Hello all, I've been using HTCondor for a few years now, but this is my first time asking for advice on this mailing list. My setup is a cluster made out of a CentOS headnode with compute nodes being either stateless CentOS or stateful Windows provisionned by xCAT. Since 9.0.0, I've been trying to implement the new IDTOKENS security to my configuration. It works for Linux compute nodes, but I'm still hitting a wall for Windows nodes. On Windows, the HTCondor client is installed unattended by SYSTEM prior to first login. Other than feeding the unattended msi installation and copy/pasting a pre-made config file in C:\condor\config\, no other post-configuration or condor commands are used. Attached are all the condor_config_val -summary for all 3 node types. I've also attached the Window's MasterLog when trying to ask for an IDTOKEN. This is probably the important part: -------------------------------------- 11/04/21 10:17:54 PW.
11/04/21 10:17:54 PW: getting name. 11/04/21 10:17:54 IDTOKENS: Examining C:\Condor\tokens.d\admin for valid tokens from issuer sms1. 11/04/21 10:17:54 TOKEN: No token found. 11/04/21 10:17:54 PW: Failed to fetch a login name 11/04/21 10:17:54 PW: Generating ra. 11/04/21 10:17:54 PW: Client sending. 11/04/21 10:17:54 Client error: NULL in send? 11/04/21 10:17:54 Client sending: -1, 0(), 0 11/04/21 10:17:54 PW: Client receiving. 11/04/21 10:17:54 Server sent status indicating not OK. 11/04/21 10:17:54 PW: Client received ERROR from server, propagating 11/04/21 10:17:54 PW: CLient sending two. 11/04/21 10:17:54 In client_send_two. 11/04/21 10:17:54 Client error: don't know my own name? 11/04/21 10:17:54 Can't send null for random string. 11/04/21 10:17:54 Client error: I have no name? 11/04/21 10:17:54 Client sending: 0() 0 0 11/04/21 10:17:54 Sent ok. 11/04/21 10:17:54 AUTHENTICATE: method 2048 (IDTOKENS) failed. -------------------------------------- So, the client doesn't know his own name apparently. Must have been a severe concussion. The problem might also be related to not finding a valid token in C:\Condor\tokens.d\admin. Maybe because he is trying to search for a "" name in there. Also, no token request is listed on the headnode for that compute node. Either it's the "" name or the admin file being the problem, I do not know which or how to fix this. Any ideas would be appreciated. Thanks! Martin Beaumont |
# condor_config_val $CondorVersion: 9.0.6 Sep 23 2021 BuildID: 557184 PackageID: 9.0.6-1 $ # # from /etc/condor/condor_config # LOCAL_DIR = /var LOCAL_CONFIG_FILE = /etc/condor/condor_config.local REQUIRE_LOCAL_CONFIG_FILE = false LOCAL_CONFIG_DIR = /usr/share/condor/config.d,/etc/condor/config.d RUN = $(LOCAL_DIR)/run/condor LOG = $(LOCAL_DIR)/log/condor LOCK = $(LOCAL_DIR)/lock/condor SPOOL = $(LOCAL_DIR)/lib/condor/spool EXECUTE = $(LOCAL_DIR)/lib/condor/execute LIB = $(RELEASE_DIR)/lib64/condor INCLUDE = $(RELEASE_DIR)/include/condor LIBEXEC = $(RELEASE_DIR)/libexec/condor SHARE = $(RELEASE_DIR)/share/condor PROCD_ADDRESS = $(RUN)/procd_pipe JAVA_CLASSPATH_DEFAULT = $(SHARE) . # # from /etc/condor/config.d/00-htcondor-9.0.config # SEC_READ_AUTHENTICATION = OPTIONAL SEC_READ_ENCRYPTION = OPTIONAL SEC_READ_INTEGRITY = OPTIONAL SECURITY_MODEL = 9.0 # # from /etc/condor/config.d/01-common.config # CONDOR_HOST = sms1 # # from /etc/condor/config.d/02-role-execute.config # ALLOW_ADMINISTRATOR = root@* condor@$(TRUST_DOMAIN) ALLOW_DAEMON = condor@$(TRUST_DOMAIN) ALLOW_NEGOTIATOR = condor@$(TRUST_DOMAIN) ALLOW_OWNER = root@* condor@$(TRUST_DOMAIN) ALLOW_READ = * ALLOW_WRITE = condor@$(TRUST_DOMAIN) DAEMON_LIST = MASTER STARTD SEC_CLIENT_AUTHENTICATION_METHODS = IDTOKENS, FS, ANONYMOUS SEC_DEFAULT_AUTHENTICATION = required SEC_DEFAULT_AUTHENTICATION_METHODS = IDTOKENS, FS SEC_DEFAULT_ENCRYPTION = required SEC_DEFAULT_INTEGRITY = required SEC_READ_AUTHENTICATION_METHODS = IDTOKENS, FS, ANONYMOUS TRUST_DOMAIN = $(CONDOR_HOST) UID_DOMAIN = sms1 TRUST_UID_DOMAIN = TRUE STARTD_CRON_CPU_NAME_EXECUTABLE = $(LIBEXEC)/cpu_name.sh STARTD_CRON_CPU_NAME_PERIOD = 48h DedicatedScheduler = "DedicatedScheduler@sms1" WANT_VACATE = False RANK = Scheduler =?= $(DedicatedScheduler) MOUNT_UNDER_SCRATCH = /tmp NUM_SLOTS = 1 NUM_SLOTS_TYPE_1 = 1 SLOT_TYPE_1 = auto SLOT_TYPE_1_PARTITIONABLE = True ENVIRONMENT_FOR_AssignedGPUs = GPU_DEVICE_ORDINAL=/(CUDA|OCL)// CUDA_VISIBLE_DEVICES=/CUDA// ENVIRONMENT_VALUE_FOR_UnAssignedGPUs = 10000 MACHINE_RESOURCE_INVENTORY_GPUs = $(LIBEXEC)/condor_gpu_discovery -properties $(GPU_DISCOVERY_EXTRA) STARTD_CRON_GPUs_MONITOR_EXECUTABLE = $(GPU_MONITOR) STARTD_CRON_GPUs_MONITOR_METRICS = SUM:GPUs, PEAK:GPUsMemory STARTD_CRON_GPUs_MONITOR_MODE = WaitForExit STARTD_CRON_GPUs_MONITOR_PERIOD = 1 STARTD_CRON_JOBLIST = CPU_NAME GPUs_MONITOR STARTD_JOB_ATTRS = GPUsUsage GPUsMemoryUsage
# condor_config_val $CondorVersion: 9.0.6 Sep 23 2021 BuildID: 557184 PackageID: 9.0.6-1 $ # # from /etc/condor/condor_config # LOCAL_DIR = /var LOCAL_CONFIG_FILE = /etc/condor/condor_config.local REQUIRE_LOCAL_CONFIG_FILE = false LOCAL_CONFIG_DIR = /usr/share/condor/config.d,/etc/condor/config.d RUN = $(LOCAL_DIR)/run/condor LOG = $(LOCAL_DIR)/log/condor LOCK = $(LOCAL_DIR)/lock/condor SPOOL = $(LOCAL_DIR)/lib/condor/spool EXECUTE = $(LOCAL_DIR)/lib/condor/execute LIB = $(RELEASE_DIR)/lib64/condor INCLUDE = $(RELEASE_DIR)/include/condor LIBEXEC = $(RELEASE_DIR)/libexec/condor SHARE = $(RELEASE_DIR)/share/condor PROCD_ADDRESS = $(RUN)/procd_pipe JAVA_CLASSPATH_DEFAULT = $(SHARE) . # # from /etc/condor/config.d/00-htcondor-9.0.config # SEC_READ_AUTHENTICATION = OPTIONAL SEC_READ_ENCRYPTION = OPTIONAL SEC_READ_INTEGRITY = OPTIONAL SECURITY_MODEL = 9.0 # # from /etc/condor/config.d/01-common.config # CONDOR_HOST = sms1 # # from /etc/condor/config.d/02-role-central-manager.config # CONDOR_DEVELOPERS = NONE # # from /etc/condor/config.d/02-role-execute.config # UID_DOMAIN = sms1 TRUST_UID_DOMAIN = TRUE STARTD_CRON_CPU_NAME_EXECUTABLE = $(LIBEXEC)/cpu_name.sh STARTD_CRON_CPU_NAME_PERIOD = 48h DedicatedScheduler = "DedicatedScheduler@sms1" WANT_VACATE = False RANK = Scheduler =?