[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] condor_q -global error....



Bob,

Robert Mortensen wrote:
> On one of our machines, <first-machine-name> (Windows 7, 64-bit, condor 7.4.1), condor_q -global fails with the following error:
> -- Failed to fetch ads from: <10.1.2.22:9686> : <second-machine-name>   
> 05/03 17:29:53 (pid:4144) PERMISSION DENIED to unauthenticated user from host 10.1.2.143 for command 1111 (QMGMT_CMD), access level READ: reason: READ authorization policy contains no matching ALLOW entry for this request; identifiers used for this host: 10.1.2.143,<first-machine-name>
> Both <first-machine-name> and <second-machine-name> have ALLOW_READ/WRITE = *.<our-domain-name>. The curious thing is that in the first message of the SchedLog from <second-machine-name>, the <first-machine-name> does not contain <our-domain-name>. I think that changing ALLOW_READ/WRITE to be "*" would solve the problem, but I would rather not do that.

out of curiosity: Have you tried setting ALLOW_READ/WRITE to 10.1.2.*
rather than *.domainName? Apparently the machine in question does not
propagate (or know?) the global domain and can therefore not be
identified as a member of it.

Thanks,

Cathrin Weiss
Condor Team