[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Condor and active directory



I should point out however.  That the linux version of Condor doesn't support run_as_owner.   that option is Windows only.
-tj


On 3/30/2011 9:34 AM, Peter Ellevseth wrote:

Hi

Is this only valid for windows-machines? Our entire cluster is Linux based. We join with AD to get Samba to work.

 

These problems started showing up when we changed from NIS authentication to Centrify/AD.

 

I have tried making the local-folder for the condor user accessible for all (chmod 777), without any change.

 

Peter

 

From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of John (TJ) Knoeller
Sent: 30. mars 2011 16:18
To: Condor-Users Mail List
Subject: Re: [Condor-users] Condor and active directory

 

If you look in the Computer Management console under Local Users And Groups you will find one or more users called
condor-reuse-slotN.   That account should be a member of the group Users.  It is a local machine account and NOT logged in to the domain.  So it will have the same privileges as any other account on that machine that is a member of Users but is not a domain account.

Create a new account on the machine that doesn't have the same name and password as a domain account, make it a member of Users.  then Log in and see what you can do.

You can also explore the permissions of the slot user by running a condor job that tries things and reports the results.

You may find a tool called PsExec to be helpful in exploring.  it can create a command prompt that is logged in as a different user, even a remote user.   You can get psexec here http://technet.microsoft.com/en-us/sysinternals/bb896649


On 3/30/2011 6:57 AM, Peter Ellevseth wrote:

Hi

Thank you for answering. I am still not sure how to test the permissions of the “slot_ account”.

 

The StarterLog on the execute machine says

 

03/30 13:41:45 setting the orig job iwd in starter

03/30 13:41:45 get_file(): Failed to open file /home/condor/hosts/trd-sim03/execute/dir_31672/file.def, errno = 13: Permission denied.

03/30 13:41:45 get_file(): consumed 9185114 bytes of file transmission

03/30 13:41:45 DoDownload: consuming rest of transfer and failing after encountering the following error: STARTER at ..  failed to write to file /home/condor/hosts/trd-sim03/execute/dir_31672/file.def: (errno 13) Permission denied

03/30 13:41:45 WARNING: File /home/condor/hosts/trd-sim03/execute/dir_31672/file.def can not be accessed by Quill file transfer tracking.

03/30 13:41:45 File transfer failed (status=0).

03/30 13:41:45 ERROR "Failed to transfer files" at line 1942 in file jic_shadow.cpp

03/30 13:41:45 ShutdownFast all jobs.

 

Regards Peter

 

From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of John (TJ) Knoeller
Sent: 28. mars 2011 23:33
To: Condor-Users Mail List
Subject: Re: [Condor-users] Condor and active directory

 

On windows execute machines, the slot accounts are only used for jobs that are not run_as_owner. 

On Linux execute machine, I don't believe that run_as_owner is honored.  so the slot accounts would always be used.
so you need to check the permissions on the slot_xxx accounts on the linux execute machines to see if they can have access.

-tj

On 3/25/2011 5:39 AM, Peter Ellevseth wrote:

Hi
We have been running as owner yes. I am not sure if I know what you mean by slot_ account? How do I check these permissons?
 
Peter
 
Sent from my iPad
 
On 22. mars 2011, at 20:06, "Timothy St. Clair" <tstclair@xxxxxxxxxx> wrote:
 
Sounds like a permissions issue. 
 
Do your slot_ account have access?  
Are your jobs running as owner? 
 
Cheers,
Tim
 
On Mon, 2011-03-21 at 20:20 +0100, Peter Ellevseth wrote:
Hi
We are currently in the process of integrating our linux environment with our windows world. We are using centrify express to join our linux machines to our active directory domain. We are now experiencing problems with condor. No jobs want to start on machines that are joined to AD. Condor_q -better-analysis claims problems with JobVMMemory, while starterlog claims errno 13, condor is not allowed to write to the execute directoy. These machines worked before the introduction of AD. Does anyone have any experience with AD/centrify and condor? Or any other tips?
 
Peter
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
 
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
 
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
 
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
 
 
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
 
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
 
 
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
 
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
_______________________________________________ Condor-users mailing list To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a subject: Unsubscribe You can also unsubscribe by visiting https://lists.cs.wisc.edu/mailman/listinfo/condor-users The archives can be found at: https://lists.cs.wisc.edu/archive/condor-users/