= $(DedicatedScheduler) MOUNT_UNDER_SCRATCH = /tmp NUM_SLOTS = 1 NUM_SLOTS_TYPE_1 = 1 SLOT_TYPE_1 = auto SLOT_TYPE_1_PARTITIONABLE = True ENVIRONMENT_FOR_AssignedGPUs = GPU_DEVICE_ORDINAL=/(CUDA|OCL)// CUDA_VISIBLE_DEVICES=/CUDA// ENVIRONMENT_VALUE_FOR_UnAssignedGPUs = 10000 MACHINE_RESOURCE_INVENTORY_GPUs = $(LIBEXEC)/condor_gpu_discovery -properties $(GPU_DISCOVERY_EXTRA) STARTD_CRON_GPUs_MONITOR_EXECUTABLE = $(GPU_MONITOR) STARTD_CRON_GPUs_MONITOR_METRICS = SUM:GPUs, PEAK:GPUsMemory STARTD_CRON_GPUs_MONITOR_MODE = WaitForExit STARTD_CRON_GPUs_MONITOR_PERIOD = 1 STARTD_CRON_JOBLIST = CPU_NAME GPUs_MONITOR STARTD_JOB_ATTRS = GPUsUsage GPUsMemoryUsage # # from /etc/condor/config.d/02-role-submit.config # ALLOW_ADMINISTRATOR = root@* condor@$(TRUST_DOMAIN) ALLOW_DAEMON = condor@$(TRUST_DOMAIN) ALLOW_NEGOTIATOR = condor@$(TRUST_DOMAIN) ALLOW_OWNER = root@* condor@$(TRUST_DOMAIN) ALLOW_READ = * SEC_CLIENT_AUTHENTICATION_METHODS = IDTOKENS, FS, ANONYMOUS SEC_DEFAULT_AUTHENTICATION = required SEC_DEFAULT_AUTHENTICATION_METHODS = IDTOKENS, FS SEC_DEFAULT_ENCRYPTION = required SEC_DEFAULT_INTEGRITY = required SEC_READ_AUTHENTICATION_METHODS = IDTOKENS, FS, ANONYMOUS TRUST_DOMAIN = $(CONDOR_HOST) MAX_JOBS_PER_OWNER = 200000000 MAX_RUNNING_SCHEDULER_JOBS_PER_OWNER = 100000 MAX_JOBS_PER_SUBMISSION = 500000 MAX_CONCURRENT_DOWNLOADS = 0 MAX_CONCURRENT_UPLOADS = 0 # # from /etc/condor/config.d/04-feature-defrag.config # DAEMON_LIST = MASTER COLLECTOR NEGOTIATOR STARTD SCHEDD DEFRAG DEFRAG_INTERVAL = 30 DEFRAG_UPDATE_INTERVAL = 15 # # from /etc/condor/config.d/04-feature-flocking.config # ALLOW_WRITE = condor@$(TRUST_DOMAIN) *, 10.* FLOCK_TO = ALLOW_NEGOTIATOR_SCHEDD = $(CONDOR_HOST), $(FLOCK_NEGOTIATOR_HOSTS), $(IP_ADDRESS) FLOCK_FROM = ALLOW_WRITE_COLLECTOR = $(ALLOW_WRITE), $(FLOCK_FROM) ALLOW_WRITE_STARTD = $(ALLOW_WRITE), $(FLOCK_FROM) ALLOW_READ_COLLECTOR = $(ALLOW_READ), $(FLOCK_FROM) ALLOW_READ_STARTD = $(ALLOW_READ), $(FLOCK_FROM) # # from /etc/condor/config.d/04-feature-preemption.config # ALLOW_PSLOT_PREEMPTION = True
# condor_config_val $CondorVersion: 9.2.0 Sep 23 2021 BuildID: 557262 $ # # from C:\Condor\condor_config # RELEASE_DIR = C:\Condor LOCAL_CONFIG_DIR = $(LOCAL_DIR)\config SEC_READ_AUTHENTICATION = OPTIONAL SEC_READ_ENCRYPTION = OPTIONAL SEC_READ_INTEGRITY = OPTIONAL SECURITY_MODEL = 9.0 INSTALL_USER = SYSTEM CONDOR_HOST = 10.140.255.254 MaxJobRetirementTime = 2147483647 NEGOTIATOR_CONSIDER_PREEMPTION = False MASTER_DEBUG = D_SECURITY # # from C:\Condor\config\02-role-execute.config # ALLOW_ADMINISTRATOR = root@* condor@$(TRUST_DOMAIN) ALLOW_DAEMON = condor@$(TRUST_DOMAIN) ALLOW_NEGOTIATOR = condor@$(TRUST_DOMAIN) ALLOW_OWNER = root@* condor@$(TRUST_DOMAIN) ALLOW_READ = * ALLOW_WRITE = condor@$(TRUST_DOMAIN) DAEMON_LIST = MASTER STARTD STARTD SEC_CLIENT_AUTHENTICATION_METHODS = IDTOKENS, FS, ANONYMOUS SEC_DEFAULT_AUTHENTICATION = required SEC_DEFAULT_AUTHENTICATION_METHODS = IDTOKENS, FS SEC_DEFAULT_ENCRYPTION = required SEC_DEFAULT_INTEGRITY = required SEC_READ_AUTHENTICATION_METHODS = IDTOKENS, FS, ANONYMOUS TRUST_DOMAIN = $(CONDOR_HOST) UID_DOMAIN = sms1 TRUST_UID_DOMAIN = TRUE STARTD_CRON_CPU_NAME_EXECUTABLE = C:\Condor\classads\cpu_name.bat STARTD_CRON_CPU_NAME_PERIOD = 48h DedicatedScheduler = "DedicatedScheduler@sms1" WANT_VACATE = False RANK = Scheduler =?= $(DedicatedScheduler) MOUNT_UNDER_SCRATCH = /tmp NUM_SLOTS = 1 NUM_SLOTS_TYPE_1 = 1 SLOT_TYPE_1 = auto SLOT_TYPE_1_PARTITIONABLE = True ENVIRONMENT_FOR_AssignedGPUs = GPU_DEVICE_ORDINAL=/(CUDA|OCL)// CUDA_VISIBLE_DEVICES=/CUDA// ENVIRONMENT_VALUE_FOR_UnAssignedGPUs = 10000 MACHINE_RESOURCE_INVENTORY_GPUs = $(LIBEXEC)/condor_gpu_discovery -properties $(GPU_DISCOVERY_EXTRA) STARTD_CRON_GPUs_MONITOR_EXECUTABLE = $(GPU_MONITOR) STARTD_CRON_GPUs_MONITOR_METRICS = SUM:GPUs, PEAK:GPUsMemory STARTD_CRON_GPUs_MONITOR_MODE = WaitForExit STARTD_CRON_GPUs_MONITOR_PERIOD = 1 STARTD_CRON_JOBLIST = CPU_NAME GPUs_MONITOR STARTD_JOB_ATTRS = GPUsUsage GPUsMemoryUsage
11/04/21 11:00:53 All daemons are gone. Exiting. 11/04/21 11:00:54 ****************************************************** 11/04/21 11:00:54 ** condor (CONDOR_MASTER) STARTING UP 11/04/21 11:00:54 ** C:\Condor\bin\condor_master.exe 11/04/21 11:00:54 ** SubsystemInfo: name=MASTER type=MASTER(2) class=DAEMON(1) 11/04/21 11:00:54 ** Configuration: subsystem:MASTER local:<NONE> class:DAEMON 11/04/21 11:00:54 ** $CondorVersion: 9.2.0 Sep 23 2021 BuildID: 557262 $ 11/04/21 11:00:54 ** $CondorPlatform: x86_64_Windows10 $ 11/04/21 11:00:54 ** PID = 844 11/04/21 11:00:54 ** Log last touched 11/4 11:00:53 11/04/21 11:00:54 ****************************************************** 11/04/21 11:00:54 Using config source: C:\Condor\condor_config 11/04/21 11:00:54 Using local config sources: 11/04/21 11:00:54 C:\Condor\config\02-role-execute.config 11/04/21 11:00:54 config Macros = 72, Sorted = 72, StringBytes = 2095, TablesBytes = 2640 11/04/21 11:00:54 CLASSAD_CACHING is OFF 11/04/21 11:00:54 Daemon Log is logging: D_ALWAYS D_ERROR D_SECURITY 11/04/21 11:00:54 Inserting pre-auth metadata for TOKEN. 11/04/21 11:00:54 Inserting pre-auth metadata for TOKEN. 11/04/21 11:00:54 SECMAN: created non-negotiated security session family:725268bf4521ad0035ecbf85f3a0236d7be10787ec6659c4 for 0 (inf) seconds. 