On Thu, 5 Feb 2009, Maarten Litmaath wrote:
> > I can't say that I investigated in any detail, but on both an
> > lcg-CE and a DPM SE I found that I needed the certificate in
> > /etc/grid-security/vomsdir even for those VOs WITH *.lsc files,
> > otherwise I got authentication errors,
> What are the contents and modes of the relevant *.lsc files?
Same on both the UI and SE:
# cat -A /etc/grid-security/vomsdir/mice/voms.gridpp.ac.uk.lsc
[log in to unmask]
/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA$
# ls -la /etc/grid-security/vomsdir/mice/voms.gridpp.ac.uk.lsc
-rw-r--r-- 1 root root 146 Feb 5 17:44 /etc/grid-security/vomsdir/mice/voms.gridpp.ac.uk.lsc
On the UI
# cat /opt/glite/etc/vomses/mice-voms.gridpp.ac.uk
"mice" "voms.gridpp.ac.uk" "15001" "[log in to unmask]" "mice"
# voms-proxy-init -voms mice
Cannot find file or dir: /home/eesrjjn/.glite/vomses
Enter GRID pass phrase:
Your identity: /C=UK/O=eScience/OU=Brunel/L=ECE/CN=henry nebrensky
Creating temporary proxy ..................................................... Done
Contacting voms.gridpp.ac.uk:15001 [[log in to unmask]] "mice" Done
Creating proxy ................................ Done
Your proxy is valid until Fri Feb 6 05:14:41 2009
# voms-proxy-info -all
WARNING: Unable to verify signature! Server certificate possibly not installed.
Error: Cannot verify AC signature!
subject : /C=UK/O=eScience/OU=Brunel/L=ECE/CN=henry nebrensky/CN=proxy
issuer : /C=UK/O=eScience/OU=Brunel/L=ECE/CN=henry nebrensky
identity : /C=UK/O=eScience/OU=Brunel/L=ECE/CN=henry nebrensky
type : proxy
strength : 1024 bits
path : /tmp/x509up_u2061
timeleft : 11:59:49
=== VO mice extension information ===
VO : mice
subject : /C=UK/O=eScience/OU=Brunel/L=ECE/CN=henry nebrensky
issuer : [log in to unmask]
attribute : /mice/Role=NULL/Capability=NULL
timeleft : 11:59:49
uri : voms01:15001
# globus-url-copy "gsiftp://dgc-grid-38.brunel.ac.uk/storage/for/LCG/mice/t_test.gz" "file://`pwd`/t_test.gz"
error: globus_ftp_client: the server responded with an error
530 Login incorrect. : VOMS error when processing cert
But if I then copy the certificate into the vomsdir on the SE behind the
scenes, the globus-url-copy works. Ditto lcg-cp works with the certificate
in place but fails with
[SE][get] httpg://dgc-grid-38.brunel.ac.uk:8443/srm/managerv1: CGSI-gSOAP:
Error reading token data header: Connection closed
lcg_cp: Communication error on send
when it is removed.
The SRM logs show errors like:
02/05 19:08:48 3142,0 srmv1: SRM02 - soap_serve error : [::ffff:128.142.202.184] (sam212.cern.ch) : CGSI-gSOAP: Error reading token data header: Connection closed
02/05 19:08:49 3142,0 srmv1: SRM02 - soap_serve error : [::ffff:134.83.94.53] (young.brunel.ac.uk) : CGSI-gSOAP: Error retrieveing the VOMS credentials
I don't know if it's possible to get more detail. The CE is full of jobs
at the moment so I don't want to mess with it.
Thanks
Henry
--
Dr. Henry Nebrensky [log in to unmask]
http://people.brunel.ac.uk/~eesrjjn
"The opossum is a very sophisticated animal.
It doesn't even get up until 5 or 6 p.m."
|