Hi Stephen,
>
> This sounds baffling, the UI shouldn't come into it once the
> job is in the
> RB.
Maybe one UI puts something else on the RB than another UI?
>Do you have access to any other UIs?
Apart from the NIKHEF one, no.
> Can other people at
> NIKHEF use
> proxy renewal?
They have contacted us that they wanted to use our myproxy server but
couldn't get it to work.
> Also, you could try querying the myproxy from both UIs.
I did and it works like a charm.
On our RB I see in
/opt/edg/var/spool/edg-wl-renewd/3db3191c8a204e8b00bc01e0cce9c75c.data
suffix=0, unique=0, voms_exts=0, server=px.matrix.sara.nl,
next_renewal=1100102863, end_time=1100103393,
jobid=https://mu3.matrix.sara.nl:9000/NAvlNHzXTFHsgcWQL-ZD4w
so that looks ok I think. On the myproxy server I see in
/var/log/messages after a while after submitting the job:
Nov 10 17:06:54 mu6 myproxy-server: <30575> Connection from
145.100.29.131 (which is the RB)
Nov 10 17:06:54 mu6 myproxy-server: <30070> wrote 5267 bytes
Nov 10 17:06:54 mu6 myproxy-server: <30070> wrote 75 bytes
Nov 10 17:06:54 mu6 myproxy-server: <30070> Authenticated client
/O=dutchgrid/O=hosts/OU=sara.nl/CN=mu3.matrix.sara.nl
Nov 10 17:06:54 mu6 myproxy-server: <30070> read 141 bytes
Nov 10 17:06:54 mu6 myproxy-server: <30070> wrote 197 bytes
Nov 10 17:06:54 mu6 myproxy-server: <30070> read 3525 bytes
Nov 10 17:06:54 mu6 myproxy-server: <30070> authorization failed
<------------
Nov 10 17:06:54 mu6 myproxy-server: <30070> wrote 77 bytes
Nov 10 17:06:54 mu6 myproxy-server: <30070> Exiting: unknown error
Nov 10 17:06:54 mu6 myproxy-server: <30575> child 30070 terminated
Running from the SARA UI you would see:
Nov 10 09:56:51 mu6 myproxy-server: <18594> Connection from
145.100.29.131
Nov 10 09:56:51 mu6 myproxy-server: <32544> wrote 5267 bytes
Nov 10 09:56:51 mu6 myproxy-server: <32544> wrote 75 bytes
Nov 10 09:56:51 mu6 myproxy-server: <32544> Authenticated client
/O=dutchgrid/O=hosts/OU=sara.nl/CN=mu3.matrix.sara.nl
Nov 10 09:56:51 mu6 myproxy-server: <32544> read 141 bytes
Nov 10 09:56:51 mu6 myproxy-server: <32544> wrote 197 bytes
Nov 10 09:56:51 mu6 myproxy-server: <32544> read 3525 bytes
Nov 10 09:56:51 mu6 myproxy-server: <32544> Received GET request from
/O=dutchgrid/O=hosts/OU=sara.nl/CN=mu3.matrix.sara.nl
Nov 10 09:56:51 mu6 myproxy-server: <32544> Owner:
/O=dutchgrid/O=users/O=sara/CN=Ron Trompert
Nov 10 09:56:51 mu6 myproxy-server: <32544> Username:
/O=dutchgrid/O=users/O=sara/CN=Ron Trompert
Nov 10 09:56:51 mu6 myproxy-server: <32544> Location:
/var/myproxy/3db3191c8a204e8b00bc01e0cce9c75c.creds
Nov 10 09:56:51 mu6 myproxy-server: <32544> Requested lifetime: 36000
seconds
Nov 10 09:56:51 mu6 myproxy-server: <32544> Max. delegation lifetime:
43200 seconds
Nov 10 09:56:51 mu6 myproxy-server: <32544> Sending OK response to
client /O=dutchgrid/O=hosts/OU=sara.nl/CN=mu3.matrix.sara.nl
Nov 10 09:56:51 mu6 myproxy-server: <32544> wrote 61 bytes
Nov 10 09:56:51 mu6 myproxy-server: <32544> read 301 bytes
Nov 10 09:56:51 mu6 myproxy-server: <32544> wrote 2717 bytes
Nov 10 09:56:51 mu6 myproxy-server: <32544> Delegating credentials for
/O=dutchgrid/O=users/O=sara/CN=Ron Trompert lifetime=36000
Nov 10 09:56:51 mu6 myproxy-server: <32544> Sending OK response to
client /O=dutchgrid/O=hosts/OU=sara.nl/CN=mu3.matrix.sara.nl
Nov 10 09:56:51 mu6 myproxy-server: <32544> wrote 61 bytes
Nov 10 09:56:51 mu6 myproxy-server: <32544> Client
/O=dutchgrid/O=hosts/OU=sara.nl/CN=mu3.matrix.sara.nl disconnected
Nov 10 09:56:51 mu6 myproxy-server: <18594> child 32544 terminated
It could not be a firewalling issue unless the myproxy server tries to
communicate with the UI over a port that is filtered. But at our site
(SARA) traffic between UI and RB is not filtered. I will try to find out
why I get the "authorization failed".
Ron
|