Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] pool authorization failing
- Date: Tue, 01 Dec 2020 16:39:46 +0000
- From: "Bockelman, Brian" <BBockelman@xxxxxxxxxxxxx>
- Subject: Re: [HTCondor-users] pool authorization failing
Hi Thomas,
Can you capture the first instance of the PERMISSION DENIED message? That'll indicate which domain and IP addresses is being used by HTCondor for the hostname.
Could be a failure of reverse DNS, for example.
:) In general, I'd nudge on trying out IDTOKENS and not relying on DNS. A challenge for a different day, however!
Brian
> On Dec 1, 2020, at 10:36 AM, Thomas Hartmann <thomas.hartmann@xxxxxxx> wrote:
>
> Hi all,
>
> our collector has started to disallow all remote daemons [1] although the policy has not changed and should be pretty relaxed with
> ALLOW_WRITE = *.$(UID_DOMAIN)
> ALLOW_READ = *.$(UID_DOMAIN)
>
> The version was recently updated and looks like [2]
>
> Cheers and thanks for any ideas,
> Thomas
>
> [1]
> > /var/log/condor/CollectorLog
> ...
> 12/01/20 17:32:37 Query info: matched=0; skipped=1; query_time=0.000041; send_time=0.000030; type=Scheduler; requirements={((Name == "grid-arcce1.desy.de" || Machine == "grid-arcce1.desy.de"))}; locate=0; limit=0; from=TOOL; peer=<131.169.223.111:11673>; projection={Machine Name TotalIdleJobs TotalRunningJobs}; filter_private_ads=1
> 12/01/20 17:32:37 PERMISSION DENIED to unauthenticated@unmapped from host 131.169.161.34 for command 2 (UPDATE_MASTER_AD), access level ADVERTISE_MASTER: reason: cached result for ADVERTISE_MASTER; see first case for the full reason
> 12/01/20 17:32:37 DC_AUTHENTICATE: Command not authorized, done!
> 12/01/20 17:32:37 PERMISSION DENIED to unauthenticated@unmapped from host 131.169.163.155 for command 2 (UPDATE_MASTER_AD), access level ADVERTISE_MASTER: reason: cached result for ADVERTISE_MASTER; see first case for the full reason
>
>
> [2]
> condor-classads-8.9.10-1.el7.x86_64
> python3-condor-8.9.10-1.el7.x86_64
> condor-8.9.10-1.el7.x86_64
> python2-condor-8.9.10-1.el7.x86_64
> condor-procd-8.9.10-1.el7.x86_64
> condor-externals-8.9.10-1.el7.x86_64
>
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/