11/04/21 11:00:54 SECMAN: now creating non-negotiated command mappings 11/04/21 11:00:54 IpVerify::PunchHole: opened DAEMON level to condor@family 11/04/21 11:00:54 IpVerify::PunchHole: opened WRITE level to condor@family 11/04/21 11:00:54 IpVerify::PunchHole: opened READ level to condor@family 11/04/21 11:00:54 IpVerify::PunchHole: open count at level READ for condor@family now 2 11/04/21 11:00:54 IpVerify::PunchHole: opened ADVERTISE_MASTER level to condor@family 11/04/21 11:00:54 IpVerify::PunchHole: opened ADVERTISE_SCHEDD level to condor@family 11/04/21 11:00:54 IpVerify::PunchHole: opened ADVERTISE_STARTD level to condor@family 11/04/21 11:00:54 IpVerify::PunchHole: opened NEGOTIATOR level to condor@family 11/04/21 11:00:54 IpVerify::PunchHole: open count at level READ for condor@family now 3 11/04/21 11:00:54 IpVerify::PunchHole: opened CLIENT level to condor@family 11/04/21 11:00:54 SharedPortEndpoint: failed to open C:\Condor\log/shared_port_ad: No such file or directory 11/04/21 11:00:54 SharedPortEndpoint: did not successfully find SharedPortServer address. Will retry in 60s. 11/04/21 11:00:54 DaemonCore: private command socket at <10.140.0.4:0?alias=compute4&sock=master_844_a1e6> 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission ALLOW 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission READ 11/04/21 11:00:54 IPVERIFY: allow READ: * (from config value ALLOW_READ) 11/04/21 11:00:54 ipverify: READ optimized to allow anyone 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission WRITE 11/04/21 11:00:54 IPVERIFY: allow WRITE: condor@xxxxxxxxxxxxxx (from config value ALLOW_WRITE) 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission NEGOTIATOR 11/04/21 11:00:54 IPVERIFY: allow NEGOTIATOR: condor@xxxxxxxxxxxxxx (from config value ALLOW_NEGOTIATOR) 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission ADMINISTRATOR 11/04/21 11:00:54 IPVERIFY: allow ADMINISTRATOR: root@* condor@xxxxxxxxxxxxxx (from config value ALLOW_ADMINISTRATOR) 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission OWNER 11/04/21 11:00:54 IPVERIFY: allow OWNER: root@* condor@xxxxxxxxxxxxxx (from config value ALLOW_OWNER) 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission CONFIG 11/04/21 11:00:54 ipverify: CONFIG optimized to deny everyone 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission DAEMON 11/04/21 11:00:54 IPVERIFY: allow DAEMON: condor@xxxxxxxxxxxxxx (from config value ALLOW_DAEMON) 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission SOAP 11/04/21 11:00:54 ipverify: SOAP optimized to deny everyone 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission DEFAULT 11/04/21 11:00:54 ipverify: DEFAULT optimized to deny everyone 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission CLIENT 11/04/21 11:00:54 IPVERIFY: allow CLIENT: * (from config value ALLOW_CLIENT) 11/04/21 11:00:54 ipverify: CLIENT optimized to allow anyone 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission ADVERTISE_STARTD 11/04/21 11:00:54 IPVERIFY: allow ADVERTISE_STARTD: condor@xxxxxxxxxxxxxx (from config value