Morning all,
Durham are having a problem passing Steve Lloyd's tests due to LCAS
authentication. Last month performed a clean reinstall to SL4 CE and
WNs and the problem has occurred since. Interestingly some users are
authenticated fine, but others are not (e.g. Steve Lloyd). The error
message is...
TIME: Mon Apr 14 09:43:05 2008
PID: 6131 -- Notice: 5: Authenticated globus user:
/C=UK/O=eScience/OU=QueenMaryLondon/L=Physics/CN=steve lloyd
lcas client name: /C=UK/O=eScience/OU=QueenMaryLondon/L=Physics/CN=steve
lloyd
LCAS 0:
LCAS 1: Initialization LCAS version 1.3.7.0
allowing empty credentials
LCAS 2: LCAS authorization request
LCAS 0: lcas_userban.mod-plugin_confirm_authorization():
checking banned users in /opt/glite/etc/lcas/ban_users.db
LCAS 0:
lcas_plugin_voms-plugin_confirm_authorization_from_x509(): Did not find
a matching VO entry in the authorization file
LCAS 0: 2008-04-14.09:43:05 :
lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin
failed
LCAS 0: lcas.mod-lcas_run_va(): authorization failed for plugin
/opt/glite/lib/modules/lcas_voms.mod
LCAS 0: lcas.mod-lcas_run_va(): failed
This results in the "Job RetryCount (3) hit" and "10 data transfer to
the server failed" error.
http://hepwww.ph.qmul.ac.uk/~lloyd/gridpp/atest.html
I have narrowed the problem down to the LCAS plugin in
/opt/glite/etc/lcas/lcas.db...
#pluginname=lcas_voms.mod,pluginargs="-vomsdir
/etc/grid-security/vomsdir/ -certdir /etc/grid-security/certificates/
-authfile /etc/grid-security/grid-mapfile -authformat simple -use_user_dn"
With the above line commented out (which I tried over the w/e) then the
user is successfully mapped and the job runs successfully. This does
not seem to be the right solution to me so I put the line back in and we
are failing ATLAS tests again. Glasgow have seen something similar with
the CE segfaulting, but fixed it by reconfiguring and running YAIM...
which doesn't seem to work for me.
Currently up-to-date with all RPMS, running 32bit SL4.6. I have tried
reinstalling the RPMs and running YAIM again but to no avail.
Certificates seem to be installed correctly and user is in the the
grid-mapfile.
# rpm -qa | grep lcas
glite-security-lcas-plugins-check-executable-1.2.1-1.slc4
glite-security-lcas-interface-1.3.6-1.slc4
glite-security-lcas-plugins-voms-1.3.3-1.slc4
glite-security-lcas-1.3.7-0.slc4
glite-security-lcas-plugins-basic-1.3.2-2.slc4
glite-security-lcas-lcmaps-gt4-interface-0.0.13-1.slc4
# rpm -qa | grep lcg-CA
lcg-CA-1.20-1
Has anyone else seen this issue? Any ideas?
Cheers,
Phil
--
---
Phil Roffe - [log in to unmask]
IPPP, Department of Physics, Durham University,
Science Laboratories, South Road, Durham, DH1 3LE
Direct Dial: +44 (0)191 3343704
Office: +44 (0)191 334 3811
|