Hi,
Sorry for interruptting,
Here is a new condor user who need help for Credd infor!
I searched on internet
and do what I could do, but I still can't find the reason!
could anyone give me some suggestions so much? thank you a lot !!
I followed the
condor manual step by step for run_as owner security settings. also finally
I used the command "condor_store_cred -c add" to add the password
into the pool in each machine succefully (I have 3machines: controller.
executor and submitter).
But when I execute
command: condor_store_cred add,
I will get output:
make sure your HOSTALLOW_WRITE
setting includes this host.
Also I still
can not run the jobs which with RunAsOwner = True.
Another thing that
I found is the errors in the CreddLog file as follows.
the creddlog:
7/21 15:25:37 DC_AUTHENTICATE: authenticate
failed: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed
to authenticate using NTSSPI
7/21 15:25:37 Return from Handler <DaemonCore::HandleReqSocketHandler>
7/21 15:25:39 Calling Handler <DaemonCore::HandleReqSocketHandler>
7/21 15:25:40 sspi_server_auth(): Oops!
ASC() returned -2146893044!
7/21 15:25:40 sspi_server_auth(): Failed
to impersonate (returns -2146893055)!
7/21 15:25:40 AUTHENTICATE: handshake
failed!
7/21 15:25:40 DC_AUTHENTICATE: authenticate
failed: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed
to authenticate using NTSSPI
7/21 15:25:40 Return from Handler <DaemonCore::HandleReqSocketHandler>
7/22 14:20:01 Calling Handler <DaemonCore::HandleReqSocketHandler>
7/22 14:20:01 getStoredCredential():
Could not locate credential for user 'condor_pool@Executor'
7/22 14:20:21 AUTHENTICATE: no available
authentication methods succeeded, failing!
7/22 14:20:21 DC_AUTHENTICATE: authenticate
failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed
to authenticate using PASSWORD
7/22 14:20:21 Return from Handler <DaemonCore::HandleReqSocketHandler>
Here are some epecial settings for controller:
HOSTALLOW_READ = *
HOSTALLOW_WRITE = *
HOSTALLOW_CONFIG = $(CONDOR_HOST),$(HOSTALLOW_ADMINISTRATOR)
CREDD_HOST = $(CONDOR_HOST):$(CREDD_PORT)
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True
SEC_CLIENT_AUTHENTICATION_METHODS =
NTSSPI, PASSWORD
ALLOW_CONFIG = * (I also
try IP: 192.168.*, but still does not work)
SEC_CONFIG_NEGOTIATION = REQUIRED
SEC_CONFIG_AUTHENTICATION = REQUIRED
SEC_CONFIG_ENCRYPTION = REQUIRED
SEC_CONFIG_INTEGRITY = REQUIRED
CREDD_LOG = $(LOG)/CreddLog
CREDD_DEBUG = D_COMMAND
MAX_CREDD_LOG = 50000000
Here are some settings for executor/submitter:
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True
ALLOW_CONFIG = *
SEC_CLIENT_AUTHENTICATION_METHODS =
NTSSPI, PASSWORD
SEC_CONFIG_NEGOITATION = REQUIRED
SEC_CONFIG_AUTHENTICATION = REQUIRED
SEC_CONFIG_ENCRYPTION = REQUIRED
SEC_CONFIG_INTEGRITY = REQUIRED
the log files resule are as follows:
I check the matchlog:
7/21 15:24:18 Rejected
12.0 Berti@* <192.168.***:1030>: no match found
7/21 15:24:18 Matched
60.0 Berti@* <192.168.***:1030> preempting none <192.168.****>
Executor (this one matches due to RunAsOwner = False)
7/21 15:25:38 Rejected
12.0 Berti@* <192.168.***:1030>: no match found
7/21 15:25:58 Rejected
12.0 Berti@* <192.168.***:1030>: no match found
the startlog:
7/21 15:24:52 State change: No preempting
claim, returning to owner
7/21 15:24:52 Changing state and activity:
Preempting/Vacating -> Owner/Idle
7/21 15:24:52 State change: IS_OWNER
is false
7/21 15:24:52 Changing state: Owner
-> Unclaimed
7/21 15:30:05 condor_read(): timeout
reading 5 bytes from <192.168.226.128:9620>.
7/21 15:30:05 IO: Failed to read packet
header
7/21 15:30:05 AUTHENTICATE: handshake
failed!
7/21 15:30:05 ERROR: AUTHENTICATE:1002:Failure
performing handshake|AUTHENTICATE:1004:Failed to authenticate using PASSWORD
7/21 15:35:25 condor_read(): timeout
reading 5 bytes from <192.168.226.128:9620>.
7/21 15:35:25 IO: Failed to read packet
header
7/21 15:35:25 AUTHENTICATE: handshake
failed!
7/21 15:35:25 ERROR: AUTHENTICATE:1002:Failure
performing handshake|AUTHENTICATE:1004:Failed
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}