ALLOW_DAEMON) 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission ADVERTISE_SCHEDD 11/04/21 11:00:54 IPVERIFY: allow ADVERTISE_SCHEDD: condor@xxxxxxxxxxxxxx (from config value ALLOW_DAEMON) 11/04/21 11:00:54 IPVERIFY: Subsystem MASTER 11/04/21 11:00:54 IPVERIFY: Permission ADVERTISE_MASTER 11/04/21 11:00:54 IPVERIFY: allow ADVERTISE_MASTER: condor@xxxxxxxxxxxxxx (from config value ALLOW_DAEMON) 11/04/21 11:00:54 Adding SHARED_PORT to DAEMON_LIST, because USE_SHARED_PORT=true (to disable this, set AUTO_INCLUDE_SHARED_PORT_IN_DAEMON_LIST=False) 11/04/21 11:00:54 Master restart (GRACEFUL) is watching C:\Condor\bin\condor_master.exe (mtime:1632430220) 11/04/21 11:00:54 Adding/Checking Windows firewall exceptions for all daemons 11/04/21 11:00:54 Cannot remove wait-for-startup file C:\Condor\log/shared_port_ad 11/04/21 11:00:54 Starting shared port with port: 9618 11/04/21 11:00:54 Inserting pre-auth metadata for TOKEN. 11/04/21 11:00:54 Inserting pre-auth metadata for TOKEN. 11/04/21 11:00:54 SECMAN: created non-negotiated security session c0fbcda00a71e4d30614247ba2e821990b9b2656c9372e77 for 0 (inf) seconds. 11/04/21 11:00:54 SECMAN: now creating non-negotiated command mappings 11/04/21 11:00:54 IpVerify::PunchHole: opened DAEMON level to condor@child 11/04/21 11:00:54 IpVerify::PunchHole: opened WRITE level to condor@child 11/04/21 11:00:54 IpVerify::PunchHole: opened READ level to condor@child 11/04/21 11:00:54 IpVerify::PunchHole: open count at level READ for condor@child now 2 11/04/21 11:00:54 IpVerify::PunchHole: opened CLIENT level to condor@child 11/04/21 11:00:54 SECMAN: exporting session info for c0fbcda00a71e4d30614247ba2e821990b9b2656c9372e77: [Encryption="YES";Integrity="YES";ValidCommands="60000,60008,60002,60003,60026,60017,60046,60047,60048,60049,60050,60004,60012,60021,60052,60043,60007,457,60020,60044";CryptoMethodsList="AES.BLOWFISH.3DES";CryptoMethods="BLOWFISH";ShortVersion="9.2.0";] 11/04/21 11:00:54 SECMAN: exporting session info for family:725268bf4521ad0035ecbf85f3a0236d7be10787ec6659c4: [Encryption="YES";Integrity="YES";CryptoMethodsList="AES.BLOWFISH.3DES";CryptoMethods="BLOWFISH";ShortVersion="9.2.0";] 11/04/21 11:00:54 Started DaemonCore process "C:\Condor\bin\condor_shared_port.exe", pid and pgroup = 3760 11/04/21 11:00:54 Waiting for C:\Condor\log/shared_port_ad to appear. 11/04/21 11:00:54 DC_AUTHENTICATE: received DC_AUTHENTICATE from <10.140.0.4:50972> 11/04/21 11:00:54 DC_AUTHENTICATE: resuming session id c0fbcda00a71e4d30614247ba2e821990b9b2656c9372e77: 11/04/21 11:00:54 DC_AUTHENTICATE: encryption enabled for session c0fbcda00a71e4d30614247ba2e821990b9b2656c9372e77 11/04/21 11:00:54 DC_AUTHENTICATE: message authenticator enabled with key id c0fbcda00a71e4d30614247ba2e821990b9b2656c9372e77. 11/04/21 11:00:54 DC_AUTHENTICATE: Success. 