Hello all,
while trying to find why our jobs get rejected from our CE (while it is listed as a match for the job) we see the following in the
/var/log/glite/gatekeeper.log:
"lcas_plugin_voms-plugin_confirm_authorization_from_x509(): Did not find a matching VO entry in the authorization file"
hence
"Failure: LCAS failed authorization." (see below for more log)
and probably the reason the job gets rejected.
I believe the options are read in from /opt/glite/etc/lcas/lcas.db (on CE):
-----------------------------------------
pluginname=lcas_userban.mod,pluginargs=ban_users.db
pluginname=lcas_voms.mod,pluginargs="-vomsdir /etc/grid-security/vomsdir -certdir /etc/grid-security/certificates -authfile /etc/grid-security/grid-mapfile -authformat simple -use_user_dn"
-----------------------------------------
-use_user_dn
If this option is set also user proxies without voms information will be processed.
If the user dn of the proxy is present in the gacl or gridmapfile, the user is authorized by this plugin.
/etc/grid-security/grid-mapfile (on CE):
-----------------------------------------
"/O=dutchgrid/O=users/O=philips-natlab/CN=Ronald van Driel" .phicossgm
"/O=dutchgrid/O=users/O=philips-natlab/CN=Serge Vrijaldenhoven" .phicossgm
-----------------------------------------
voms-proxy-info -all (on UI)
-----------------------------------------
subject : /O=dutchgrid/O=users/O=philips-natlab/CN=Serge Vrijaldenhoven/CN=proxy
issuer : /O=dutchgrid/O=users/O=philips-natlab/CN=Serge Vrijaldenhoven
identity : /O=dutchgrid/O=users/O=philips-natlab/CN=Serge Vrijaldenhoven
type : proxy
strength : 512 bits
path : /tmp/x509up_u507
timeleft : 9:26:54
=== VO phicos extension information ===
VO : phicos
subject : /O=dutchgrid/O=users/O=philips-natlab/CN=Serge Vrijaldenhoven
issuer : /O=dutchgrid/O=hosts/OU=sara.nl/CN=mu4.matrix.sara.nl
attribute : /phicos/Role=NULL/Capability=NULL
timeleft : 9:26:54
-----------------------------------------
If I create an old style proxy -without voms extension- I see in gatekeeper.log:
lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin succeeded
However, then lcmaps fails... (see the 2nd log below)
Anybody any idea what is going wrong?
Greetings,
Serge
More information:
=================
/var/log/glite/gatekeeper.log (proxy with voms extension):
-----------------------------------------
Notice: 6: Got connection <IP of Our WMSLB> at Mon Jun 11 11:03:57 2007
Notice: 5: Trying to use delegated user proxy
Notice: 5: Authenticated globus user: /O=dutchgrid/O=users/O=philips-natlab/CN=Serge Vrijaldenhoven
Notice: 0: GRID_SECURITY_HTTP_BODY_FD=9
Notice: 0: JOB_REPOSITORY_ID 2007-06-11.11:03:57.318046.0000029408.0000000218 (unique id used for Job Repository)
Notice: 0: FORMAT: YYYY-MM-DD.hh:mm:ss.micros.pid.connection
Notice: 0: (Format: <date>.<time (with microsecs)>.<pid>.<connection counter>)
Notice: 0: temporarily ALLOW empty credentials
Notice: 0: Using dlopen version of LCAS
Notice: 0: lcasmod_name = /opt/glite/lib/lcas.mod
LCAS 0: 2007-06-11.11:03:57.318046.0000029408.0000000218 :
LCAS 7: 2007-06-11.11:03:57.318046.0000029408.0000000218 : Initialization LCAS version 1.3.1
LCAS 0: 2007-06-11.11:03:57.318046.0000029408.0000000218 : lcas.mod-lcas_init(): Reading LCAS database /opt/glite/etc/lcas/lcas.db
LCAS 0: 2007-06-11.11:03:57.318046.0000029408.0000000218 :
LCAS 5: 2007-06-11.11:03:57.318046.0000029408.0000000218 : LCAS authorization request
LCAS 0: 2007-06-11.11:03:57.318046.0000029408.0000000218 : lcas.mod-lcas_run_va(): user is /O=dutchgrid/O=users/O=philips-natlab/CN=Serge Vrijaldenhoven
LCAS 0: 2007-06-11.11:03:57.318046.0000029408.0000000218 : lcas_userban.mod-plugin_confirm_authorization(): checking banned users in /opt/glite/etc/lcas/ban_users.db
LCAS 0: 2007-06-11.11:03:57.318046.0000029408.0000000218 : lcas.mod-lcas_run_va(): authorization granted by plugin /opt/glite/lib/modules/lcas_userban.mod
LCAS 0: 2007-06-11.11:03:57.318046.0000029408.0000000218 : lcas_plugin_voms-plugin_confirm_authorization_from_x509(): Did not find a matching VO entry in the authorization file
LCAS 0: 2007-06-11.11:03:57.318046.0000029408.0000000218 : lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin failed
LCAS 0: 2007-06-11.11:03:57.318046.0000029408.0000000218 : lcas.mod-lcas_run_va(): authorization failed for plugin /opt/glite/lib/modules/lcas_voms.mod
LCAS 0: 2007-06-11.11:03:57.318046.0000029408.0000000218 : lcas.mod-lcas_run_va(): failed
Failure: LCAS failed authorization.
