Mailing List Archives

Public Access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] CREDD problems

Hi,

There are a couple of main points you need to check. First, what does condor_status show, does this list any all of the machines in the pool? Next, you may need to add exceptions to the firewall to allow specific executables to execute.

You also need to stop and start the services, i.e. net stop condor & net start condor (the stop can be done through the task manager if it hangs).

 

 The most important setting is CONDOR_HOST = which can either be the collector name or its ip address. This machine needs at minimum the port 9004 open in the firewall.

 I just use condor_store_cred add ; and I am guessing the firewall is disallowing a change in the registry.

 

Kevan

 

From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Tao.3.Chen@xxxxxxxxxxxxxxxxxxxxxxxxxxx
Sent: 22 July 2009 13:57
To: condor-users@xxxxxxxxxxx
Subject: [Condor-users] CREDD problems

 


Hi,
      Sorry for interruptting, Here is a new condor user who need help for Credd infor!
      I searched on internet and do what I could do, but  I still can't find the reason!   could anyone give me some suggestions so much? thank you  a lot !!
      I followed the condor manual step by step for run_as owner security settings. also finally I used the command "condor_store_cred -c add" to add the password into the pool in each machine succefully (I have 3machines: controller. executor and submitter).
     But when I execute command: condor_store_cred add,
     I will get output:
     make sure your HOSTALLOW_WRITE setting includes this host.
     Also  I still can not run the jobs which with  RunAsOwner = True.
     Another thing that I found is the errors in the CreddLog file as follows.

the creddlog:    
7/21 15:25:37 DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed to authenticate using NTSSPI
7/21 15:25:37 Return from Handler <DaemonCore::HandleReqSocketHandler>
7/21 15:25:39 Calling Handler <DaemonCore::HandleReqSocketHandler>
7/21 15:25:40 sspi_server_auth(): Oops! ASC() returned -2146893044!
7/21 15:25:40 sspi_server_auth(): Failed to impersonate (returns -2146893055)!
7/21 15:25:40 AUTHENTICATE: handshake failed!
7/21 15:25:40 DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed to authenticate using NTSSPI
7/21 15:25:40 Return from Handler <DaemonCore::HandleReqSocketHandler>

7/22 14:20:01 Calling Handler <DaemonCore::HandleReqSocketHandler>
7/22 14:20:01 getStoredCredential(): Could not locate credential for user 'condor_pool@Executor'
7/22 14:20:21 AUTHENTICATE: no available authentication methods succeeded, failing!
7/22 14:20:21 DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using PASSWORD
7/22 14:20:21 Return from Handler <DaemonCore::HandleReqSocketHandler>

Here are some epecial settings for controller:
HOSTALLOW_READ = *
HOSTALLOW_WRITE = *
HOSTALLOW_CONFIG = $(CONDOR_HOST),$(HOSTALLOW_ADMINISTRATOR)
CREDD_HOST  = $(CONDOR_HOST):$(CREDD_PORT)
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True
SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
ALLOW_CONFIG = *     (I also try IP: 192.168.*, but still does not work)
SEC_CONFIG_NEGOTIATION = REQUIRED
SEC_CONFIG_AUTHENTICATION = REQUIRED
SEC_CONFIG_ENCRYPTION = REQUIRED
SEC_CONFIG_INTEGRITY = REQUIRED
CREDD_LOG = $(LOG)/CreddLog
CREDD_DEBUG = D_COMMAND
MAX_CREDD_LOG = 50000000
 
Here are some settings for executor/submitter:  
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True
ALLOW_CONFIG = *
SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
SEC_CONFIG_NEGOITATION = REQUIRED
SEC_CONFIG_AUTHENTICATION = REQUIRED
SEC_CONFIG_ENCRYPTION = REQUIRED
SEC_CONFIG_INTEGRITY = REQUIRED

 
the log files resule are as follows:
 I check the  matchlog:
7/21 15:24:18       Rejected 12.0 Berti@* <192.168.***:1030>: no match found
7/21 15:24:18       Matched 60.0 Berti@* <192.168.***:1030> preempting none <192.168.****> Executor   (this one matches due to  RunAsOwner = False)
7/21 15:25:38       Rejected 12.0 Berti@* <192.168.***:1030>: no match found
7/21 15:25:58       Rejected 12.0 Berti@* <192.168.***:1030>: no match found
 
 the startlog:
7/21 15:24:52 State change: No preempting claim, returning to owner
7/21 15:24:52 Changing state and activity: Preempting/Vacating -> Owner/Idle
7/21 15:24:52 State change: IS_OWNER is false
7/21 15:24:52 Changing state: Owner -> Unclaimed
7/21 15:30:05 condor_read(): timeout reading 5 bytes from <192.168.226.128:9620>.
7/21 15:30:05 IO: Failed to read packet header
7/21 15:30:05 AUTHENTICATE: handshake failed!
7/21 15:30:05 ERROR: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed to authenticate using PASSWORD
7/21 15:35:25 condor_read(): timeout reading 5 bytes from <192.168.226.128:9620>.
7/21 15:35:25 IO: Failed to read packet header
7/21 15:35:25 AUTHENTICATE: handshake failed!
7/21 15:35:25 ERROR: AUTHENTICATE:1002:Failure performing handshake|AUTHENTICATE:1004:Failed