Re: [Condor-users] Authentication failures only affecting some users

[Dan Bongert <dbongert@xxxxxxxxxxxx>]

I actually restarted the manager's daemons, and that seems to have
fixed it. Still no answer, but things are working again.

Thanks for the debugging tips though -- handy to have in case it
happens again.

On Fri, 28 Sep 2007 08:56:31 -0500
Dan Bradley <dan@xxxxxxxxxxxx> wrote:

> 
> I would recommend turning on more debugging:
> 
> SCHEDD_DEBUG = $(SCHEDD_DEBUG) D_FULLDEBUG D_SECURITY
> TOOL_DEBUG = $(TOOL_DEBUG) D_FULLDEBUG D_SECURITY
> 
> Ignore whatever errors are happening with respect to all
> authentication methods except for FS.  The others are all expected to
> fail in your environment.  You can reduce the noise from all these
> other methods by simply specifying that only FS authentication should
> be used:
> 
> SEC_DEFAULT_AUTHENTICATION_METHODS = FS
> 
> My guess is that your schedd is failing to change privileges to the 
> problematic uid.  Hopefully the debug logs will indicate why.
> 
> --Dan
> 
> Dan Bongert wrote:
> 
> >Hello,
> >
> >We've been running Condor smoothly for several years, and suddenly
> >I'm getting reports of strange errors when submitting jobs. I don't
> >get the errors with my account, nor do some of the support staff
> >here, but my test account can replicate the problem.
> >
> >This is on RHEL/CentOS 4 machines, no Kerberos or Globus involved.
> >We're running Condor 6.8.0, which I realize is a bit out of date. We
> >recently (within the last several month) changed from NIS to LDAP for
> >system authentication, but that seems to be working from the OS level
> >on both the manager/submitter and the pool machines.
> >
> >Here's what happens:
> >
> >  
> >
> >>condor_submit bench.cmd
> >>    
> >>
> >Submitting job(s)
> >ERROR: Failed to connect to local queue manager
> >AUTHENTICATE:1003:Failed to authenticate with any method
> >AUTHENTICATE:1004:Failed to authenticate using GSI
> >GSI:5003:Failed to authenticate.  Globus is reporting error
> >(851968:45).  There is probably a problem with your credentials.
> >(Did you run grid-proxy-init?) 
> >AUTHENTICATE:1004:Failed to authenticate using KERBEROS 
> >AUTHENTICATE:1004:Failed to authenticate using FS
> >
> >A search through the archives indicated that changing the
> >SEC_DEFAULT_AUTHENTICATION_METHODS setting might help, but that just
> >changes the error given if I change it to CLAIMTOBE (which from what
> >I read should pretty much disable authentication checks altogether):
> >
> >  
> >
> >>condor_submit bench.cmd
> >>    
> >>
> >Submitting job(s)
> >ERROR: Failed to connect to local queue manager
> >AUTHENTICATE:1003:Failed to authenticate with any method
> >
> >Any help is greatly appreciated, thanks.
> >
> >  
> >
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >Condor-users mailing list
> >To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx
> >with a subject: Unsubscribe
> >You can also unsubscribe by visiting
> >https://lists.cs.wisc.edu/mailman/listinfo/condor-users
> >
> >The archives can be found at: 
> >https://lists.cs.wisc.edu/archive/condor-users/
> >  
> >
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx
> with a subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
> 
> The archives can be found at: 
> https://lists.cs.wisc.edu/archive/condor-users/



-- 
Dan Bongert                     dbongert@xxxxxxxxxxxx
SSCC Unix System Administrator  (608) 262-9857

Attachment: smime.p7s
Description: S/MIME cryptographic signature