11/04/21 11:00:54 PERMISSION GRANTED to condor@child from host 10.140.0.4 for command 60008 (DC_CHILDALIVE), access level DAEMON: reason: DAEMON authorization has been made automatic for condor@child 11/04/21 11:00:54 Found C:\Condor\log/shared_port_ad. 11/04/21 11:00:54 Inserting pre-auth metadata for TOKEN. 11/04/21 11:00:54 Inserting pre-auth metadata for TOKEN. 11/04/21 11:00:54 SECMAN: created non-negotiated security session 57aa5fae7048b97ec99684474b9545cc697329471530b601 for 0 (inf) seconds. 11/04/21 11:00:54 SECMAN: now creating non-negotiated command mappings 11/04/21 11:00:54 IpVerify::PunchHole: open count at level DAEMON for condor@child now 2 11/04/21 11:00:54 IpVerify::PunchHole: open count at level WRITE for condor@child now 2 11/04/21 11:00:54 IpVerify::PunchHole: open count at level READ for condor@child now 3 11/04/21 11:00:54 IpVerify::PunchHole: open count at level READ for condor@child now 4 11/04/21 11:00:54 IpVerify::PunchHole: open count at level CLIENT for condor@child now 2 11/04/21 11:00:54 SECMAN: exporting session info for 57aa5fae7048b97ec99684474b9545cc697329471530b601: [Encryption="YES";Integrity="YES";ValidCommands="60000,60008,60002,60003,60026,60017,60046,60047,60048,60049,60050,60004,60012,60021,60052,60043,60007,457,60020,60044";CryptoMethodsList="AES.BLOWFISH.3DES";CryptoMethods="BLOWFISH";ShortVersion="9.2.0";] 11/04/21 11:00:54 SECMAN: exporting session info for family:725268bf4521ad0035ecbf85f3a0236d7be10787ec6659c4: [Encryption="YES";Integrity="YES";CryptoMethodsList="AES.BLOWFISH.3DES";CryptoMethods="BLOWFISH";ShortVersion="9.2.0";] 11/04/21 11:00:54 Started DaemonCore process "C:\Condor\bin\condor_startd.exe", pid and pgroup = 4560 11/04/21 11:00:54 Daemons::StartAllDaemons all daemons were started 11/04/21 11:00:59 SECMAN: command 2 UPDATE_MASTER_AD to collector 10.140.255.254 from TCP port 50975 (non-blocking). 11/04/21 11:00:59 SECMAN: waiting for TCP connection to collector 10.140.255.254. 11/04/21 11:00:59 SECMAN: resuming command 2 UPDATE_MASTER_AD to collector 10.140.255.254 from TCP port 50975 (non-blocking). 11/04/21 11:00:59 Inserting pre-auth metadata for TOKEN. 11/04/21 11:00:59 SECMAN: resuming command 2 UPDATE_MASTER_AD to collector 10.140.255.254 from TCP port 50975 (non-blocking). 11/04/21 11:00:59 SECMAN: new session, doing initial authentication. 11/04/21 11:00:59 SECMAN: Auth methods: TOKEN,FS 11/04/21 11:00:59 AUTHENTICATE: setting timeout for <10.140.255.254:9618> to 20. 11/04/21 11:00:59 HANDSHAKE: in handshake(my_methods = 'TOKEN,FS') 11/04/21 11:00:59 HANDSHAKE: handshake() - i am the client 11/04/21 11:00:59 HANDSHAKE: sending (methods == 2052) to server 11/04/21 11:00:59 HANDSHAKE: server replied (method = 2048) 11/04/21 11:00:59 PW. 11/04/21 11:00:59 PW: getting name. 11/04/21 11:00:59 IDTOKENS: Examining C:\Condor\tokens.d\admin for valid tokens from issuer sms1. 11/04/21 11:00:59 TOKEN: No token found. 