[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] GSI Authentication failure in condor



All of the error messages below have to do with the fact that the
other processes can't communicate to the Collector using GSI.
What does the Collector log say?  Have you turned on D_SECURITY in
MASTER_DEBUG,COLLECTOR_DEBUG, SCHEDD_DEBUG, that will help.

Steve


On Mon, 5 Oct 2009, satyanarayan rao wrote:

Thanks for the reply..

Yes, my globus is running fine, and i have everything in place mean the grid
security related things


On Mon, Oct 5, 2009 at 9:22 AM, Steven Timm <timm@xxxxxxxx> wrote:

Have you got a set of CA Certificates in the
/etc/grid-security/certificates directory that includes the one you
are using?

Steve


On Mon, 5 Oct 2009, satyanarayan rao wrote:

Sorry for posting again.. but i am really stuck up,
please help.

Hello Everyone,
I am using condor 7.2.4 and Globus Toolkit, i want to enable GSI
authentication in condor
the configuration changes that i have done in condor_config file is as
follows:

*****************************************************************************************************
Start /etc/condor/condor_config******************************
SEC_DEFAULT_AUTHENTICATION = REQUIRED
SEC_DEFAULT_AUTHENTICATION_METHODS = GSI
SEC_READ_AUTHENTICATION = OPTIONAL
SEC_CLIENT_AUTHENTICATION = OPTIONAL
SEC_DEFAULT_ENCRYPTION = OPTIONAL
SEC_DEFAULT_INTEGRITY = REQUIRED
SEC_READ_INTEGRITY = OPTIONAL
SEC_CLIENT_INTEGRITY = OPTIONAL
SEC_READ_ENCRYPTION = OPTIONAL
SEC_CLIENT_ENCRYPTION = OPTIONAL
GSI_DAEMON_DIRECTORY    = /etc/grid-security
GSI_ASSIST_GRIDMAP      = /etc/grid-security/grid-mapfile
GSI_DAEMON_NAME         = /O=Grid/OU=GlobusTest/OU=
simpleCA-grid-server.iiitm.ac.in/OU=iiitm.ac.in/CN=condor<
http://simpleca-grid-server.iiitm.ac.in/OU=iiitm.ac.in/CN=condor>
GSI_DAEMON_CERT           = $(GSI_DAEMON_DIRECTORY)/hostcert.pem
GSI_DAEMON_KEY            = $(GSI_DAEMON_DIRECTORY)/hostkey.pem
GSI_DAEMON_TRUSTED_CA_DIR = $(GSI_DAEMON_DIRECTORY)/certificates
GSI_DAEMON_PROXY        = /tmp/x509up_u489
ALLOW_READ              =             *
ALLOW_DAEMON            =          *
ALLOW_NEGOTIATOR        =       *
ALLOW_ADMINISTRATOR     =    *

*******************************************************************************************End************************************************



The MasteLog message
[root@grid-server condor]# tail -f MasteLog

10/3 01:17:25 ******************************************************
10/3 01:17:25 ** condor_master (CONDOR_MASTER) STARTING UP
10/3 01:17:25 ** /usr/sbin/condor_master
10/3 01:17:25 ** SubsystemInfo: name=MASTER type=MASTER(2)
class=DAEMON(1)
10/3 01:17:25 ** Configuration: subsystem:MASTER local:<NONE>
class:DAEMON
10/3 01:17:25 ** $CondorVersion: 7.2.4 Aug 28 2009 BuildID:
Fedora-7.2.4-1.fc11 $
10/3 01:17:25 ** $CondorPlatform: I386-LINUX_F11 $
10/3 01:17:25 ** PID = 4667
10/3 01:17:25 ** Log last touched 10/3 01:17:10
10/3 01:17:25 ******************************************************
10/3 01:17:25 Using config source: /etc/condor/condor_config
10/3 01:17:25 Using local config sources:
10/3 01:17:25    /var/lib/condor/condor_config.local
10/3 01:17:25 DaemonCore: Command Socket at <192.168.33.188:33363>
10/3 01:17:25 Started DaemonCore process "/usr/sbin/condor_collector",
pid
and pgroup = 4668
10/3 01:17:28 Started DaemonCore process "/usr/sbin/condor_negotiator",
pid
and pgroup = 4669
10/3 01:17:28 Started DaemonCore process "/usr/sbin/condor_schedd", pid
and
pgroup = 4670
10/3 01:17:28 Started DaemonCore process "/usr/sbin/condor_startd", pid
and
pgroup = 4671

10/3 19:01:42 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:42 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:42 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:42 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:42 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:42 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:47 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:47 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:47 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:47 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:47 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:47 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:52 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:52 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:52 condor_read(): recv() returned -1, errno = 104, assuming
failure reading 5 bytes from unknown source.
10/3 19:01:52 IO: Failed to read packet header
10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed:
Connection
refused (connect errno = 111).
10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
192.168.33.188:9618> failed.
10/3 19:01:52 Failed to start non-blocking update to <
192.168.33.188:9618>.
10/3 19:01:52 The COLLECTOR (pid 10011) exited with status 4
10/3 19:01:52 Sending obituary for "/usr/sbin/condor_collector"
10/3 19:01:52 restarting /usr/sbin/condor_collector in 10 seconds
10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed:
Connection
refused (connect errno = 111).
10/3 19:01:52 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:52 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
192.168.33.188:9618> failed.
10/3 19:01:52 Failed to start non-blocking update to <
192.168.33.188:9618>.
10/3 19:01:52 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:52 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:52 The NEGOTIATOR (pid 10012) exited with status 4
10/3 19:01:52 Sending obituary for "/usr/sbin/condor_negotiator"
10/3 19:01:52 restarting /usr/sbin/condor_negotiator in 10 seconds
10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed:
Connection
refused (connect errno = 111).
10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
192.168.33.188:9618> failed.
10/3 19:01:52 Failed to start non-blocking update to <
192.168.33.188:9618>.
10/3 19:01:52 The SCHEDD (pid 10013) exited with status 4
10/3 19:01:52 Sending obituary for "/usr/sbin/condor_schedd"
10/3 19:01:52 restarting /usr/sbin/condor_schedd in 10 seconds
10/3 19:01:52 attempt to connect to <192.168.33.188:9618> failed:
Connection
refused (connect errno = 111).
10/3 19:01:52 ERROR: SECMAN:2004:Failed to create security session to <
192.168.33.188:9618> with TCP.|SECMAN:2003:TCP connection to <
192.168.33.188:9618> failed.
10/3 19:01:52 Failed to start non-blocking update to <
192.168.33.188:9618>.
10/3 19:01:53 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:53 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
10/3 19:01:58 AUTHENTICATE: unsupported method: 32, failing.
10/3 19:01:58 DC_AUTHENTICATE: authenticate failed:
AUTHENTICATE:1003:Failure.  Unsupported method: 32
^C



Not able to figure out the problem

Didnt find help regarding this error in mail-list..

Any Help or idea would be appriciated..

Thanks





--
------------------------------------------------------------------
Steven C. Timm, Ph.D  (630) 840-8525
timm@xxxxxxxx  http://home.fnal.gov/~timm/ <http://home.fnal.gov/%7Etimm/>
Fermilab Computing Division, Scientific Computing Facilities,
Grid Facilities Department, FermiGrid Services Group, Assistant Group
Leader.
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/






--
------------------------------------------------------------------
Steven C. Timm, Ph.D  (630) 840-8525
timm@xxxxxxxx  http://home.fnal.gov/~timm/
Fermilab Computing Division, Scientific Computing Facilities,
Grid Facilities Department, FermiGrid Services Group, Assistant Group Leader.