Mailing List Archives

Public Access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Configuring Condor for fully qualified usernames?

Hi Juha,

Some bad news -- the "@" is a reserved character in HTCondor and cannot be in a username.  It doesn't currently prevent submission but it does cause various strange failures like the ones you quote below.  In 2019, I spent a few hours trying to work around it but came to the conclusion there were just too many tricky pieces.

In 2019, we solved this by tweaking the SSSD settings so the generated Unix usernames were along the lines of "johndoe" instead of "johndoe@xxxxxxxxx".  This is reasonable to do as long as there's only one active directory setup on the host; further, because the UIDs don't change, there's no change in file ownership.

HTH,

Brian

> On Sep 1, 2021, at 4:18 AM, Kortelainen Juha <Juha.Kortelainen@xxxxxx> wrote:
> 
> Hello,
> 
> Thank you for your very quick answer. I tried this one with no success:
> 
> Submitting job(s).
> ERROR: Failed to commit job submission into the queue.
> 
> The message in /var/log/condor/SchedLog is now different:
> 
> SetAttribute security violation: setting owner to "johndoe", which is not a valid user account
> 
> I wonder if the problem is in Condor configuration or could it have something to do with the AD authorization.
> 
> Regards,
> 
> - Juha
> 
> -----Original Message-----
> From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of Beyer, Christoph
> Sent: keskiviikko 1. syyskuuta 2021 12.00
> To: htcondor-users <htcondor-users@xxxxxxxxxxx>
> Subject: Re: [HTCondor-users] Configuring Condor for fully qualified usernames?
> 
> Hi, 
> 
> you could unset the username in your job by adding 
> 
> +Owner=UNDEFINED
> 
> this should result in no similar conflict on the receiving end of the job ...
> 
> Best
> christoph
> 
> -- 
> Christoph Beyer
> DESY Hamburg
> IT-Department
> 
> Notkestr. 85
> Building 02b, Room 009
> 22607 Hamburg
> 
> phone:+49-(0)40-8998-2317
> mail: christoph.beyer@xxxxxxx
> 
> ----- UrsprÃngliche Mail -----
> Von: "Kortelainen Juha" <Juha.Kortelainen@xxxxxx>
> An: "htcondor-users" <htcondor-users@xxxxxxxxxxx>
> Gesendet: Mittwoch, 1. September 2021 09:25:25
> Betreff: [HTCondor-users] Configuring Condor for fully qualified usernames?
> 
> 
> 
> Hello, 
> 
> 
> 
> Our IT is using fully qualified usernames (Active Directory) in our Ubuntu Linux workstations, i.e. for the command "whoami", I get something like: 
> 
> 
> 
> johndoe@xxxxxxxxx 
> 
> 
> 
> For the workstation I'm using, I have configured the Condor system with the default settings. When submitting a job, it fails with the following symptoms: 
> 
> 
> 
> Submitting job(s). 
> 
> ERROR: Failed to commit job submission into the queue. 
> 
> 
> 
> In the /var/log/condor/SchedLog it says: 
> 
> 
> 
> SetAttribute security violation: setting owner to "johndoe@xxxxxxxxx" when active owner is "johndoe" 
> 
> 
> 
> Obviously there is something wrong with the Condor configuration, but I don't have any ideas what to do. Do you have any concrete instructions, advise or examples for me to solve the issue? 
> 
> 
> 
> I noticed the emails in the Mailing List Archives concerning the topic, but did not find any solutions there. 
> 
> 
> 
> 
> 
> Best regards, 
> 
> 
> 
> - Juha 
> 
> _______________________________________________ 
> HTCondor-users mailing list 
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a 
> subject: Unsubscribe 
> You can also unsubscribe by visiting 
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cs.wisc.edu%2Fmailman%2Flistinfo%2Fhtcondor-users&amp;data=04%7C01%7CJuha.Kortelainen%40vtt.fi%7Cbc2efa66ab604806cb9108d96d27df74%7C68d6b592500843b59b0423bec4e86cf7%7C0%7C0%7C637660840292762091%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=n%2BNjBdz%2B16zLzJisltRqVvkgCcgkyf1c2DT%2BXHBj%2FVc%3D&amp;reserved=0 
> 
> The archives can be found at: 
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cs.wisc.edu%2Farchive%2Fhtcondor-users%2F&amp;data=04%7C01%7CJuha.Kortelainen%40vtt.fi%7Cbc2efa66ab604806cb9108d96d27df74%7C68d6b592500843b59b0423bec4e86cf7%7C0%7C0%7C637660840292762091%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=kYrI5zaAABMy7YfxftRPAXBNNBYRBktPABf5LtsySZE%3D&amp;reserved=0 
> 
> 
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cs.wisc.edu%2Fmailman%2Flistinfo%2Fhtcondor-users&amp;data=04%7C01%7CJuha.Kortelainen%40vtt.fi%7Cbc2efa66ab604806cb9108d96d27df74%7C68d6b592500843b59b0423bec4e86cf7%7C0%7C0%7C637660840292762091%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=n%2BNjBdz%2B16zLzJisltRqVvkgCcgkyf1c2DT%2BXHBj%2FVc%3D&amp;reserved=0
> 
> The archives can be found at:
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cs.wisc.edu%2Farchive%2Fhtcondor-users%2F&amp;data=04%7C01%7CJuha.Kortelainen%40vtt.fi%7Cbc2efa66ab604806cb9108d96d27df74%7C68d6b592500843b59b0423bec4e86cf7%7C0%7C0%7C637660840292762091%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=kYrI5zaAABMy7YfxftRPAXBNNBYRBktPABf5LtsySZE%3D&amp;reserved=0
> 
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> 
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/