[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Submit fails - RHEL 7 in NIS environment and FS authentication


Ok, the NIS part turned out to be a red herring.  The real issue is that Condor 8.2.8 does not work on RHEL 7 with SELinux enabled (verified by disabling SELinux temporarily where FS Authentication works just fine).  I see that there is a ticket for this already at:


so I will put my RHEL 7 upgrade plans on hold until this is resolved (we have committed to run SELinux and have been doing so ever since RHEL 6 came out).


> On Jun 30, 2015, at 12:25 PM, Andy Feldt <afeldt@xxxxxx> wrote:
> Folks,
> Does anyone run RHEL 7 with NIS and attempt to use FS authentication with Condor?  I have been trying to set up a test system and I have Condor starting properly, but when I try to submit a job from this system, I get:
> ERROR: Failed to connect to local queue manager
> AUTHENTICATE:1003:Failed to authenticate with any method
> AUTHENTICATE:1004:Failed to authenticate using FS
> I turned on debugging (and restricted authentication to only FS) via the following config:
> and, I then find the following in the SchedLog file:
> 06/30/15 11:00:52 (pid:3046) FS: client template is /tmp/FS_XXXXXXXXX
> 06/30/15 11:00:52 (pid:3046) FS: client filename is /tmp/FS_XXXGS7c9Q
> 06/30/15 11:00:52 (pid:3046) AUTHENTICATE_FS: used dir /tmp/FS_XXXGS7c9Q, status: 0
> 06/30/15 11:00:52 (pid:3046) AUTHENTICATE: method 4 (FS) failed.
> â
> 06/30/15 11:00:52 (pid:3046) DC_AUTHENTICATE: reason for authentication failure: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXGS7c9Q)
> This is for a valid, logged in user in my NIS password map.  There are other entries later for the local Condor user (which is in /etc/passwd) which show that it authenticates just fine with FS authentication:
> 06/30/15 11:57:05 (pid:3046) FS: client template is /tmp/FS_XXXXXXXXX
> 06/30/15 11:57:05 (pid:3046) FS: client filename is /tmp/FS_XXXmNulOS
> 06/30/15 11:57:05 (pid:3046) AUTHENTICATE_FS: used dir /tmp/FS_XXXmNulOS, status: 1
> 06/30/15 11:57:05 (pid:3046) AUTHENTICATE: auth_status == 4 (FS)
> 06/30/15 11:57:05 (pid:3046) Authentication was a Success.
> 06/30/15 11:57:05 (pid:3046) ZKM: setting default map to condor@xxxxxxxxxx
> 06/30/15 11:57:05 (pid:3046) ZKM: post-map: current user is 'condor'
> 06/30/15 11:57:05 (pid:3046) ZKM: post-map: current domain is 'nhn.ou.edu'
> 06/30/15 11:57:05 (pid:3046) ZKM: post-map: current FQU is 'condor@xxxxxxxxxx'
> 06/30/15 11:57:05 (pid:3046) DC_AUTHENTICATE: authentication of complete.
> So, local users (which my ordinary users are not) work fine, but NIS users (which all my ordinary users are) fail.
> I have tried running nscd (which I have to run on my RHEL 6 systems to let Condor function), but this does not help.
> I would be happy to hear any suggestions!
> Andy