Hi Phil,
what is the content of your /etc/grid-security/vomsdir ?
Do you have the correct configuration for the CERN VOMS DN and VOMS CA DNs?
cheers
alessandra
Phil Roffe wrote:
> Morning all,
>
> Durham are having a problem passing Steve Lloyd's tests due to LCAS
> authentication. Last month performed a clean reinstall to SL4 CE and
> WNs and the problem has occurred since. Interestingly some users are
> authenticated fine, but others are not (e.g. Steve Lloyd). The error
> message is...
>
> TIME: Mon Apr 14 09:43:05 2008
> PID: 6131 -- Notice: 5: Authenticated globus user:
> /C=UK/O=eScience/OU=QueenMaryLondon/L=Physics/CN=steve lloyd
> lcas client name: /C=UK/O=eScience/OU=QueenMaryLondon/L=Physics/CN=steve
> lloyd
> LCAS 0:
> LCAS 1: Initialization LCAS version 1.3.7.0
> allowing empty credentials
> LCAS 2: LCAS authorization request
> LCAS 0: lcas_userban.mod-plugin_confirm_authorization():
> checking banned users in /opt/glite/etc/lcas/ban_users.db
> LCAS 0:
> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): Did not find
> a matching VO entry in the authorization file
> LCAS 0: 2008-04-14.09:43:05 :
> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin
> failed
> LCAS 0: lcas.mod-lcas_run_va(): authorization failed for plugin
> /opt/glite/lib/modules/lcas_voms.mod
> LCAS 0: lcas.mod-lcas_run_va(): failed
>
> This results in the "Job RetryCount (3) hit" and "10 data transfer to
> the server failed" error.
> http://hepwww.ph.qmul.ac.uk/~lloyd/gridpp/atest.html
>
> I have narrowed the problem down to the LCAS plugin in
> /opt/glite/etc/lcas/lcas.db...
> #pluginname=lcas_voms.mod,pluginargs="-vomsdir
> /etc/grid-security/vomsdir/ -certdir /etc/grid-security/certificates/
> -authfile /etc/grid-security/grid-mapfile -authformat simple -use_user_dn"
>
> With the above line commented out (which I tried over the w/e) then the
> user is successfully mapped and the job runs successfully. This does
> not seem to be the right solution to me so I put the line back in and we
> are failing ATLAS tests again. Glasgow have seen something similar with
> the CE segfaulting, but fixed it by reconfiguring and running YAIM...
> which doesn't seem to work for me.
>
> Currently up-to-date with all RPMS, running 32bit SL4.6. I have tried
> reinstalling the RPMs and running YAIM again but to no avail.
> Certificates seem to be installed correctly and user is in the the
> grid-mapfile.
> # rpm -qa | grep lcas
> glite-security-lcas-plugins-check-executable-1.2.1-1.slc4
> glite-security-lcas-interface-1.3.6-1.slc4
> glite-security-lcas-plugins-voms-1.3.3-1.slc4
> glite-security-lcas-1.3.7-0.slc4
> glite-security-lcas-plugins-basic-1.3.2-2.slc4
> glite-security-lcas-lcmaps-gt4-interface-0.0.13-1.slc4
> # rpm -qa | grep lcg-CA
> lcg-CA-1.20-1
>
> Has anyone else seen this issue? Any ideas?
>
> Cheers,
> Phil
>
--
"Well you'll still need a tray"
|