[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Don't understand HoldReason msg

Ralph, is your admin account a domain account (e.g., active directory). If not the admin account has to be available on all machines.  Also make sure you set ALLOW_ADMINISTRATOR = Administrator@*, rfinch@*.


Here is an excerpt from the condor manual:


If the administrative account is shared across all machines, that is if it is a domain account

or has the same password on all machines, logging in separately to each machine in the pool can be

avoided. Instead, the pool password can be securely pushed out for each Windows machine using a

command of the form

condor_store_cred add -c -n exec01.cs.wisc.edu




From: htcondor-users-bounces@xxxxxxxxxxx [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of Ralph Finch
Sent: Tuesday, January 15, 2013 12:35 PM
To: HTCondor-Users Mail List
Subject: Re: [HTCondor-users] Don't understand HoldReason msg


I am making progress, the log file is now working, but I cannot get the command

condor_store_cred add -c -n <machine name> –p <pool password>

to work except on the master machine. On other machines it says

Operation failed.
    Make sure you have CONFIG access to the target Master.

I have the following in the condor_config of the master (with other CREDD lines, omitted here):

ALLOW_CONFIG = Administrator@*, rfinch@*
CRED_SUPER_USERS = Administrator@*, rfinch@*, condor_pool@*

I tried running the condor_store_cred add -c -n <machine name> –p <pool password> command from a command window with Admin privs but that didn't help.  Any ideas?

Ralph Finch

Calif. Dept. of Water Resources

On Tue, Jan 15, 2013 at 7:39 AM, Michael O'Donnell <odonnellm@xxxxxxxx> wrote:

User condor_pool is not an actual Windows user, right?

The condor_pool is not an active directory user. This is the condor pool user, which is used by the daemons to communicate between each other. The pool password is required if you require the password credentials. E.g., SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD



condor_store_cred add -c -n <machine name> –p <pool password>


I generally script this based on a list of machines via Python, since our pool has 120 machines or so.


After running these commands you need to run a reconfig.

condor_reconfig -all