Hi Martin,
Do you have the right permissions on the /etc/grid-security/gridmapdir directory ?
It need to be writable by the "lfcmgr" user.
For instance :
ls -ld /etc/grid-security/gridmapdir/
drwxrwxr-x 2 root lfcmgr 8192 Sep 2 09:50 /etc/grid-security/gridmapdir/
You can use another directory, as long as you specify it in /etc/sysconfig/lfcdaemon, and that it is writable by "lfcmgr".
Cheers, Sophie.
PS: you can also use the LFC support mailing list [log in to unmask]
________________________________
From: LHC Computer Grid - Rollout on behalf of Martin Pels
Sent: Mon 9/5/2005 4:16 PM
To: [log in to unmask]
Subject: [LCG-ROLLOUT] LFC: Problem with mapping grid-user to pool account
Hi,
Recently we installed a local LFC at our site. Unfortunately we are having some problems using it.
When I add a user to the grid-mapfile like such:
"/O=dutchgrid/O=users/O=sara/CN=Martin Pels" pels
I can use LFC after doing a grid-proxy-init as user pels. However, if I add the user to a pool account:
"/O=dutchgrid/O=users/O=sara/CN=Martin Pels" .dteam
LFC does not give access:
[pels@mu11 pels]$ grid-proxy-init
Your identity: /O=dutchgrid/O=users/O=sara/CN=Martin Pels
Enter GRID pass phrase for this identity:
Creating proxy ........................................................... Done
Your proxy is valid until: Tue Sep 6 04:05:14 2005
[pels@mu11 pels]$ lfc-ls /
/: Could not map principal to username
There are dteamXXX users defined in /etc/password, but it seems LFC commands only work when the local user that executes them is mapped to the grid-user in /etc/grid-security/grid-mapfile.
How do I get LFC to work with the pool accounts?
Regards,
Martin Pels
SARA Computing & Networking Services
High Performance Computing
Tel. +31 20 592 3000
http://www.sara.nl <http://www.sara.nl/>
|