It's true, testing it from our UI (doing befora a grid-proxy-init)
[david@villon david]$ /opt/globus/bin/globusrun -a -r mallarme.cnb.uam.es
GRAM Authentication test successful
globus-gatekeeper.log file
Notice: 6: Got connection 150.244.80.196 at Thu Oct 6 17:27:32 2005
Notice: 5: Trying to use original user proxy ...
Notice: 5: Authenticated globus user: /C=ES/O=DATAGRID-ES/O=CNB/CN=David
Garcia Aristegui
Notice: 0: JOB_REPOSITORY_ID
2005-10-06.17:27:32.196519.0000023132.0000000314 (unique id used for Job
Repository)
Notice: 0: FORMAT: YYYY-MM-DD.hh:mm:ss.micros.pid.connection
Notice: 0: (Format: <date>.<time (with
microsecs)>.<pid>.<connection counter>)
Notice: 0: temporarily ALLOW empty credentials
Notice: 0: Using dlopen version of LCAS
Notice: 0: lcasmod_name = /opt/edg/lib/lcas/lcas.mod
LCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
LCAS 7: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
Initialization LCAS version 1.1.22
LCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcas.mod-lcas_init(): Reading LCAS database /opt/edg/etc/lcas/lcas.db
LCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
LCAS 5: 2005-10-06.17:27:32.196519.0000023132.0000000314 : LCAS
authorization request
LCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcas.mod-lcas_get_fabric_authorization(): user is
/C=ES/O=DATAGRID-ES/O=CNB/CN=David Garcia Aristegui
LCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcas_userban.mod-plugin_confirm_authorization(): checking banned users
in /opt/edg/etc/lcas/ban_users.db
LCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcas.mod-lcas_get_fabric_authorization(): authorization granted by
plugin /opt/edg/lib/lcas/modules/lcas_userban.mod
LCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcas_timeslots.mod-plugin_confirm_authorization(): Checking slot 1 out
of 2 in /opt/edg/etc/lcas/timeslots.db
LCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcas_timeslots.mod-plugin_confirm_authorization(): Checking slot 2 out
of 2 in /opt/edg/etc/lcas/timeslots.db
LCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcas_timeslots.mod-check_hour(): Hour (17:27:32) out of range:
(23:00:00)-(24:00:00)
LCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcas.mod-lcas_get_fabric_authorization(): authorization granted by
plugin /opt/edg/lib/lcas/modules/lcas_timeslots.mod
LCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcas_plugin_example-plugin_confirm_authorization(): OK, what the heck,
I'll authorize Mr/Mrs /C=ES/O=DATAGRID-ES/O=CNB/CN=David Garcia
AristeguiLCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcas.mod-lcas_get_fabric_authorization(): authorization granted by
plugin /opt/edg/lib/lcas/modules/lcas_plugin_example.mod
LCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcas.mod-lcas_get_fabric_authorization(): succeeded
LCAS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
LCAS 7: 2005-10-06.17:27:32.196519.0000023132.0000000314 : Termination
LCAS
Notice: 0: temporarily ALLOW empty credentials
Notice: 0: Using dlopen version of LCMAPS
Notice: 0: lcmapsmod_name = /opt/edg/lib/lcmaps/lcmaps.mod
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
LCMAPS 7: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
Initialization LCMAPS version 0.0.30
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps.mod-startPluginManager(): Reading LCMAPS database
/opt/edg/etc/lcmaps/lcmaps.db
LCMAPS 5: 2005-10-06.17:27:32.196519.0000023132.0000000314 : LCMAPS
credential mapping request
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps.mod-runPlugin(): found plugin
/opt/edg/lib/lcmaps/modules/lcmaps_voms.mod
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps.mod-runPlugin(): running plugin
/opt/edg/lib/lcmaps/modules/lcmaps_voms.mod
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps_plugin_voms-plugin_run(): VOMS extensions missing from
certificate (failure)!
