[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] CONDOR_CREDD daemon failed to authenticate




Hi Ian,

our machines are configured as

CONDOR_HOST = PC222771.corp.ad.emb

CREDD_HOST = PC205923.corp.ad.emb

As mentioned in the Condor Manual (v7.0.4 6.2.3 and 6.2.4) and in the notes of the example file "condor_config.local.credd", all machines see the following settings:

CREDD_HOST = PC205923.corp.ad.emb
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True
SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD


Sould CONDOR_HOST and CREDD_HOST be the same machines?

Klaus




"Ian D. Alderman" <ialderman@xxxxxxxxxxxxxxxxxx>
Sent by: condor-users-bounces@xxxxxxxxxxx

12/11/2008 14:42

Please respond to
Condor-Users Mail List <condor-users@xxxxxxxxxxx>

To
Condor-Users Mail List <condor-users@xxxxxxxxxxx>
cc
Subject
Re: [Condor-users] CONDOR_CREDD daemon failed to authenticate






On Nov 10, 2008, at 7:31 AM, kschwarz@xxxxxxxxxxxxxx wrote:

>
> Hi all,
>
> I am trying to configure a CREDD_HOST to run jobs as owner on  
> Windows executor machines.
>
> The following macros were set in the condor_config.INTEL.WINNT51  
> file accessible to all Windows machines. These macros are  
> recommended in the condor_config.local.credd file.
>
> CREDD_HOST = PC205923.corp.ad.emb
> STARTER_ALLOW_RUNAS_OWNER = True
> CREDD_CACHE_LOCALLY = True
> SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
>
> Condor Central Manager was not changed (yet).

Hi Klaus,

So does this mean that the Central manager is not configured to use  
password authentication?  That may be the problem here.

It might also be useful to see what you get in the CredLog when  
CRED_DEBUG = D_SECURITY.  This will allow you to see more detail about  
why the authentication fails.

Cheers,

-Ian

>
> On the PC205923 machine, we included the condor_config.local.credd  
> file to configure this node as Credd host:. This file is as supplied  
> in the c:\condor\etc.
>
> The following is the CreddLog file:
>
> 11/10 09:33:46 ******************************************************
> 11/10 09:33:46 ** condor_credd.exe (CONDOR_CREDD) STARTING UP
> 11/10 09:33:46 ** C:\Condor\bin\condor_credd.exe
> 11/10 09:33:46 ** $CondorVersion: 7.0.4 Jul 16 2008 BuildID: 95033 $
> 11/10 09:33:46 ** $CondorPlatform: INTEL-WINNT50 $
> 11/10 09:33:46 ** PID = 2496
> 11/10 09:33:46 ** Log last touched time unavailable (No such file or  
> directory)
> 11/10 09:33:46 ******************************************************
> 11/10 09:33:46 Using config source: C:\condor\condor_config
> 11/10 09:33:47 Using local config sources:
> 11/10 09:33:47    \\smbsjk01\grid_env\CONDOR\condor_config.1
> 11/10 09:33:47    \\smbsjk01\grid_env\CONDOR
> \condor_config.INTEL.WINNT51
> 11/10 09:33:47    \\smbsjk01\grid_env\CONDOR\condor_config.common
> 11/10 09:33:47    \\smbsjk01\grid_env\CONDOR
> \PC205923\condor_config.local
> 11/10 09:33:47    \\smbsjk01\grid_env\CONDOR
> \PC205923\condor_config.local.credd
> 11/10 09:33:47 DaemonCore: Command Socket at <10.3.28.196:9620>
> 11/10 09:33:47 main_init() called
> 11/10 09:33:48 ZKM: setting default map to (null)
> 11/10 09:33:48 Calling Handler <<10.3.29.209:9618>>
> 11/10 09:33:48 AUTHENTICATE: no available authentication methods  
> succeeded, failing!
> 11/10 09:33:48 ERROR: SECMAN:2004:Failed to start a session to  
> <10.3.29.209:9618> with TCP|AUTHENTICATE:1003:Failed to authenticate  
> with any method
> 11/10 09:33:48 Failed to start non-blocking update to  
> <10.3.29.209:9618>.
> 11/10 09:33:48 Return from Handler <<10.3.29.209:9618>>
>
> The IP address 10.3.29.209 corresponds to the PC222771 hostname that  
> is our Condor Central Manager running on Linux. User account in  
> Windows and Linux are not the same.
>
> All executor hosts are Windows based machines. Condor_Credd is  
> started on PC205923 (also Windows based).
>
> Could someone give me directions to fix this?
>
> Klaus

--
===================================
Ian D. Alderman
cell: 608.217.9959
main: 888.292.5320

Cycle Computing, LLC
Leader in Condor Grid Solutions
Enterprise Condor Support and Management Tools

_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/



This message is intended solely for the use of its addressee and may contain privileged or confidential information. If you are not the addressee you should not distribute, copy or file this message. In this case, please notify the sender and destroy its contents immediately.
Esta mensagem é para uso exclusivo de seu destinatário e pode conter informações privilegiadas e confidenciais. Se você não é o destinatário não deve distribuir, copiar ou arquivar a mensagem. Neste caso, por favor, notifique o remetente da mesma e destrua imediatamente a mensagem.