AUTHENTICATION: post-map: current FQU is 'condor@password'
05/22/25 15:43:30 AUTHENTICATE: Exchanging keys with remote side.
05/22/25 15:43:30 AUTHENTICATE: Result of end of authenticate is 1.
05/22/25 15:43:30 DC_AUTHENTICATE: authentication of 192.168.181.22 complete. 05/22/25 15:43:30 DC_AUTHENTICATE: generating AES key for session condor1atlas:56762:1747917810:477... 05/22/25 15:43:30 DC_AUTHENTICATE: encryption enabled for session condor1atlas:56762:1747917810:477 05/22/25 15:43:30 DC_AUTHENTICATE: message authenticator enabled with key id condor1atlas:56762:1747917810:477.
05/22/25 15:43:30 DC_AUTHENTICATE: Success.
05/22/25 15:43:30 SESSION: server duplicated AES to BLOWFISH key for UDP. 05/22/25 15:43:30 DC_AUTHENTICATE: added incoming session id condor1atlas:56762:1747917810:477 to cache for 86420 seconds (lease is 3620s, return address is <192.168.181.22:9618?addrs=192.168.181.22-9618&alias=wn12.nipne.ro&noUDP&sock=startd_3213954_b27e>).

I don't know how to fix this. Maybe you have some ideas.

Best,
Mihai