Re: [Condor-users] GSI Authentication failure in condor

Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

On Mon, Oct 5, 2009 at 9:22 AM, Steven Timm <timm@xxxxxxxx> wrote:

Have you got a set of CA Certificates in the
/etc/grid-security/certificates directory that includes the one you
are using?

Steve

On Mon, 5 Oct 2009, satyanarayan rao wrote:

> Sorry for posting again.. but i am really stuck up,
> please help.
>
> Hello Everyone,
> I am using condor 7.2.4 and Globus Toolkit, i want to enable GSI
> authentication in condor
> the configuration changes that i have done in condor_config file is as
> follows:
> *****************************************************************************************************
> Start /etc/condor/condor_config******************************
> SEC_DEFAULT_AUTHENTICATION = REQUIRED
> SEC_DEFAULT_AUTHENTICATION_METHODS = GSI
> SEC_READ_AUTHENTICATION = OPTIONAL
> SEC_CLIENT_AUTHENTICATION = OPTIONAL
> SEC_DEFAULT_ENCRYPTION = OPTIONAL
> SEC_DEFAULT_INTEGRITY = REQUIRED
> SEC_READ_INTEGRITY = OPTIONAL
> SEC_CLIENT_INTEGRITY = OPTIONAL
> SEC_READ_ENCRYPTION = OPTIONAL
> SEC_CLIENT_ENCRYPTION = OPTIONAL
> GSI_DAEMON_DIRECTORY = /etc/grid-security
> GSI_ASSIST_GRIDMAP = /etc/grid-security/grid-mapfile
> GSI_DAEMON_NAME = /O=Grid/OU=GlobusTest/OU=

> simpleCA-grid-server.iiitm.ac.in/OU=iiitm.ac.in/CN=condor<http://simpleca-grid-server.iiitm.ac.in/OU=iiitm.ac.in/CN=condor>

