Re: [HTCondor-users] Submitting jobs from Windows machine

[Zachary Miller <zmiller@xxxxxxxxxxx>]

On Thu, Mar 12, 2015 at 02:43:44PM +1300, jcalitz wrote:
> Hi all
> 
> We have Linux, OSX and Windows machines in our condor pool.   So far, 
> job submissions were done from a some OSX and Linux machines only, which 
> worked fine.
> 
> Trying to submit a job from  a Windows machine(123.123.123.123) resulted 
> in this error message:
> ERROR: Failed to connect to local queue manager
> 
> and in the schedd log file:
> "authorization of 123.123.123.123 did not result in a valid mapped user 
> name, which is required for this command"
> 
> I presumed this points to our security mapfile mapping "condor" and 
> "admin" users only.  We have the following security config entries

That's part of the reason.


> SEC_CLIENT_AUTHENTICATION_METHODS = fs, ssl, password

The problem here is that now that you've added a Windows machine, your
list of methods the client can use doesn't include the default Windows
authentication mechanism, NTSSPI.  I would set:

  SEC_CLIENT_AUTHENTICATION_METHODS = fs, ntsspi, ssl, password

And you should be all set.


Longer answer:  Behind the scenes, the Linux and OSX daemons include FS as a
default (and not NTSSPI), and Windows daemons include NTSSPI (and not FS).
Your client list can include as many as you like... the server will reconcile
the two lists, so there's no "danger" in including NTSSPI on Linux and FS on
Windows.


Cheers,
-zach