Failure: LCAS failed authorization.
-----------------------------------------
/var/log/glite/gatekeeper.log (proxy without voms extension):
-----------------------------------------
LCAS 7: 2007-06-11.13:32:10.152588.0000029408.0000000229 : Initialization LCAS version 1.3.1
LCAS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcas.mod-lcas_init(): Reading LCAS database /opt/glite/etc/lcas/lcas.db
LCAS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 :
LCAS 5: 2007-06-11.13:32:10.152588.0000029408.0000000229 : LCAS authorization request
LCAS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcas.mod-lcas_run_va(): user is /O=dutchgrid/O=users/O=philips-natlab/CN=Serge Vrijaldenhoven
LCAS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcas_userban.mod-plugin_confirm_authorization(): checking banned users in /opt/glite/etc/lcas/ban_users.db
LCAS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcas.mod-lcas_run_va(): authorization granted by plugin /opt/glite/lib/modules/lcas_userban.mod
LCAS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin succeeded
LCAS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcas.mod-lcas_run_va(): authorization granted by plugin /opt/glite/lib/modules/lcas_voms.mod
LCAS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcas.mod-lcas_run_va(): succeeded
LCAS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 :
LCAS 7: 2007-06-11.13:32:10.152588.0000029408.0000000229 : Termination LCAS
Notice: 0: temporarily ALLOW empty credentials
Notice: 0: Using dlopen version of LCMAPS
Notice: 0: lcmapsmod_name = /opt/glite/lib/lcmaps.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 :
LCMAPS 7: 2007-06-11.13:32:10.152588.0000029408.0000000229 : Initialization LCMAPS version 1.3.6
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-startPluginManager(): Reading LCMAPS database /opt/glite/etc/lcmaps/lcmaps.db
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-get_procsymbol(): dlsym error: /opt/glite/lib/lcmaps.mod: undefined symbol: plugin_verify
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-PluginInit(): no "plugin_verify()" method found in /opt/glite/lib/modules/lcmaps_plugin_example.mod: old style plugin
LCMAPS 5: 2007-06-11.13:32:10.152588.0000029408.0000000229 : LCMAPS credential mapping request
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): found plugin /opt/glite/lib/modules/lcmaps_voms.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): running plugin /opt/glite/lib/modules/lcmaps_voms.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps_plugin_voms-plugin_run(): VOMS extensions missing from certificate (failure)!
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps_plugin_voms-plugin_run(): voms plugin failed
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): found plugin /opt/glite/lib/modules/lcmaps_localaccount.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): running plugin /opt/glite/lib/modules/lcmaps_localaccount.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps_plugin_localaccount-plugin_run(): localaccount plugin failed
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): found plugin /opt/glite/lib/modules/lcmaps_poolaccount.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): running plugin /opt/glite/lib/modules/lcmaps_poolaccount.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps_plugin_poolaccount-plugin_run(): poolaccount plugin failed
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): found plugin /opt/glite/lib/modules/lcmaps_voms.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): running plugin /opt/glite/lib/modules/lcmaps_voms.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps_plugin_voms-plugin_run(): VOMS extensions missing from certificate (failure)!
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps_plugin_voms-plugin_run(): voms plugin failed
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): found plugin /opt/glite/lib/modules/lcmaps_poolaccount.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): running plugin /opt/glite/lib/modules/lcmaps_poolaccount.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps_plugin_poolaccount-plugin_run(): poolaccount plugin failed
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): found plugin /opt/glite/lib/modules/lcmaps_localaccount.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): running plugin /opt/glite/lib/modules/lcmaps_localaccount.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps_plugin_localaccount-plugin_run(): localaccount plugin failed
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): found plugin /opt/glite/lib/modules/lcmaps_voms.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): running plugin /opt/glite/lib/modules/lcmaps_voms.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps_plugin_voms-plugin_run(): VOMS extensions missing from certificate (failure)!
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps_plugin_voms-plugin_run(): voms plugin failed
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): found plugin /opt/glite/lib/modules/lcmaps_poolaccount.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): running plugin /opt/glite/lib/modules/lcmaps_poolaccount.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps_plugin_poolaccount-plugin_run(): poolaccount plugin failed
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): found plugin /opt/glite/lib/modules/lcmaps_localaccount.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPlugin(): running plugin /opt/glite/lib/modules/lcmaps_localaccount.mod
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps_plugin_localaccount-plugin_run(): localaccount plugin failed
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-runPluginManager(): Error running evaluation manager
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-lcmaps_run() error: could not run plugin manager
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-lcmaps_run(): failed
LCMAPS 7: 2007-06-11.13:32:10.152588.0000029408.0000000229 : Termination LCMAPS
LCMAPS 0: 2007-06-11.13:32:10.152588.0000029408.0000000229 : lcmaps.mod-lcmaps_term(): terminating
Failure: LCMAPS failed user mapping.
Failure: LCMAPS failed user mapping.
-----------------------------------------
|