Hi,
I followed
the condor manual step by step for run_as owner security settings. also
finally I used the command "condor_store_cred -c add" to add
the password into the pool in each machine succefully (I have 3machines:
controller. executor and submitter).
interesting thing
is that is I use command: condor_store_cred add, I will get output: make
sure your hostallow_write setting includes this host.
But I still
can not run the jobs which with RunAsOwner = True. I am so
appreciated for any suggestions ! thank you!
Here are the details:
If I use command
from the manual in the Certral Manager: condor_status -f "%f\t"
Name -f "%s\n" ifThenElse(isUndefined(LocalCredd),\"UNDEF"\,LocalCredd)
the output is : Executor (it is
my host name of executor)
if I use the command in
the Executor: condor_status -f "%f\t" Name -f "%s\n"
ifThenElse(isUndefined(LocalCredd),\"UNDEF"\,LocalCredd)
the output is : condor_status:unknown
host "UNDEF\", LocalCredd
if I use the command in
the Submitter: condor_status -f "%f\t" Name -f "%s\n"
ifThenElse(isUndefined(LocalCredd),\"UNDEF"\,LocalCredd)
the output is : nothing happens ,just
blank
Here are some settings for executor/submitter:
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True
ALLOW_CONFIG = *
SEC_CLIENT_AUTHENTICATION_METHODS =
NTSSPI, PASSWORD
SEC_CONFIG_NEGOITATION = REQUIRED
SEC_CONFIG_AUTHENTICATION = REQUIRED
SEC_CONFIG_ENCRYPTION = REQUIRED
SEC_CONFIG_INTEGRITY = REQUIRED
the log files resule are as follows:
I check the matchlog:
7/21 15:24:18 Rejected
12.0 Berti@* <192.168.***:1030>: no match found
7/21 15:24:18 Matched
60.0 Berti@* <192.168.***:1030> preempting none <192.168.****>
Executor (this one matches due to RunAsOwner = False)
7/21 15:25:38 Rejected
12.0 Berti@* <192.168.***:1030>: no match found
7/21 15:25:58 Rejected
12.0 Berti@* <192.168.***:1030>: no match found
the startlog:
7/21 15:24:52 State change: No preempting
claim, returning to owner
7/21 15:24:52 Changing state and activity:
Preempting/Vacating -> Owner/Idle
7/21 15:24:52 State change: IS_OWNER
is false
7/21 15:24:52 Changing state: Owner
-> Unclaimed
7/21 15:30:05 condor_read(): timeout
reading 5 bytes from <192.168.226.128:9620>.
7/21 15:30:05 IO: Failed to read packet
header
7/21 15:30:05 AUTHENTICATE: handshake
failed!
7/21 15:30:05 ERROR: AUTHENTICATE:1002:Failure
performing handshake|AUTHENTICATE:1004:Failed to authenticate using PASSWORD
7/21 15:35:25 condor_read(): timeout
reading 5 bytes from <192.168.226.128:9620>.
7/21 15:35:25 IO: Failed to read packet
header
7/21 15:35:25 AUTHENTICATE: handshake
failed!
7/21 15:35:25 ERROR: AUTHENTICATE:1002:Failure
performing handshake|AUTHENTICATE:1004:Failed
the creddlog:
7/21 15:25:37 DC_AUTHENTICATE: authenticate
failed: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed
to authenticate using NTSSPI
7/21 15:25:37 Return from Handler <DaemonCore::HandleReqSocketHandler>
7/21 15:25:39 Calling Handler <DaemonCore::HandleReqSocketHandler>
7/21 15:25:40 sspi_server_auth(): Oops!
ASC() returned -2146893044!
7/21 15:25:40 sspi_server_auth(): Failed
to impersonate (returns -2146893055)!
7/21 15:25:40 AUTHENTICATE: handshake
failed!
7/21 15:25:40 DC_AUTHENTICATE: authenticate
failed: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed
to authenticate using NTSSPI
7/21 15:25:40 Return from Handler <DaemonCore::HandleReqSocketHandler>
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}