On Dec 20, 2018, at 2:45 PM, sjones <sjones@xxxxxxxxxxxxxxxx> wrote:
Hi Brian,
I've tried some of these things, and a few other things, but it's still not right.
No problem; this is only a test system. I think it's a compiler option. I think GSI might be getting commented out by #ifdefs (that's one theory, anyway.)
Cheers,
Ste
On 2018-12-20 17:26, Brian Bockelman wrote:
Hi Stephen,
The lines to focus on are these:
12/20/18 17:14:03 ZKM: 2: mapret: 0 included_voms: 1 canonical_user:
GSS_ASSIST_GRIDMAP
12/20/18 17:14:03 Globus-based mapping failed; will use gsi@unmapped.
This means that it tried to invoke Globus and something failed along the lines.
Given you say it never makes it Args:
1. Any sign it makes it to Globus libraries?
2. Any sign it Globus successfully handed off to libgsi_pep_callout.so?
3. Any sign the PEP callout did anything?
For (3), I believe there's a way (environment variable? PEP config?
... I forget) to increase the logging verbosity. That said, sometimes
I find "strace" the easiest way to determine some of these things.
Once we know where the ball gets dropped, we can target the debugging further.
Brian
On Dec 20, 2018, at 11:21 AM, Stephen Jones <sjones@xxxxxxxxxxxxxxxx> wrote:
Hi all,
I have a HTCondor-CE that contains a condor-mapfile that has GSS_ASSIST_GRIDMAP, to make a callout to ARGUS.
# cd /etc/condor-ce/
# cat condor_mapfile
GSI (.*) GSS_ASSIST_GRIDMAP
...
I've set the GSI_AUTHZ_CONF value to be right:
# echo $GSI_AUTHZ_CONF
/etc/grid-security/gsi-authz.conf
And the conf file file looks OK:
# cat /etc/grid-security/gsi-authz.conf
globus_mapping /usr/lib64/libgsi_pep_callout.so argus_pep_callout
And the library is installed:
# ls -lrt /usr/lib64/libgsi_pep_callout.so
lrwxrwxrwx 1 root root 27 Dec 20 16:22 /usr/lib64/libgsi_pep_callout.so -> libgsi_pep_callout.so.1.0.1
Yet, when I try it out, it never calls out to my ARGUS server:
12/20/18 17:14:03 ZKM: setting default map to gsi@unmapped
12/20/18 17:14:03 ZKM: name to map is '/C=UK/O=eScience/OU=Liverpool/L=CSD/CN=stephen jones'
12/20/18 17:14:03 ZKM: pre-map: current user is 'gsi'
12/20/18 17:14:03 ZKM: pre-map: current domain is 'unmapped'
12/20/18 17:14:03 ZKM: map file already loaded.
12/20/18 17:14:03 ZKM: attempting to map '/C=UK/O=eScience/OU=Liverpool/L=CSD/CN=stephen jones'
12/20/18 17:14:03 ZKM: GSI was used, and FQAN is present.
12/20/18 17:14:03 ZKM: 1: attempting to map '/C=UK/O=eScience/OU=Liverpool/L=CSD/CN=stephen jones,/dteam/Role=NULL/Capability=NULL,/dteam/NGI_UK/Role=NULL/Capability=NULL'
12/20/18 17:14:03 ZKM: 2: mapret: 0 included_voms: 1 canonical_user: GSS_ASSIST_GRIDMAP
12/20/18 17:14:03 Globus-based mapping failed; will use gsi@unmapped.
12/20/18 17:14:03 ZKM: post-map: current user is 'gsi'
12/20/18 17:14:03 ZKM: post-map: current domain is 'unmapped'
12/20/18 17:14:03 ZKM: post-map: current FQU is 'gsi@unmapped'
12/20/18 17:14:03 AUTHENTICATE: Exchanging keys with remote side.
12/20/18 17:14:03 AUTHENTICATE: Result of end of authenticate is 1.
12/20/18 17:14:03 DC_AUTHENTICATE: authentication of <138.253.178.91:13663> did not result in a valid mapped user name, which is required for this command (1112 QMGMT_WRITE_CMD), so aborting.
Does anyone know what might be stopping it?
Cheers,
Ste
--
Steve Jones sjones@xxxxxxxxxxxxxxxx
Grid System Administrator office: 220
High Energy Physics Division tel (int): 43396
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 3396
University of Liverpool http://www.liv.ac.uk/physics/hep/
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}