Gonçalo Borges wrote:
> Hi All,
>
> As you probably know (mail sent on 28/03/2007 bu EGEE BROADCAST) the
> cclcgvomsli01.in2p3.fr VOMS certificate was been renewed.
> I have update it on our CE and I just sent you the beginning of the
> certificate info:
>
> [root@ce02 vomsdir]# openssl x509 -text -noout -in
> cclcgvomsli01.in2p3.fr.1864
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 1881 (0x759)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C=FR, O=CNRS, CN=GRID-FR
> Validity
> Not Before: Mar 1 14:01:52 2007 GMT
> Not After : Mar 1 14:01:52 2008 GMT
> Subject: O=GRID-FR, C=FR, O=CNRS, OU=CC-LYON,
> CN=cclcgvomsli01.in2p3.fr
> (...)
That is the wrong cert! It should be like this:
Validity
Not Before: Feb 28 10:22:35 2007 GMT
Not After : Feb 28 10:22:35 2008 GMT
Subject: O=GRID-FR, C=FR, O=CNRS, OU=CC-LYON, CN=cclcgvomsli01.in2p3.fr
That is the cert provided by lcg-vomscerts-4.4.0-1.
I suppose you replaced it after the accidental extra renewal on the server?
Please put the original cert back and retry.
> After this update, I have a biomed user, which although starting it's
> proxy as biomed, he is always mapped as cmsprd in our local cluster.
> This is happening because the VOMS authentication fails, and since he
> also belongs to cms, the gridmapfile is used instead. Here is part of
> the /var/log/globus-gatekeper.log:
>
> (...)
> LCMAPS 0: 2007-04-02.14:22:45.198065.0000021996.0000065337 :
> lcmaps.mod-runPlugin(): running plugin
> /opt/edg/lib/lcmaps/modules/lcmaps_voms.mod
> LCMAPS 0: 2007-04-02.14:22:45.198065.0000021996.0000065337 :
> lcmaps_plugin_voms-plugin_run(): Generic verification error for VOMS
> (failure)!
> LCMAPS 0: 2007-04-02.14:22:45.198065.0000021996.0000065337 :
> lcmaps_plugin_voms-plugin_run(): voms plugin failed
> LCMAPS 0: 2007-04-02.14:22:45.198065.0000021996.0000065337 :
> lcmaps.mod-runPlugin(): found plugin
> /opt/edg/lib/lcmaps/modules/lcmaps_localaccount.mod
> LCMAPS 0: 2007-04-02.14:22:45.198065.0000021996.0000065337 :
> lcmaps.mod-runPlugin(): running plugin
> /opt/edg/lib/lcmaps/modules/lcmaps_localaccount.mod
> LCMAPS 0: 2007-04-02.14:22:45.198065.0000021996.0000065337 :
> lcmaps_plugin_localaccount-plugin_run(): localaccount plugin succeeded
> LCMAPS 0: 2007-04-02.14:22:45.198065.0000021996.0000065337 :
> lcmaps.mod-runPlugin(): found plugin
> /opt/edg/lib/lcmaps/modules/lcmaps_posix_enf.mod
> (...)
>
> Any suggestion to where should I look further?
>
> Thanks in advance
> Best Regards
> Goncalo Borges
|