Total Owner Claimed Unclaimed Matched
Preempting Backfill
INTEL/WINNT51
2 0 0
2 0 0
0
Total 2 0
0 2 0
0 0
so I think following:
1.)
password should be stored (hopefully??)
2.)
Credd daemon is running, i checked this on the CREDD_HOST
3.)
I have realy to restart the startd but i don't know how.
Can you please tell me how I have to
restart condor_startd.
I tried to reboot the machine, but this
doesen't work. New submitted jobs will not executed.
This command will list any machines
that do not have the localcredd attribute. Ideally there will be
no entries in this list. There are three things that need to be true
in order for localcredd to show up on for a machine:
1) The pool
password should be stored (looks like you did this already)
2) The condor_credd
daemon should be running on CREDD_HOST (obviously)
3) condor_startd
needs to be (re)started when 1) and 2) are both true (read: you
need to restart the startd after you store the pool password).
If the credd isn’t up when
you start your startd, it won’t pick up the localcredd attribute.
Coop
P.S. My experiences are
based off of Condor 6.8.5 and 7.0.0.
From: condor-users-bounces@xxxxxxxxxxx
[mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Robert Hecker
Sent: Friday, December 12, 2008 3:22 AM
To: condor-users@xxxxxxxxxxx; condor-admin@xxxxxxxxxxx
Subject: [Condor-users] Windows Condor problems with credd and executing
jobs as submitting user
Hello everybody,
I want to use condor to get the Power of the HighThroughputComputing.
But it seems very hard to get Condor running.
Actually all Condor machines are installed, I can submit jobs, but the
jobs will never be
executed. I think it depends on an wrong configuration because i want to
use network access
and try to run the jobs under the submitted user.
I want to use condor in a windows domain, and I started to set up following
machines:
-1 condor controller machine
-1 condor submitter machine
-1 condor execution machine
I use condor version 7.0.5.
I want to use run the jobs under an "real" user account, to get
access to special network files on an
File Server.
I Used here the password "xyz" which is no domain password.
after that i was on the submit machine and typed
"condor_store_cred add" where condor ask after an Passsword for
User@test
I typed in my password, and that was all. (This password was my domian
password)
After that i submitted my job.sub File which was tested on an default Condor
installation
(without execute as submit user)(this worked...)
And the condor_config.local.credd of the Controller looks like this:
================================================
######################################################################
##
## condor_config.credd
##
## This is the default local configuration file for the machine
## running the condor_credd. You should copy this file to the
## appropriate location and customize it for your needs.
##
######################################################################
## Note: The following settings will need to be present in your
## global config file:
##
## CREDD_HOST = my-credd.cs.wisc.edu
## STARTER_ALLOW_RUNAS_OWNER = True
## CREDD_CACHE_LOCALLY = True
##
## You'll also need to ensure that clients are configured to use
## PASSWORD authentication on any machine that can run jobs as the
## submitting user. For example,
##
## SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
## CREDD_SETTINGS
## CREDD logging settings
## Customize these if you wish.
CREDD_LOG = $(LOG)/CreddLog
CREDD_DEBUG = D_COMMAND
MAX_CREDD_LOG = 50000000
#################################################
## CREDD Expert settings
## Everyting below is for the UBER-KNOWLEDGEABLE only!
## Do not change these unless you know what you do!
#################################################
# Timeout session quickly since we normally only get contacted
# once per starter
SEC_CREDD_SESSION_TIMEOUT = 10
# Set security settings so that full security to the credd is required
CREDD.SEC_DEFAULT_AUTHENTICATION =REQUIRED
CREDD.SEC_DEFAULT_ENCRYPTION = REQUIRED
CREDD.SEC_DEFAULT_INTEGRITY = REQUIRED
CREDD.SEC_DEFAULT_NEGOTIATION = REQUIRED
# Require PASSWORD auth for password fetching
CREDD.SEC_DAEMON_AUTHENTICATION_METHODS = PASSWORD
# Only honor password fetch requests to the trusted "condor_pool"
user
CREDD.ALLOW_DAEMON = condor_pool@$(UID_DOMAIN)
# Require NTSSPI for storing credentials
CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS = NTSSPI
The Submit machine has following condor_config:
====================================
LOCAL_CONFIG_FILE = $(LOCAL_DIR)/condor_config.local \
$(LOCAL_DIR)/condor_config.local.submit.execute
The file condor_config.local.submit.execute File from the Submit machine
looks like:
=============================================================
######################################################################
##
## condor_config.local.submit.execute
##
## This is the default local configuration file for the submit machine
## and execute machine.
##
######################################################################
## Note: The following settings will need to be present in your
## global config file:
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True
##
## You'll also need to ensure that clients are configured to use
## PASSWORD authentication on any machine that can run jobs as the
## submitting user. For example,
##
SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
And the condor_config File from the Execution machine looks like:
=================================================
And the condor_config.local.submit.execute File from the
Execution machine is the same file like this one from the Submitmachine.
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with
a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}