On Mon, 30 Apr 2007, Condurache, C (Catalin) wrote:
> Hi,
>
> Trying to debug why totalep VO users can't access the LFC information, I
> ended up finding that from their UI no LFC info is available regardless
> what certificate is used (their - totalep, or mine - dteam, both grid or
> voms). I had 'export LFC_HOST=lfc.gridpp.rl.ac.uk' in place, but I got
> only
>
> [catalin@localhost ~]$ export CSEC_TRACE=1
> [catalin@localhost ~]$ lfc-ls /grid
>
> (only last part of message)...
> ERROR: initializing context: GSS Error: GSS Major Status: Unexpected
> Gatekeeper or Service Name
> MECH Error: GSS Minor Status Error Chain:
>
> init_sec_context.c:251: gss_init_sec_context: Mutual authentication
> failed: The target name
> (/C=UK/O=eScience/OU=CLRC/L=RAL/CN=lfc0448.gridpp.rl.ac.uk/Email=tier1a-
> [log in to unmask]) in the context, and the target name
> (/CN=host/lfc.gridpp.rl.ac.uk) passed to the function do not match
> send2nsd: NS002 - send error : No valid credential found
> Csec_clearContext: Clearing context
> Csec_unload_shlib: Entering
> /grid: System error
>
>
>
> So I suspect a local UI configuration problem but don't know where.
> Stuff like job-list-matching or job-submitting seems to work. Did anyone
> on this list have a similar problem?
1. Check the DNS on the UI: it may have lfc.gridpp.rl.ac.uk hardcoded in
/etc/hosts instead of allowing it to resolve to lfc0448.gridpp.rl.ac.uk.
Beware of bad caching by local "nscd" or "named" instances.
2. Is the LFC client version up to date?
|