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps_plugin_voms-plugin_run(): voms plugin failed
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps.mod-runPlugin(): found plugin
/opt/edg/lib/lcmaps/modules/lcmaps_localaccount.mod
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps.mod-runPlugin(): running plugin
/opt/edg/lib/lcmaps/modules/lcmaps_localaccount.mod
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps_plugin_localaccount-plugin_run(): localaccount plugin failed
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps.mod-runPlugin(): found plugin
/opt/edg/lib/lcmaps/modules/lcmaps_poolaccount.mod
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps.mod-runPlugin(): running plugin
/opt/edg/lib/lcmaps/modules/lcmaps_poolaccount.mod
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps_plugin_poolaccount-plugin_run(): poolaccount plugin succeeded
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps.mod-runPlugin(): found plugin
/opt/edg/lib/lcmaps/modules/lcmaps_posix_enf.mod
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps.mod-runPlugin(): running plugin
/opt/edg/lib/lcmaps/modules/lcmaps_posix_enf.mod
LCMAPS 6: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps_plugin_posix_enf-log_cred(): uid=19401(biomed001):pgid=1090(biomed)
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps_plugin_posix_enf-plugin_run(): posix_enf plugin succeeded
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps.mod-lcmaps_run(): succeeded
LCMAPS 7: 2005-10-06.17:27:32.196519.0000023132.0000000314 : Termination
LCMAPS
LCMAPS 0: 2005-10-06.17:27:32.196519.0000023132.0000000314 :
lcmaps.mod-lcmaps_term(): terminating
Notice: 5: Requested service: jobmanager [PING ONLY]
Notice: 5: Authorized as local user: biomed001
Notice: 5: Authorized as local uid: 19401
Notice: 5: and local gid: 1090
Notice: 5: "/C=ES/O=DATAGRID-ES/O=CNB/CN=David Garcia Aristegui" mapped
to biomed001 (19401/1090)
Failure: ping successful
Failure: ping successful
Notice: 6: Got connection 193.146.75.93 at Thu Oct 6 17:29:56 2005
Failed reading length 0
GSS authentication failure
globus_gss_assist token :3: read failure: Connection closed
Failure: GSS failed Major:01090000 Minor:00000000 Token:00000003
Failure: GSS failed Major:01090000 Minor:00000000 Token:00000003
The problem is this always with this IP 193.146.75.93
Oct 6 17:24:26 mallarme GRAM gatekeeper[4899]: Got connection
193.146.75.93 at Thu Oct 6 17:24:26 2005
Oct 6 17:24:26 mallarme GRAM gatekeeper[4899]: GSS failed
Major:01090000 Minor:00000000 Token:00000003
[root@mallarme grid-security]# host 193.146.75.93
93.75.146.193.in-addr.arpa domain name pointer egeerb.ifca.org.es.
Thank you!!!
Eygene A. Ryabinkin wrote:
>>Hello, we are installing LCG 2.6 in our machines, and we have a problem
>>with the Gate-keeper.
>>
>>tail globus-gatekeeper.log
>>(...)
>>GSS authentication failure
>>GSS Major Status: General failure
>>GSS Minor Status Error Chain:
>>accept_sec_context.c:305: gss_accept_sec_context: Error during
>>delegation: Delegation protocol violationFailure: GSS failed
>>Major:000d0000 Minor:00000001 Token:00000000
>>Failure: GSS failed Major:000d0000 Minor:00000001 Token:00000000
>>
>>This kind of probles are related with the host certificate, could you
>>tell me if is this true?
>>
>>
>>
> This issue is not related to the host certificate problems, this is just
>the violation of the GSS protocol. What client you've used to connect to
>the gatekeeper. If it is the standard SSL client (openssl s_client or
>something) it will not work -- you need GSS-enabled client. The easiest way
>to test is to issue the GSS 'ping' command
>$ globusrun -a -r mallarme.cnb.uam.es
>
> Certainly, you should have valid proxy certificate somewhere around. With my
>certificate this test is successful:
>-----
>$ globusrun -a -r mallarme.cnb.uam.es
>
>GRAM Authentication test successful
>-----
>
>
|