> -----Original Message-----
> From: LHC Computer Grid - Rollout
[mailto:[log in to unmask]]
> On Behalf Of Sophie Lemaitre
> Sent: maandag 5 september 2005 16:37
> To: [log in to unmask]
> Subject: Re: [LCG-ROLLOUT] LFC: Problem with mapping grid-user to pool
> account
>
> Hi Martin,
>
> Do you have the right permissions on the /etc/grid-security/gridmapdir
> directory ?
> It need to be writable by the "lfcmgr" user.
>
> For instance :
>
> ls -ld /etc/grid-security/gridmapdir/
> drwxrwxr-x 2 root lfcmgr 8192 Sep 2 09:50 /etc/grid-
> security/gridmapdir/
>
> You can use another directory, as long as you specify it in
> /etc/sysconfig/lfcdaemon, and that it is writable by "lfcmgr".
>
This was indeed the problem. Thanks!
> Cheers, Sophie.
>
> PS: you can also use the LFC support mailing list
[log in to unmask]
>
Will do next time.
>
>
> ________________________________
>
> From: LHC Computer Grid - Rollout on behalf of Martin Pels
> Sent: Mon 9/5/2005 4:16 PM
> To: [log in to unmask]
> Subject: [LCG-ROLLOUT] LFC: Problem with mapping grid-user to pool
account
>
>
>
> Hi,
>
> Recently we installed a local LFC at our site. Unfortunately we are
having
> some problems using it.
>
> When I add a user to the grid-mapfile like such:
>
> "/O=dutchgrid/O=users/O=sara/CN=Martin Pels" pels
>
> I can use LFC after doing a grid-proxy-init as user pels. However, if
I
> add the user to a pool account:
>
> "/O=dutchgrid/O=users/O=sara/CN=Martin Pels" .dteam
>
> LFC does not give access:
>
> [pels@mu11 pels]$ grid-proxy-init
>
> Your identity: /O=dutchgrid/O=users/O=sara/CN=Martin Pels
>
> Enter GRID pass phrase for this identity:
>
> Creating proxy
...........................................................
> Done
>
> Your proxy is valid until: Tue Sep 6 04:05:14 2005
>
> [pels@mu11 pels]$ lfc-ls /
>
> /: Could not map principal to username
>
> There are dteamXXX users defined in /etc/password, but it seems LFC
> commands only work when the local user that executes them is mapped to
the
> grid-user in /etc/grid-security/grid-mapfile.
>
> How do I get LFC to work with the pool accounts?
>
> Regards,
>
> Martin Pels
>
> SARA Computing & Networking Services
>
> High Performance Computing
>
> Tel. +31 20 592 3000
>
> http://www.sara.nl <http://www.sara.nl/>
|