Mailing List Archives

Public Access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Authentication Errors

Thanks, I have updated the configuration but it will be at least a day until we get the new logs. 

Cheers,

Laurence

On 21/06/16 22:40, Zach Miller wrote:

Sure, in the condor configuration:

   STARTD_DEBUG  = D_SECURITY:2 D_COMMAND

Or if you want to really go nuts:

   STARTD_DEBUG =  D_ALL:2


The part that puzzled me in the earlier email was I didn't see any message about GSI failing, so it appears it wasn't attempted.  The full log should provide evidence one way or the other.


Cheers,
-zach




-----Original Message-----
From: HTCondor-users [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf
Of Laurence Field
Sent: Tuesday, June 21, 2016 3:33 PM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] Authentication Errors

Hi Zach,

What confuses me is that we are spawning many identical VMs with the
same configuration but only a few fail with this error. It should be
authenticating with GSI. I tested the proxy that should be there and it
seems fine. It will be difficult to get that output from affected
machines. Is there anything I can do to add more relevant information in
the StartLog?

Cheers,

Laurence

On 21/06/16 22:15, Zach Miller wrote:

It's not entirely clear from this short snippet, but the root problem

seems to be that authentication failed.

If authentication fails, no keys are exchanged, and so the Integrity and

Encryption will also be doomed to failure.

The FS authentication method only works locally because it uses the /tmp

directory for file creation.  Perhaps you meant to use GSI authentication?

If you want to take this off-list, you can email htcondor-

admin@xxxxxxxxxxx and include the output of:

    condor_config_val -dump SEC_

And I'll see if I see anything obviously incorrect there.


Cheers,
-zach



-----Original Message-----
From: HTCondor-users [mailto:htcondor-users-bounces@xxxxxxxxxxx] On

Behalf

Of Laurence Field
Sent: Tuesday, June 21, 2016 3:03 PM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: [HTCondor-users] Authentication Errors

Hi,

At least one of the VMs from vLHC@home is having authentication
problems. The StartLog is attached and the corresponding Collector log
is available if needed.

The relevant lines from the StartLog are:

06/19/16 22:49:11 SECMAN: enable_mac has no key to use, failing...
06/19/16 22:49:11 ERROR: SECMAN:2006:Failed to establish a crypto
key.|AUTHENTICATE:1004:Failed to authenticate using FS
06/19/16 22:49:11 CCBListener: connection to CCB server
alicondor01.cern.ch failed; will try to reconnect in 60 seconds.


Do you have any ideas why we get "SECMAN: enable_mac has no key to use,
failing..." ?

Cheers,

Laurence

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with

a

subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/