[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] No Credential



I'm curious, if you set the ALLOW_WRITE knob to $(IP_ADDRESS) or $(FULL_HOSTNAME) or both, does it work?

On Fri, Jul 15, 2011 at 9:05 AM, Matthew Farrellee <matt@xxxxxxxxxx> wrote:
FYI, possibly another issue with the interface selecting code?

Best,


matt


On 07/15/2011 09:52 AM, Smith, Herb wrote:
I'm using version 7.6.1.

I got it working now.  It seems to want the IP address for the Ethernet adapter Local Area Connection AND the IP address for the Ethernet Adapter Network Connect Adapter.  I included both of them in the config file permissions and then the store_cred command worked.

The log file you suggested I look at showed it was balking at the command coming from the IP address associated with the Ethernet Adapter Network Connect Adapter.  Once I included both of them it seems to be working.  Unfortunately, I'm not real smart about all this network stuff.  I appreciate the help.

Thanks,
Herb

-----Original Message-----
From: condor-users-bounces@xxxxxxxxedu [mailto:condor-users-bounces@cs.wisc.edu] On Behalf Of Matthew Farrellee
Sent: Friday, July 15, 2011 6:46 AM
To: Condor-Users Mail List
Subject: Re: [Condor-users] No Credential

FYI, the version of condor hasn't been mentioned.

Some old versions didn't handle a naked "*" correctly in security policy.

Best,


matt

On 07/14/2011 05:22 PM, Ziliang Guo wrote:
Does the schedd log say anything about attempts to connect to it by
something else?

On Thu, Jul 14, 2011 at 2:52 PM, Smith, Herb<herb.smith@xxxxxxxxxx
<mailto:herb.smith@xxxxxxxxxx>>  wrote:

    Here is what it reports:____

    __ __

    __ __

    07/14 14:39:12 STORE_CRED: In mode 'add'____

    07/14 14:39:12 Storing credential to local schedd____

    07/14 14:39:12 Initialized the following authorization table:____

    07/14 14:39:12 Authorizations yet to be resolved:____

    07/14 14:39:12 allow READ:  */xxx.yyy.0.172____

    07/14 14:39:12 allow NEGOTIATOR:  */xxx.yyy.0.172____

    07/14 14:39:12 allow ADMINISTRATOR:  */xxx.yyy.0.172____

    07/14 14:39:12 allow OWNER:  */zzz.www.178.224 */xxx.yyy.0.172
    */xxx.yyy.0.172 ____

    07/14 14:39:12 condor_read(): Socket closed when trying to read 5
    bytes from local schedd____

    07/14 14:39:12 IO: EOF reading packet header____

    07/14 14:39:12 store_cred: failed to recv answer.____

    Operation failed.____

         Make sure your ALLOW_WRITE setting includes this host.____

    __ __

    The XXX.YYY IP address is the one that is setup as the host and has
    all the read and write privileges.  The ZZZ.WWW one is coming from
    the fact that I'm hooked into my company's network through a
    satellite modem and that IP address is somehow associated with that
    process.  Not sure why that is showing up, however, since everything
    is local to this machine, I didn't think that would cause an
issue.____

    __ __

    Herb____

    __ __

    *From:*condor-users-bounces@cs.wisc.edu
    <mailto:condor-users-bounces@cs.wisc.edu>
    [mailto:condor-users-bounces@cs.wisc.edu
    <mailto:condor-users-bounces@cs.wisc.edu>] *On Behalf Of *Ziliang Guo
    *Sent:* Thursday, July 14, 2011 2:35 PM


    *To:* Condor-Users Mail List
    *Subject:* Re: [Condor-users] No Credential____

    __ __

    Inside the config file, set TOOL_DEBUG=D_FULLDEBUG somewhere and
    when you run the store_cred program again, pass in -d as an
    argument.  That will spit out the debug output onto the terminal and
    hopefully tell you exactly why the program was unable to add your
    credentials.  If you cannot modify the config file, you can set an
    environment variable, _CONDOR_TOOL_DEBUG to D_FULLDEBUG.____

    On Thu, Jul 14, 2011 at 2:12 PM, Smith, Herb<herb.smith@xxxxxxxxxx
    <mailto:herb.smith@xxxxxxxxxx>>  wrote:____

    Everything is on the same machine....____

    ____

    *From:*condor-users-bounces@cs.wisc.edu
    <mailto:condor-users-bounces@cs.wisc.edu>
    [mailto:condor-users-bounces@cs.wisc.edu
    <mailto:condor-users-bounces@cs.wisc.edu>] *On Behalf Of *Ziliang Guo
    *Sent:* Thursday, July 14, 2011 1:39 PM____


    *To:* Condor-Users Mail List
    *Subject:* Re: [Condor-users] No Credential____

    ____

    Where is the credd located?  The same machine you are trying to run
    condor_store_cred on or a different machine?____

    On Thu, Jul 14, 2011 at 1:17 PM, Smith, Herb<herb.smith@xxxxxxxxxx
    <mailto:herb.smith@xxxxxxxxxx>>  wrote:____

    No, all it says it to make sure that the ALLOW_WRITE setting
    includes this host. ____

    I have ALLOW_WRITE set to *, so I assumed that would cover it.____

    ____

    *From:*condor-users-bounces@cs.wisc.edu
    <mailto:condor-users-bounces@cs.wisc.edu>
    [mailto:condor-users-bounces@cs.wisc.edu
    <mailto:condor-users-bounces@cs.wisc.edu>] *On Behalf Of *Ziliang Guo
    *Sent:* Thursday, July 14, 2011 1:14 PM
    *To:* Condor-Users Mail List
    *Subject:* Re: [Condor-users] No Credential____

    ____

    Does it provide any reason for why the operation failed?

    --
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxedu with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/



--
Condor Project Windows Developer