[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] condor_q -global error....


Robert Mortensen wrote:
> On one of our machines, <first-machine-name> (Windows 7, 64-bit, condor 7.4.1), condor_q -global fails with the following error:
> -- Failed to fetch ads from: <> : <second-machine-name>   
> 05/03 17:29:53 (pid:4144) PERMISSION DENIED to unauthenticated user from host for command 1111 (QMGMT_CMD), access level READ: reason: READ authorization policy contains no matching ALLOW entry for this request; identifiers used for this host:,<first-machine-name>
> Both <first-machine-name> and <second-machine-name> have ALLOW_READ/WRITE = *.<our-domain-name>. The curious thing is that in the first message of the SchedLog from <second-machine-name>, the <first-machine-name> does not contain <our-domain-name>. I think that changing ALLOW_READ/WRITE to be "*" would solve the problem, but I would rather not do that.

out of curiosity: Have you tried setting ALLOW_READ/WRITE to 10.1.2.*
rather than *.domainName? Apparently the machine in question does not
propagate (or know?) the global domain and can therefore not be
identified as a member of it.


Cathrin Weiss
Condor Team