Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] Submit fails - RHEL 7 in NIS environment and FS authentication
- Date: Wed, 08 Jul 2015 20:10:21 +0000
- From: "Feldt, Andrew N." <afeldt@xxxxxx>
- Subject: Re: [HTCondor-users] Submit fails - RHEL 7 in NIS environment and FS authentication
Folks,
Ok, the NIS part turned out to be a red herring. The real issue is that Condor 8.2.8 does not work on RHEL 7 with SELinux enabled (verified by disabling SELinux temporarily where FS Authentication works just fine). I see that there is a ticket for this already at:
https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=5012
so I will put my RHEL 7 upgrade plans on hold until this is resolved (we have committed to run SELinux and have been doing so ever since RHEL 6 came out).
Andy
> On Jun 30, 2015, at 12:25 PM, Andy Feldt <afeldt@xxxxxx> wrote:
>
> Folks,
>
> Does anyone run RHEL 7 with NIS and attempt to use FS authentication with Condor? I have been trying to set up a test system and I have Condor starting properly, but when I try to submit a job from this system, I get:
>
> ERROR: Failed to connect to local queue manager
> AUTHENTICATE:1003:Failed to authenticate with any method
> AUTHENTICATE:1004:Failed to authenticate using FS
>
> I turned on debugging (and restricted authentication to only FS) via the following config:
>
> SEC_DEFAULT_AUTHENTICATION_METHODS = FS
> SCHEDD_DEBUG = $(SCHEDD_DEBUG) D_FULLDEBUG D_SECURITY
> TOOL_DEBUG = $(TOOL_DEBUG) D_FULLDEBUG D_SECURITY
>
> and, I then find the following in the SchedLog file:
>
> 06/30/15 11:00:52 (pid:3046) FS: client template is /tmp/FS_XXXXXXXXX
> 06/30/15 11:00:52 (pid:3046) FS: client filename is /tmp/FS_XXXGS7c9Q
> 06/30/15 11:00:52 (pid:3046) AUTHENTICATE_FS: used dir /tmp/FS_XXXGS7c9Q, status: 0
> 06/30/15 11:00:52 (pid:3046) AUTHENTICATE: method 4 (FS) failed.
> â
> 06/30/15 11:00:52 (pid:3046) DC_AUTHENTICATE: reason for authentication failure: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXGS7c9Q)
>
> This is for a valid, logged in user in my NIS password map. There are other entries later for the local Condor user (which is in /etc/passwd) which show that it authenticates just fine with FS authentication:
>
> 06/30/15 11:57:05 (pid:3046) FS: client template is /tmp/FS_XXXXXXXXX
> 06/30/15 11:57:05 (pid:3046) FS: client filename is /tmp/FS_XXXmNulOS
> 06/30/15 11:57:05 (pid:3046) AUTHENTICATE_FS: used dir /tmp/FS_XXXmNulOS, status: 1
> 06/30/15 11:57:05 (pid:3046) AUTHENTICATE: auth_status == 4 (FS)
> 06/30/15 11:57:05 (pid:3046) Authentication was a Success.
> 06/30/15 11:57:05 (pid:3046) ZKM: setting default map to condor@xxxxxxxxxx
> 06/30/15 11:57:05 (pid:3046) ZKM: post-map: current user is 'condor'
> 06/30/15 11:57:05 (pid:3046) ZKM: post-map: current domain is 'nhn.ou.edu'
> 06/30/15 11:57:05 (pid:3046) ZKM: post-map: current FQU is 'condor@xxxxxxxxxx'
> 06/30/15 11:57:05 (pid:3046) DC_AUTHENTICATE: authentication of 129.15.31.37 complete.
>
> So, local users (which my ordinary users are not) work fine, but NIS users (which all my ordinary users are) fail.
>
> I have tried running nscd (which I have to run on my RHEL 6 systems to let Condor function), but this does not help.
>
> I would be happy to hear any suggestions!
>
> Andy
>
>