Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] The SECMAN error again

Date: Wed, 30 Sep 2009 11:03:17 -0700
From: "Ralph Finch" <rgf@xxxxxxx>
Subject: Re: [Condor-users] The SECMAN error again
Hey, thanks.  Here's the MasterLog output on reconfigure.  But--this has
activated a memory.  I'm fairly sure I have to do something with
condor_store_cred, right?  Which details I will look up, but if you want to
post the quick answer, please do!

RF

9/30 10:35:08 Reconfiguring all running daemons.
9/30 10:35:08 SECMAN: command 60000 DC_RAISESIGNAL to daemon at
<136.200.32.102:3850> from UDP port 4719 (blocking).
9/30 10:35:08 SECMAN: using session DELTA-MOD:1308:1254331806:1 for
{<136.200.32.102:3850>,<60000>}.
9/30 10:35:08 SECMAN: found cached session id DELTA-MOD:1308:1254331806:1
for {<136.200.32.102:3850>,<60000>}.
MyType = ""
TargetType = ""
OutgoingNegotiation = "PREFERRED"
Subsystem = "MASTER"
Command = 60010
AuthCommand = 60000
RemoteVersion = "$CondorVersion: 7.2.4 Jun 15 2009 BuildID: 159529 $"
Enact = "YES"
AuthMethodsList = "NTSSPI,KERBEROS"
AuthMethods = "NTSSPI"
CryptoMethods = "3DES,BLOWFISH"
Authentication = "NO"
Encryption = "NO"
Integrity = "NO"
SessionDuration = "86400"
UseSession = "YES"
Sid = "DELTA-MOD:1308:1254331806:1"
ValidCommands =
"60000,60008,60017,403,404,427,435,436,441,442,443,444,446,466,503,504,505,5
06,60004,1200,1000,5,60007,60011,448,452,457,470"
9/30 10:35:08 SECMAN: Security Policy:
MyType = ""
TargetType = ""
OutgoingNegotiation = "PREFERRED"
Subsystem = "MASTER"
Command = 60010
AuthCommand = 60000
RemoteVersion = "$CondorVersion: 7.2.4 Jun 15 2009 BuildID: 159529 $"
Enact = "YES"
AuthMethodsList = "NTSSPI,KERBEROS"
AuthMethods = "NTSSPI"
CryptoMethods = "3DES,BLOWFISH"
Authentication = "NO"
Encryption = "NO"
Integrity = "NO"
SessionDuration = "86400"
UseSession = "YES"
Sid = "DELTA-MOD:1308:1254331806:1"
ValidCommands =
"60000,60008,60017,403,404,427,435,436,441,442,443,444,446,466,503,504,505,5
06,60004,1200,1000,5,60007,60011,448,452,457,470"
9/30 10:35:08 SECMAN: negotiating security for command 60000.
9/30 10:35:08 SECMAN: UDP, m_have_session == 1, peer_can_negotiate == 1
9/30 10:35:08 SECMAN: UDP has session DELTA-MOD:1308:1254331806:1.
9/30 10:35:08 SECMAN: sending DC_AUTHENTICATE command
9/30 10:35:08 SECMAN: sending following classad:
MyType = ""
TargetType = ""
OutgoingNegotiation = "PREFERRED"
Subsystem = "MASTER"
AuthCommand = 60000
Enact = "YES"
AuthMethodsList = "NTSSPI,KERBEROS"
AuthMethods = "NTSSPI"
CryptoMethods = "3DES,BLOWFISH"
Authentication = "NO"
Encryption = "NO"
Integrity = "NO"
SessionDuration = "86400"
UseSession = "YES"
Sid = "DELTA-MOD:1308:1254331806:1"
ValidCommands =
"60000,60008,60017,403,404,427,435,436,441,442,443,444,446,466,503,504,505,5
06,60004,1200,1000,5,60007,60011,448,452,457,470"
RemoteVersion = "$CondorVersion: 7.2.4 Jun 15 2009 BuildID: 159529 $"
ServerCommandSock = "<136.200.32.102:3849>"
Command = 60000
9/30 10:35:08 SECMAN: startCommand succeeded.
