Pablo Rey Mayo wrote:
> Dear colleagues,
> We have a local VO (cesga) and I trying to be mapped to the sgm
> user using the corresponding group/role. To do it I use the command
> "voms-proxy-init -voms cesga:/cesga/Role=VO-Admin" to create the proxy.
> It works properly and I can see the corresponding atribute using the
> voms-proxy-info command:
>
>> [prey@ui prey]$ voms-proxy-info --all
>> ......
>> subject : /C=ES/O=DATAGRID-ES/O=CESGA/CN=Pablo Rey Mayo
>> issuer : /C=ES/O=DATAGRID-ES/O=CESGA/CN=host/test01.egee.cesga.es
>> attribute : /cesga/Role=VO-Admin/Capability=NULL
>> attribute : /cesga/Role=NULL/Capability=NULL
>> timeleft : 11:59:50
>
> The problems if I executed a job I am no mapped to the cesgasgm user
> as you can see in the following lines:
>
>> [prey@ui prey]$ globus-job-run ce2.egee.cesga.es /usr/bin/whoami
>> cesga001
>
> I can see the following errors into the
> /var/log/globus-gatekeeper.log file:
>
>> [...]
>> LCMAPS 0: 2007-06-13.10:49:29.418049.0000011659.0000023980 :
>> lcmaps_plugin_voms_poolaccount-plugin_run(): no primary group found
>> (failure)
>> [...]
>
> I have checked and there is no problem with other sgm user like
> opssgm, lhcbsgm, etc. This is the content of the
> /opt/edg/etc/lcmaps/gridmapfile file for the VO cesga:
>
>> "/VO=cesga/GROUP=/cesga/Role=production/Capability=NULL" cesgaprd
>> "/VO=cesga/GROUP=/cesga/Role=production" cesgaprd
>> "/VO=cesga/GROUP=/cesga/Role=VO-Admin/Capability=NULL" cesgasgm
>> "/VO=cesga/GROUP=/cesga/Role=VO-Admin" cesgasgm
>> "/VO=cesga/GROUP=/cesga/Role=NULL/Capability=NULL" .cesga
>> "/VO=cesga/GROUP=/cesga" .cesga
How did you configure that? YAIM should have given you this:
"/VO=cesga/GROUP=/cesga/ROLE=production/Capability=NULL" cesgaprd
"/VO=cesga/GROUP=/cesga/ROLE=production" cesgaprd
"/VO=cesga/GROUP=/cesga/ROLE=VO-Admin/Capability=NULL" cesgasgm
"/VO=cesga/GROUP=/cesga/ROLE=VO-Admin" cesgasgm
"/VO=cesga/GROUP=/cesga/Role=NULL/Capability=NULL" .cesga
"/VO=cesga/GROUP=/cesga" .cesga
The Role needs to be ROLE.
|