[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] condor_store_cred problem

Hi Greg,
I believe the answer is yes to both questions.  We are on Windows domain environment - the user for which we are trying to add credentials can log in to the domain on both his PC and on the machine running the Credd.  In fact, I've also tried adding my own credentials on the problem PC, and it fails with the same error even though I've successfully added my credentials to the rest of the PCs in the pool.  I believe it is related to the actual machine rather than the user.  In this pool, all PCs use identical config files (independently copied to the local_dir).  I have NOT yet tried uninstall/reinstall on this machine.

Greg Quinn wrote:
Richard Grieve wrote:
I have a handful of PCs (all WinXP) in my pool, running 6.8.2.  I having 
problems with condor_store_cred on just one PC.  All the others run 
condor_store_cred just fine.  All PCs (including the problem PC) have 
the pool password set and are able to run jobs.  Here is the output from 
condor_store_cred add:

[user@computer]$ condor_store_cred add
Account: user@domain <mailto:dpeppy@AD3>
Enter password:
Operation failed.
    Make sure your HOSTALLOW_WRITE setting includes this host.


3/8 16:15:10 AUTHENTICATE: will try to use 16 (NTSSPI)
3/8 16:15:10 sspi_server_auth() entered
3/8 16:15:10 sspi_server_auth() looping
3/8 16:15:10 sspi_server_auth(): Oops! ASC() returned -2146893044!
3/8 16:15:10 sspi_server_auth(): Failed to impersonate (returns 
3/8 16:15:10 sspi_server_auth() exiting
3/8 16:15:10 AUTHENTICATE: method 16 (NTSSPI) failed.

Any help is appreciated.

It appears as though NTSSPI authentication is failing. Are you running a 
Windows domain environment, with common accounts on all the involved 
machines? If not, does the account for which you are trying to store a 
password have the same username/password on both the "problem PC" and 
the machine running the CredD?

If the answer is no to both these questions, NTSSPI authentication will 
not work between two distinct machines.

Greg Quinn
Condor Team
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting

The archives can be found at either