Hello everybody:
during the configuration of testbed with condor jobmanager I got the problem to send the joboutput from the worker node to the sandbox at the resource broker. During a quite intensive debugging procedure I could reduce the problem to the following (simplified) failure:
1. The worker node tries to send a file to the resource broker:
_________________________________________________________________
globus-url-copy file:///home/dteam001/test.txt gsiftp://rb01.pic.es/tmp
error: the server sent an error response: 535 535-FTPD GSSAPI error: GSS Major Status: Authentication Failed
535-FTPD GSSAPI error: GSS Minor Status Error Chain:
535-FTPD GSSAPI error:
535-FTPD GSSAPI error: accept_sec_context.c:170: gss_accept_sec_context: SSLv3 handshake problems
535-FTPD GSSAPI error: globus_i_gsi_gss_utils.c:881: globus_i_gsi_gss_handshake: Unable to verify remote side's credentials
535-FTPD GSSAPI error: globus_i_gsi_gss_utils.c:854: globus_i_gsi_gss_handshake: SSLv3 handshake problems: Couldn't do ssl handshake
535-FTPD GSSAPI error: OpenSSL Error: s3_srvr.c:1816: in library: SSL routines, function SSL3_GET_CLIENT_CERTIFICATE: no certificate returned
535-FTPD GSSAPI error: globus_gsi_callback.c:351: globus_i_gsi_callback_handshake_callback: Could not verify credential
535-FTPD GSSAPI error: globus_gsi_callback.c:460: globus_i_gsi_callback_cred_verify: Could not verify credential
535-FTPD GSSAPI error: globus_gsi_callback.c:607: globus_i_gsi_callback_check_proxy: Error with limited proxy certificate: Can't sign a cert with a limited proxy as the signer
535 FTPD GSSAPI error: accepting context
_______________________________________________________________________
There is a valid user proxy on the WN, and RB has a pool of 200 users related to the user proxy. Also the DN related to the proxy is given in the gridmap file at the RB. I believe the problem to be at the WN side related to the proxy, because I could reproduce the failure with every RB I tried. So what is missing?
Cheers,
Christian.
|