11/04/21 11:00:59 PW: Failed to fetch a login name 11/04/21 11:00:59 PW: Generating ra. 11/04/21 11:00:59 PW: Client sending. 11/04/21 11:00:59 Client error: NULL in send? 11/04/21 11:00:59 Client sending: -1, 0(), 0 11/04/21 11:00:59 PW: Client receiving. 11/04/21 11:00:59 Server sent status indicating not OK. 11/04/21 11:00:59 PW: Client received ERROR from server, propagating 11/04/21 11:00:59 PW: CLient sending two. 11/04/21 11:00:59 In client_send_two. 11/04/21 11:00:59 Client error: don't know my own name? 11/04/21 11:00:59 Can't send null for random string. 11/04/21 11:00:59 Client error: I have no name? 11/04/21 11:00:59 Client sending: 0() 0 0 11/04/21 11:00:59 Sent ok. 11/04/21 11:00:59 AUTHENTICATE: method 2048 (IDTOKENS) failed. 11/04/21 11:00:59 HANDSHAKE: in handshake(my_methods = 'FS') 11/04/21 11:00:59 HANDSHAKE: handshake() - i am the client 11/04/21 11:00:59 HANDSHAKE: sending (methods == 4) to server 11/04/21 11:00:59 HANDSHAKE: server replied (method = 4) 11/04/21 11:00:59 AUTHENTICATE: unsupported method: 4, failing. 11/04/21 11:00:59 SECMAN: required authentication with collector 10.140.255.254 failed, so aborting command UPDATE_MASTER_AD. 11/04/21 11:00:59 ERROR: AUTHENTICATE:1003:Failure. Unsupported method: 4|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS 11/04/21 11:00:59 Failed to start non-blocking update to <10.140.255.254:9618>. 11/04/21 11:00:59 DaemonCommandProtocol: Not enough bytes are ready for read. 11/04/21 11:00:59 DC_AUTHENTICATE: received DC_AUTHENTICATE from <10.140.0.4:50976> 11/04/21 11:00:59 DC_AUTHENTICATE: resuming session id 57aa5fae7048b97ec99684474b9545cc697329471530b601: 11/04/21 11:00:59 DC_AUTHENTICATE: encryption enabled for session 57aa5fae7048b97ec99684474b9545cc697329471530b601 11/04/21 11:00:59 DC_AUTHENTICATE: message authenticator enabled with key id 57aa5fae7048b97ec99684474b9545cc697329471530b601. 11/04/21 11:00:59 DC_AUTHENTICATE: Success. 11/04/21 11:00:59 PERMISSION GRANTED to condor@child from host 10.140.0.4 for command 60008 (DC_CHILDALIVE), access level DAEMON: reason: DAEMON authorization has been made automatic for condor@child 11/04/21 11:00:59 DaemonCommandProtocol: Not enough bytes are ready for read. 11/04/21 11:00:59 DC_AUTHENTICATE: received DC_AUTHENTICATE from <10.140.0.4:50978> 11/04/21 11:00:59 DC_AUTHENTICATE: resuming session id 57aa5fae7048b97ec99684474b9545cc697329471530b601: 11/04/21 11:00:59 DC_AUTHENTICATE: encryption enabled for session 57aa5fae7048b97ec99684474b9545cc697329471530b601 11/04/21 11:00:59 DC_AUTHENTICATE: message authenticator enabled with key id 57aa5fae7048b97ec99684474b9545cc697329471530b601. 11/04/21 11:00:59 DC_AUTHENTICATE: Success. 11/04/21 11:00:59 PERMISSION GRANTED to condor@child from host 10.140.0.4 for command 60043 (DC_SET_READY), access level WRITE: reason: WRITE authorization has been made automatic for condor@child 11/04/21 11:00:59 Setting ready state 'Ready' for STARTD