[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] condor-reuse-vm2 Job Owner in Windows

> Can I ask: are these standalone XP installs? Where you have a local
> account on the machine? Or are these XP installs that belong to a
> domain? Where you have a domain controller that stores usernames and
> passwords and the machines use this machine to do authentication when
> someone logs in.

Hi Ian,

For this prototype, I want to install all of this on a standalone machine
just to test if everything works. As far as I understand it, there is
no domain controller for this prototype.

The only user currently accessing my XP machine and my application 
(and thus condor) is me (in this case local user 'diane' with 
administrator access), but in fact any local user 
with admin access to my machine (eg, 'myAppUser') 
could access my application and its sub processes (assuming
condor-store_cred was run and my application's authorization access was
set for him).

The only options for setting up user accounts on my XP is 
'Limited' and 'Administrative'.  The prior is too restrictive for
my web app and its sub processes.
In other words, the sub process that I mentioned previously that requires
to be run as 'diane', will actually run as any admin user.  It just 
doesn't like to be run as 'condor-reuse-vmX' (presumably due to limited
access privileges).  

That's why I need to run as 'diane' (or any other admin user I set up).
Or is there a way to add more privilege to condor_reuse-vmX? 

In terms of final installation, I'm not sure what the final 
configuration will be (domain or otherwise),
But I was hoping to deal with that later.  It's very likely the
eventual configuration will be to access a private cluster (where
no will actually be logging on there, so a specific user
(eg, myAppUser) could be set up on each node in the cluster,
with password stored for him on each, strictly for condor access.
Or it may be run in a domain, where the condor jobs will be farmed
out to a series of standalone windows machines on some local network.
But I was hoping to deal with that later, in the next few months.  
For now, I just need to demonstrate
that my app (and condor) will work on a standalone machine.

I hope that answers your questions about 'domain', etc.  
>From what you say, it seems to me that I probably
don't need the condor_credd server approach for this local install
(and even possibly for the final install).
But what does that mean in terms of my current configuration?
I had added the CREDD_HOST and CREDD_CACHE_LOCALLY macros
to get the run_as_owner to work.  I tried removing those lines 
and rebooting to get run_as_owner to work, and the job still hangs.
And none of the logs indicate any errors.

So any ideas on how to proceed?

-----Original Message-----
From: condor-users-bounces@xxxxxxxxxxx
[mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Ian Chesal
Sent: Thursday, October 25, 2007 5:26 AM
To: Condor-Users Mail List
Subject: Re: [Condor-users] condor-reuse-vm2 Job Owner in Windows

Is diane a local account on the machine or a domain account? If it's a
local account I *think* you need to go to every node in your pool and
store your password there for the diane account using condor_store_cred.
If it's not a local account the condor_credd server approach should
> I also ran:
> 	 condor_store_cred add -c -p condor_pool
> which seemed to work (told me it was successful)
> and
> 	condor_store_cred add 
> to add credentials for 'diane@winxp-dev-01'
> which also worked.

Yea, that line above is making me think you're using local accounts, not
domain accounts. I'm not sure how credd caching fits together with local
> You mention checking the StartdLog. Where is that?  I have a StartLog
> But that and the ShadowLog have no new entries associated with the job
> submission.

It'll be on the XP node in the log directory. That might reveal more.
And the ShadowLog is on the schedd machine in the log directory.
- Ian

Confidentiality Notice.  This message may contain information that is
confidential or otherwise protected from disclosure.
If you are not the intended recipient, you are hereby notified that any use,
disclosure, dissemination, distribution, 
or copying of this message, or any attachments, is strictly prohibited.  If
you have received this message in error, 
please advise the sender by reply e-mail, and delete the message and any
attachments.  Thank you.

Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting

The archives can be found at: