[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Client fails to extract VOMS FQAN

Hi Max,

Iâm remote-debugging for a new group trying to use our CE. Due to the high latency of this, I was hoping someone else has seen (and solved) such a problem.

The group is using a local HTCondor to submit to our HTCondor-CE. However, it appears their FQAN is not read properly by their local Schedd.
Their `voms-proxy-info` shows the proper FQAN and extensions [0], but when they use any local Condor tools the FQAN cannot be read [1]:
	ZKM: VOMS FQAN not present (error 1), ignoring.

Are there any known reasons why HTCondor could fail to extract the VOMS FQANs? Does HTCondor require a specific certificate type, or libraries to read the VOMS FQAN?

Might it be that the message is misleading and that rather
the VOMS configuration for the given VO is absent or wrong
and that hence the FQANs are ignored?

What does the host have under /etc/grid-security/vomsdir
(or $X509_VOMS_DIR) for that VO?

[0] $ voms-proxy-info --fqan

[1] _CONDOR_TOOL_DEBUG=D_ALL condor_q -name htcondor-ce-1-kit.gridka.de -pool htcondor-ce-1-kit.gridka.de:9619 -debug
09/08/20 09:13:18 (fd:4) (pid:54888) (D_SECURITY) SECMAN: new session, doing initial authentication.
09/08/20 09:13:18 (fd:4) (pid:54888) (D_SECURITY) SECMAN: Auth methods: GSI
09/08/20 09:13:18 (fd:4) (pid:54888) (D_SECURITY) AUTHENTICATE: setting timeout for <[2a00-139c-3-2e5-0-61-1-6a]-9619&alias=htcondor-ce-1-kit.gridka.de&noUDP&sock=2207_1748_3> to 20.
09/08/20 09:13:18 (fd:4) (pid:54888) (D_SECURITY) HANDSHAKE: in handshake(my_methods = 'GSI')
09/08/20 09:13:18 (fd:4) (pid:54888) (D_SECURITY) HANDSHAKE: handshake() - i am the client
09/08/20 09:13:18 (fd:6) (pid:54888) (D_SECURITY) HANDSHAKE: sending (methods == 32) to server
09/08/20 09:13:18 (fd:6) (pid:54888) (D_SECURITY) HANDSHAKE: server replied (method = 32)
09/08/20 09:13:18 (fd:7) (pid:54888) (D_SECURITY) ZKM: VOMS FQAN not present (error 1), ignoring.
09/08/20 09:13:18 (fd:7) (pid:54888) (D_SECURITY) IPVERIFY: for htcondor-ce-1-kit.gridka.de matched to
09/08/20 09:13:18 (fd:7) (pid:54888) (D_SECURITY) valid GSS connection established to /C=DE/O=GermanGrid/OU=KIT/CN=htcondor-ce-1-kit.gridka.de
09/08/20 09:13:18 (fd:7) (pid:54888) (D_SECURITY) Authentication was a Success.