9/30 10:35:08 Authorizing server '*/136.200.32.102'.
9/30 10:35:08 IPVERIFY: allow READ : 136.200.32.*,136.200.228.40 (from
config value HOSTALLOW_READ)
9/30 10:35:08 IPVERIFY: allow WRITE : 136.200.32.*, 136.200.228.40 (from
config value HOSTALLOW_WRITE)
9/30 10:35:08 IPVERIFY: allow NEGOTIATOR : delta-mod.water.ca.gov (from
config value HOSTALLOW_NEGOTIATOR)
9/30 10:35:08 IPVERIFY: allow ADMINISTRATOR : delta-mod abbey (from config
value HOSTALLOW_ADMINISTRATOR)
9/30 10:35:08 IPVERIFY: allow OWNER : DELTA-MOD.ad.water.ca.gov, delta-mod
abbey (from config value HOSTALLOW_OWNER)
9/30 10:35:08 IPVERIFY: allow DAEMON : 136.200.32.*, 136.200.228.40 (from
config value HOSTALLOW_WRITE)
9/30 10:35:08 IPVERIFY: allow ADVERTISE_STARTD : 136.200.32.*,
136.200.228.40 (from config value HOSTALLOW_WRITE)
9/30 10:35:08 IPVERIFY: allow ADVERTISE_SCHEDD : 136.200.32.*,
136.200.228.40 (from config value HOSTALLOW_WRITE)
9/30 10:35:08 IPVERIFY: allow ADVERTISE_MASTER : 136.200.32.*,
136.200.228.40 (from config value HOSTALLOW_WRITE)
9/30 10:35:08 Initialized the following authorization table:
9/30 10:35:08 Authorizations yet to be resolved:
9/30 10:35:08 allow READ:  */136.200.228.40 */136.200.32.*
9/30 10:35:08 allow WRITE:  */136.200.228.40 */136.200.32.*
9/30 10:35:08 allow NEGOTIATOR:  */delta-mod.water.ca.gov */136.200.32.102
9/30 10:35:08 allow ADMINISTRATOR:  */abbey */delta-mod */136.200.32.179
*/136.200.32.102
9/30 10:35:08 allow OWNER:  */abbey */delta-mod */DELTA-MOD.ad.water.ca.gov
*/136.200.32.179 */136.200.32.102 */136.200.32.102
9/30 10:35:08 allow DAEMON:  */136.200.228.40 */136.200.32.*
9/30 10:35:08 allow ADVERTISE_STARTD:  */136.200.228.40 */136.200.32.*
9/30 10:35:08 allow ADVERTISE_SCHEDD:  */136.200.228.40 */136.200.32.*
9/30 10:35:08 allow ADVERTISE_MASTER:  */136.200.228.40 */136.200.32.*
9/30 10:35:08 SEND [644] <136.200.32.102:4719> <136.200.32.102:3850>
9/30 10:35:08 Sent signal 1 to STARTD (pid 1308)
9/30 10:35:08 SECMAN: command 60000 DC_RAISESIGNAL to daemon at
<136.200.32.102:3851> from UDP port 4721 (blocking).
9/30 10:35:08 SECMAN: using session DELTA-MOD:3740:1254331806:1 for
{<136.200.32.102:3851>,<60000>}.
9/30 10:35:08 SECMAN: found cached session id DELTA-MOD:3740:1254331806:1
for {<136.200.32.102:3851>,<60000>}.