> GSI_DAEMON_CERT = $(GSI_DAEMON_DIRECTORY)/hostcert.pem
> GSI_DAEMON_KEY = $(GSI_DAEMON_DIRECTORY)/hostkey.pem
> GSI_DAEMON_TRUSTED_CA_DIR = $(GSI_DAEMON_DIRECTORY)/certificates
> GSI_DAEMON_PROXY = /tmp/x509up_u489
> ALLOW_READ = *
> ALLOW_DAEMON = *
> ALLOW_NEGOTIATOR = *
> ALLOW_ADMINISTRATOR = *
> *******************************************************************************************End************************************************
>
>
>
> The MasteLog message
> [root@grid-server condor]# tail -f MasteLog
>
> 10/3 01:17:25 ******************************************************
> 10/3 01:17:25 ** condor_master (CONDOR_MASTER) STARTING UP
> 10/3 01:17:25 ** /usr/sbin/condor_master
> 10/3 01:17:25 ** SubsystemInfo: name=MASTER type=MASTER(2) class=DAEMON(1)
> 10/3 01:17:25 ** Configuration: subsystem:MASTER local:<NONE> class:DAEMON
> 10/3 01:17:25 ** $CondorVersion: 7.2.4 Aug 28 2009 BuildID:
> Fedora-7.2.4-1.fc11 $
> 10/3 01:17:25 ** $CondorPlatform: I386-LINUX_F11 $
> 10/3 01:17:25 ** PID = 4667
> 10/3 01:17:25 ** Log last touched 10/3 01:17:10
> 10/3 01:17:25 ******************************************************
> 10/3 01:17:25 Using config source: /etc/condor/condor_config
> 10/3 01:17:25 Using local config sources:
> 10/3 01:17:25 /var/lib/condor/condor_config.local
> 10/3 01:17:25 DaemonCore: Command Socket at <192.168.33.188:33363>
> 10/3 01:17:25 Started DaemonCore process "/usr/sbin/condor_collector", pid
> and pgroup = 4668
> 10/3 01:17:28 Started DaemonCore process "/usr/sbin/condor_negotiator", pid
> and pgroup = 4669
> 10/3 01:17:28 Started DaemonCore process "/usr/sbin/condor_schedd", pid and
> pgroup = 4670
> 10/3 01:17:28 Started DaemonCore process "/usr/sbin/condor_startd", pid and
> pgroup = 4671
>
> 10/3 19:01:42 AUTHENTICATE: unsupported method: 32, failing.
> 10/3 19:01:42 DC_AUTHENTICATE: authenticate failed:
> AUTHENTICATE:1003:Failure. Unsupported method: 32
> 10/3 19:01:42 AUTHENTICATE: unsupported method: 32, failing.
> 10/3 19:01:42 DC_AUTHENTICATE: authenticate failed:
> AUTHENTICATE:1003:Failure. Unsupported method: 32
> 10/3 19:01:42 AUTHENTICATE: unsupported method: 32, failing.
> 10/3 19:01:42 DC_AUTHENTICATE: authenticate failed:
> AUTHENTICATE:1003:Failure. Unsupported method: 32
> 10/3 19:01:47 AUTHENTICATE: unsupported method: 32, failing.
> 10/3 19:01:47 DC_AUTHENTICATE: authenticate failed:
> AUTHENTICATE:1003:Failure. Unsupported method: 32
> 10/3 19:01:47 AUTHENTICATE: unsupported method: 32, failing.
> 10/3 19:01:47 DC_AUTHENTICATE: authenticate failed:
> AUTHENTICATE:1003:Failure. Unsupported method: 32
> 10/3 19:01:47 AUTHENTICATE: unsupported method: 32, failing.
> 10/3 19:01:47 DC_AUTHENTICATE: authenticate failed:
> AUTHENTICATE:1003:Failure. Unsupported method: 32
> 10/3 19:01:52 AUTHENTICATE: unsupported method: 32, failing.
> 10/3 19:01:52 DC_AUTHENTICATE: authenticate failed:
> AUTHENTICATE:1003:Failure. Unsupported method: 32
> 10/3 19:01:52 condor_read(): recv() returned -1, errno = 104, assuming
> failure reading 5 bytes from unknown source.
> 10/3 19:01:52 IO: Failed to read packet header
> 10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed: Connection
> refused (connect errno = 111).
> 10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
> 192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
> 192.168.33.188:9618> failed.
> 10/3 19:01:52 Failed to start non-blocking update to <192.168.33.188:9618>.
> 10/3 19:01:52 The COLLECTOR (pid 10011) exited with status 4
> 10/3 19:01:52 Sending obituary for "/usr/sbin/condor_collector"
> 10/3 19:01:52 restarting /usr/sbin/condor_collector in 10 seconds
> 10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed: Connection
> refused (connect errno = 111).
> 10/3 19:01:52 AUTHENTICATE: unsupported method: 32, failing.
> 10/3 19:01:52 DC_AUTHENTICATE: authenticate failed:
> AUTHENTICATE:1003:Failure. Unsupported method: 32
> 10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
> 192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
> 192.168.33.188:9618> failed.
> 10/3 19:01:52 Failed to start non-blocking update to <192.168.33.188:9618>.
> 10/3 19:01:52 AUTHENTICATE: unsupported method: 32, failing.
> 10/3 19:01:52 DC_AUTHENTICATE: authenticate failed:
> AUTHENTICATE:1003:Failure. Unsupported method: 32
> 10/3 19:01:52 The NEGOTIATOR (pid 10012) exited with status 4
> 10/3 19:01:52 Sending obituary for "/usr/sbin/condor_negotiator"
> 10/3 19:01:52 restarting /usr/sbin/condor_negotiator in 10 seconds
> 10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed: Connection
> refused (connect errno = 111).
> 10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
> 192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
> 192.168.33.188:9618> failed.
> 10/3 19:01:52 Failed to start non-blocking update to <192.168.33.188:9618>.
> 10/3 19:01:52 The SCHEDD (pid 10013) exited with status 4
> 10/3 19:01:52 Sending obituary for "/usr/sbin/condor_schedd"
> 10/3 19:01:52 restarting /usr/sbin/condor_schedd in 10 seconds
> 10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed: Connection
> refused (connect errno = 111).
> 10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
> 192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
> 192.168.33.188:9618> failed.
> 10/3 19:01:52 Failed to start non-blocking update to <192.168.33.188:9618>.
> 10/3 19:01:53 AUTHENTICATE: unsupported method: 32, failing.
> 10/3 19:01:53 DC_AUTHENTICATE: authenticate failed:
> AUTHENTICATE:1003:Failure. Unsupported method: 32
> 10/3 19:01:58 AUTHENTICATE: unsupported method: 32, failing.
> 10/3 19:01:58 DC_AUTHENTICATE: authenticate failed:
> AUTHENTICATE:1003:Failure. Unsupported method: 32
> ^C
>
>
>
> Not able to figure out the problem
>
> Didnt find help regarding this error in mail-list..
>
> Any Help or idea would be appriciated..
>
> Thanks
>
>
>
>

--

------------------------------------------------------------------
Steven C. Timm, Ph.D (630) 840-8525
timm@xxxxxxxx http://home.fnal.gov/~timm/
Fermilab Computing Division, Scientific Computing Facilities,
Grid Facilities Department, FermiGrid Services Group, Assistant Group Leader.
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/

Mailing List Archives

Public Access

Re: [Condor-users] GSI Authentication failure in condor