Mailing List Archives

Public Access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] GSI Authentication failure in condor

Have you got a set of CA Certificates in the /etc/grid-security/certificates directory that includes the one you 
are using?

Steve


On Mon, 5 Oct 2009, satyanarayan rao wrote:


Sorry for posting again.. but i am really stuck up,
please help.

Hello Everyone,
I am using condor 7.2.4 and Globus Toolkit, i want to enable GSI
authentication in condor
the configuration changes that i have done in condor_config file is as
follows:
*****************************************************************************************************
Start /etc/condor/condor_config******************************
SEC_DEFAULT_AUTHENTICATION = REQUIRED
SEC_DEFAULT_AUTHENTICATION_METHODS = GSI
SEC_READ_AUTHENTICATION = OPTIONAL
SEC_CLIENT_AUTHENTICATION = OPTIONAL
SEC_DEFAULT_ENCRYPTION = OPTIONAL
SEC_DEFAULT_INTEGRITY = REQUIRED
SEC_READ_INTEGRITY = OPTIONAL
SEC_CLIENT_INTEGRITY = OPTIONAL
SEC_READ_ENCRYPTION = OPTIONAL
SEC_CLIENT_ENCRYPTION = OPTIONAL
GSI_DAEMON_DIRECTORY    = /etc/grid-security
GSI_ASSIST_GRIDMAP      = /etc/grid-security/grid-mapfile
GSI_DAEMON_NAME         = /O=Grid/OU=GlobusTest/OU=
simpleCA-grid-server.iiitm.ac.in/OU=iiitm.ac.in/CN=condor<http://simpleca-grid-server.iiitm.ac.in/OU=iiitm.ac.in/CN=condor>
GSI_DAEMON_CERT           = $(GSI_DAEMON_DIRECTORY)/hostcert.pem
GSI_DAEMON_KEY            = $(GSI_DAEMON_DIRECTORY)/hostkey.pem
GSI_DAEMON_TRUSTED_CA_DIR = $(GSI_DAEMON_DIRECTORY)/certificates
GSI_DAEMON_PROXY        = /tmp/x509up_u489
ALLOW_READ              =             *
ALLOW_DAEMON            =          *
ALLOW_NEGOTIATOR        =       *
ALLOW_ADMINISTRATOR     =    *
*******************************************************************************************End************************************************



The MasteLog message
[root@grid-server condor]# tail -f MasteLog

10/3 01:17:25 ******************************************************
10/3 01:17:25 ** condor_master (CONDOR_MASTER) STARTING UP
10/3 01:17:25 ** /usr/sbin/condor_master
10/3 01:17:25 ** SubsystemInfo: name=MASTER type=MASTER(2) class=DAEMON(1)
10/3 01:17:25 ** Configuration: subsystem:MASTER local:<NONE> class:DAEMON
10/3 01:17:25 ** $CondorVersion: 7.2.4 Aug 28 2009 BuildID:
Fedora-7.2.4-1.fc11 $
10/3 01:17:25 ** $CondorPlatform: I386-LINUX_F11 $
10/3 01:17:25 ** PID = 4667
10/3 01:17:25 ** Log last touched 10/3 01:17:10
10/3 01:17:25 ******************************************************
10/3 01:17:25 Using config source: /etc/condor/condor_config
10/3 01:17:25 Using local config sources:
10/3 01:17:25    /var/lib/condor/condor_config.local
10/3 01:17:25 DaemonCore: Command Socket at <192.168.33.188:33363>
10/3 01:17:25 Started DaemonCore process "/usr/sbin/condor_collector", pid
and pgroup = 4668
10/3 01:17:28 Started DaemonCore process "/usr/sbin/condor_negotiator", pid
and pgroup = 4669
10/3 01:17:28 Started DaemonCore process "/usr/sbin/condor_schedd", pid and
pgroup = 4670
10/3 01:17:28 Started DaemonCore process "/usr/sbin/condor_startd", pid and
pgroup = 4671

10/3 19:01:42 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:42 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:42 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:42 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:42 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:42 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:47 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:47 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:47 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:47 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:47 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:47 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:52 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:52 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:52 condor_read(): recv() returned -1, errno = 104, assuming
failure reading 5 bytes from unknown source.
10/3 19:01:52 IO: Failed to read packet header
10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed: Connection
refused (connect errno = 111).
10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
192.168.33.188:9618> failed.
10/3 19:01:52 Failed to start non-blocking update to <192.168.33.188:9618>.
10/3 19:01:52 The COLLECTOR (pid 10011) exited with status 4
10/3 19:01:52 Sending obituary for "/usr/sbin/condor_collector"
10/3 19:01:52 restarting /usr/sbin/condor_collector in 10 seconds
10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed: Connection
refused (connect errno = 111).
10/3 19:01:52 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:52 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
192.168.33.188:9618> failed.
10/3 19:01:52 Failed to start non-blocking update to <192.168.33.188:9618>.
10/3 19:01:52 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:52 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:52 The NEGOTIATOR (pid 10012) exited with status 4
10/3 19:01:52 Sending obituary for "/usr/sbin/condor_negotiator"
10/3 19:01:52 restarting /usr/sbin/condor_negotiator in 10 seconds
10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed: Connection
refused (connect errno = 111).
10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
192.168.33.188:9618> failed.
10/3 19:01:52 Failed to start non-blocking update to <192.168.33.188:9618>.
10/3 19:01:52 The SCHEDD (pid 10013) exited with status 4
10/3 19:01:52 Sending obituary for "/usr/sbin/condor_schedd"
10/3 19:01:52 restarting /usr/sbin/condor_schedd in 10 seconds
10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed: Connection
refused (connect errno = 111).
10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
192.168.33.188:9618> failed.
10/3 19:01:52 Failed to start non-blocking update to <192.168.33.188:9618>.
10/3 19:01:53 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:53 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:58 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:58 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
^C



Not able to figure out the problem

Didnt find help regarding this error in mail-list..

Any Help or idea would be appriciated..

Thanks






--
------------------------------------------------------------------
Steven C. Timm, Ph.D  (630) 840-8525
timm@xxxxxxxx  http://home.fnal.gov/~timm/
Fermilab Computing Division, Scientific Computing Facilities,
Grid Facilities Department, FermiGrid Services Group, Assistant Group Leader.