MyType = ""
TargetType = ""
OutgoingNegotiation = "PREFERRED"
Subsystem = "MASTER"
Command = 60010
AuthCommand = 60000
RemoteVersion = "$CondorVersion: 7.2.4 Jun 15 2009 BuildID: 159529 $"
Enact = "YES"
AuthMethodsList = "NTSSPI,KERBEROS"
AuthMethods = "NTSSPI"
CryptoMethods = "3DES,BLOWFISH"
Authentication = "NO"
Encryption = "NO"
Integrity = "NO"
SessionDuration = "86400"
UseSession = "YES"
Sid = "DELTA-MOD:3740:1254331806:1"
ValidCommands =
"60000,60008,60017,71003,441,74000,60004,404,421,443,464,478,479,480,481,486
,487,488,489,499,502,507,60007,60011,1111,457,471"
9/30 10:35:08 SECMAN: Security Policy:
MyType = ""
TargetType = ""
OutgoingNegotiation = "PREFERRED"
Subsystem = "MASTER"
Command = 60010
AuthCommand = 60000
RemoteVersion = "$CondorVersion: 7.2.4 Jun 15 2009 BuildID: 159529 $"
Enact = "YES"
AuthMethodsList = "NTSSPI,KERBEROS"
AuthMethods = "NTSSPI"
CryptoMethods = "3DES,BLOWFISH"
Authentication = "NO"
Encryption = "NO"
Integrity = "NO"
SessionDuration = "86400"
UseSession = "YES"
Sid = "DELTA-MOD:3740:1254331806:1"
ValidCommands =
"60000,60008,60017,71003,441,74000,60004,404,421,443,464,478,479,480,481,486
,487,488,489,499,502,507,60007,60011,1111,457,471"
9/30 10:35:08 SECMAN: negotiating security for command 60000.
9/30 10:35:08 SECMAN: UDP, m_have_session == 1, peer_can_negotiate == 1
9/30 10:35:08 SECMAN: UDP has session DELTA-MOD:3740:1254331806:1.
9/30 10:35:08 SECMAN: sending DC_AUTHENTICATE command
9/30 10:35:08 SECMAN: sending following classad:
MyType = ""
TargetType = ""
OutgoingNegotiation = "PREFERRED"
Subsystem = "MASTER"
AuthCommand = 60000
Enact = "YES"
AuthMethodsList = "NTSSPI,KERBEROS"
AuthMethods = "NTSSPI"
CryptoMethods = "3DES,BLOWFISH"
Authentication = "NO"
Encryption = "NO"
Integrity = "NO"
SessionDuration = "86400"
UseSession = "YES"
Sid = "DELTA-MOD:3740:1254331806:1"
ValidCommands =
"60000,60008,60017,71003,441,74000,60004,404,421,443,464,478,479,480,481,486
,487,488,489,499,502,507,60007,60011,1111,457,471"
RemoteVersion = "$CondorVersion: 7.2.4 Jun 15 2009 BuildID: 159529 $"
ServerCommandSock = "<136.200.32.102:3849>"
Command = 60000
9/30 10:35:09 SECMAN: startCommand succeeded.
9/30 10:35:09 Authorizing server '*/136.200.32.102'.
9/30 10:35:09 SEND [645] <136.200.32.102:4721> <136.200.32.102:3851>
9/30 10:35:09 Sent signal 1 to SCHEDD (pid 3740)
9/30 10:35:09 enter Daemons::UpdateCollector
9/30 10:35:09 Trying to update collector <136.200.32.102:9618>
9/30 10:35:09 Attempting to send update via UDP to collector
delta-mod.water.ca.gov <136.200.32.102:9618>
9/30 10:35:09 SECMAN: command 2 UPDATE_MASTER_AD to collector
delta-mod.water.ca.gov from UDP port 4723 (non-blocking).
9/30 10:35:09 SECMAN: no cached key for {<136.200.32.102:9618>,<2>}.
9/30 10:35:09 SECMAN: Security Policy:
MyType = ""
TargetType = ""
AuthMethods = "NTSSPI,KERBEROS"
CryptoMethods = "3DES,BLOWFISH"
OutgoingNegotiation = "PREFERRED"
Authentication = "OPTIONAL"
Encryption = "OPTIONAL"
Integrity = "OPTIONAL"
Enact = "NO"
Subsystem = "MASTER"
ServerPid = 3476
SessionDuration = "86400"
9/30 10:35:09 SECMAN: negotiating security for command 2.
9/30 10:35:09 SECMAN: need to start a session via TCP
9/30 10:35:09 non-blocking CONNECT started fd=592 dst=<136.200.32.102:9618>
9/30 10:35:09 SECMAN: command 60010 UPDATE_MASTER_AD to
<136.200.32.102:9618> from TCP port 4724 (non-blocking).
9/30 10:35:09 SECMAN: waiting for TCP connection to <136.200.32.102:9618>.
9/30 10:35:09 File descriptor limits: max 1024, safe 820
9/30 10:35:09 exit Daemons::UpdateCollector
9/30 10:35:09 CLOSE <136.200.32.102:3849> fd=616
9/30 10:35:10 RECV 568 bytes at <136.200.32.102:3849> from
<136.200.32.102:4722>
9/30 10:35:10 	Full msg [568 bytes]
9/30 10:35:10 DC_AUTHENTICATE: received UDP packet from
<136.200.32.102:4722>.
9/30 10:35:10 DC_AUTHENTICATE: received DC_AUTHENTICATE from
<136.200.32.102:4722>
9/30 10:35:10 DC_AUTHENTICATE: received following ClassAd:
MyType = "(unknown type)"
TargetType = "(unknown type)"
OutgoingNegotiation = "PREFERRED"
Subsystem = "STARTD"
AuthCommand = 60008
Enact = "YES"
AuthMethodsList = "NTSSPI,KERBEROS"
AuthMethods = "NTSSPI"
CryptoMethods = "3DES,BLOWFISH"
Authentication = "NO"
Encryption = "NO"
Integrity = "NO"
SessionDuration = "86400"
UseSession = "YES"
Sid = "DELTA-MOD:3476:1254324964:1"
ValidCommands = "60000,60008,60017,60004,60007,60011,457"
RemoteVersion = "$CondorVersion: 7.2.4 Jun 15 2009 BuildID: 159529 $"
ServerCommandSock = "<136.200.32.102:3850>"
Command = 60008
9/30 10:35:10 DC_AUTHENTICATE: resuming session id
DELTA-MOD:3476:1254324964:1 with return address <136.200.32.102:3850>:
9/30 10:35:10 DC_AUTHENTICATE: Cached Session:
MyType = ""
TargetType = ""
Authentication = "NO"
Encryption = "NO"
Integrity = "NO"
AuthMethodsList = "NTSSPI,KERBEROS"
AuthMethods = "NTSSPI"
CryptoMethods = "3DES,BLOWFISH"
SessionDuration = "86400"
Enact = "YES"
Subsystem = "STARTD"
ServerCommandSock = "<136.200.32.102:3850>"
ParentUniqueID = "DELTA-MOD:3476:1254324952"
ServerPid = 1308
RemoteVersion = "$CondorVersion: 7.2.4 Jun 15 2009 BuildID: 159529 $"
Sid = "DELTA-MOD:3476:1254324964:1"
ValidCommands = "60000,60008,60017,60004,60007,60011,457"
9/30 10:35:10 DC_AUTHENTICATE: setting sock->decode()
9/30 10:35:10 DC_AUTHENTICATE: allowing an empty message for sock.
9/30 10:35:10 DC_AUTHENTICATE: Success.
9/30 10:35:10 IPVERIFY: matched user * from 136.200.32.* to allow list
9/30 10:35:10 Adding to resolved authorization table: */136.200.32.102:
DAEMON
9/30 10:35:10 PERMISSION GRANTED to unauthenticated user from host
136.200.32.102 for command 60008 (DC_CHILDALIVE), access level DAEMON:
reason: DAEMON authorization policy allows IP address 136.200.32.102;
identifiers used for this remote host: 136.200.32.102,delta-mod
9/30 10:35:10 Received UDP command 60008 (DC_CHILDALIVE) from
<136.200.32.102:4722>, access level DAEMON
9/30 10:35:10 attempt to connect to <136.200.32.102:9618> failed: connect
errno = 10061 connection refused.
9/30 10:35:10 SECMAN: resuming command 60010 UPDATE_MASTER_AD to
<136.200.32.102:9618> from TCP port 4725 (non-blocking).
9/30 10:35:10 SECMAN: TCP connection to <136.200.32.102:9618> failed.
9/30 10:35:10 CLOSE <136.200.32.102:4725> fd=588
9/30 10:35:10 SECMAN: unable to create security session to
<136.200.32.102:9618> via TCP, failing.
9/30 10:35:10 ERROR: SECMAN:2004:Failed to create security session to
<136.200.32.102:9618> with TCP.|SECMAN:2003:TCP connection to
<136.200.32.102:9618> failed.
9/30 10:35:10 Failed to start non-blocking update to <136.200.32.102:9618>.
9/30 10:35:11 RECV 592 bytes at <136.200.32.102:3849> from
<136.200.32.102:4726>
9/30 10:35:11 	Full msg [592 bytes]
9/30 10:35:11 DC_AUTHENTICATE: received UDP packet from
<136.200.32.102:4726>.
9/30 10:35:11 DC_AUTHENTICATE: received DC_AUTHENTICATE from
<136.200.32.102:4726>
9/30 10:35:11 DC_AUTHENTICATE: received following ClassAd:
MyType = "(unknown type)"
TargetType = "(unknown type)"
OutgoingNegotiation = "PREFERRED"
Subsystem = "SCHEDD"
AuthCommand = 60008
Enact = "YES"
AuthMethodsList = "NTSSPI,KERBEROS"
AuthMethods = "NTSSPI"
CryptoMethods = "3DES,BLOWFISH"
Authentication = "NO"
Encryption = "NO"
Integrity = "NO"
SessionDuration = "86400"
UseSession = "YES"
Sid = "DELTA-MOD:3476:1254324953:0"
ValidCommands = "60000,60008,60017,60004,60007,60011,457"
RemoteVersion = "$CondorVersion: 7.2.4 Jun 15 2009 BuildID: 159529 $"
ServerCommandSock = "<136.200.32.102:3851>"
Command = 60008
ServerTime = 1254332111
9/30 10:35:11 DC_AUTHENTICATE: resuming session id
DELTA-MOD:3476:1254324953:0 with return address <136.200.32.102:3851>:
9/30 10:35:11 DC_AUTHENTICATE: Cached Session:
MyType = ""
TargetType = ""
Authentication = "NO"
Encryption = "NO"
Integrity = "NO"
AuthMethodsList = "NTSSPI,KERBEROS"
AuthMethods = "NTSSPI"
CryptoMethods = "3DES,BLOWFISH"
SessionDuration = "86400"
Enact = "YES"
Subsystem = "SCHEDD"
ServerCommandSock = "<136.200.32.102:3851>"
ParentUniqueID = "DELTA-MOD:3476:1254324952"
ServerPid = 3740
RemoteVersion = "$CondorVersion: 7.2.4 Jun 15 2009 BuildID: 159529 $"
Sid = "DELTA-MOD:3476:1254324953:0"
ValidCommands = "60000,60008,60017,60004,60007,60011,457"
9/30 10:35:11 DC_AUTHENTICATE: setting sock->decode()
9/30 10:35:11 DC_AUTHENTICATE: allowing an empty message for sock.
9/30 10:35:11 DC_AUTHENTICATE: Success.
9/30 10:35:11 PERMISSION GRANTED to unauthenticated user from host
136.200.32.102 for command 60008 (DC_CHILDALIVE), access level DAEMON:
reason: cached result for DAEMON; see first case for the full reason
9/30 10:35:11 Received UDP command 60008 (DC_CHILDALIVE) from
<136.200.32.102:4726>, access level DAEMON -----Original Message-----
From: condor-users-bounces@xxxxxxxxxxx
[mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Zachary Miller
Sent: Wednesday, September 30, 2009 10:21 AM
To: Condor-Users Mail List
Subject: Re: [Condor-users] The SECMAN error again

> We do run DNS or Active-something with our Windows LAN. I tried running
with
> ALL_DEBUG = D_FULLDEBUG and D_NETWORK but it didn't throw any more light
on
> things for me.

add D_SECURITY to that list.  you'll get a lot of info, probably more than
you
want to look at.  feel free to send it to condor-admin@xxxxxxxxxxx and i can
take a look at it too.


cheers,
-zach
References:
- [Condor-users] The SECMAN error again
  - From: rgf
- Re: [Condor-users] The SECMAN error again
  - From: Zachary Miller
Prev by Date: Re: [Condor-users] The SECMAN error again
Previous by thread: Re: [Condor-users] The SECMAN error again
Index(es):
- Date
- Thread
Mailing List Archives

Public Access

Re: [Condor-users] The SECMAN error again
