When you fix these problems can you ensure that the page
http://www.gridpp.ac.uk/wiki/GridPP_approved_VOs
gets updated with the relevant yaim incantations.
Best if you put a date stamp on your entry too.
Thanks Pete
--
----------------------------------------------------------------------
Peter Gronbech Senior Systems Manager and Tel No. : 01865 273389
SouthGrid Technical Co-ordinator Fax No. : 01865 273418
Department of Particle Physics,
University of Oxford,
Keble Road, Oxford OX1 3RH, UK E-mail : [log in to unmask]
----------------------------------------------------------------------
-----Original Message-----
From: Testbed Support for GridPP member institutes
[mailto:[log in to unmask]] On Behalf Of Christopher J.Walker
Sent: 19 January 2010 12:35
To: [log in to unmask]
Subject: Re: Fusion Authentication problems.
Matt Doidge wrote:
> Hello all,
>
> I was wondering in anyone successfully supporting the fusion VO in the
> UK could help me get their jobs working at our site. They seem to be
> plagued with voms authentication problems. At first this stemmed from
> the wrong information on their VO card but after updating my .lsc file
> for fusion to what appears to be the right values all I succeeded in
> doing was subtley change the error message from "7 authentication
with
> the remote server failed" to "7 an authorization operation failed".
> Looks like classic misconfigured voms settings. But I can't see how!
We
> have the same problem on our SE too, so it looks like we're missing
> something, whatever that is.
>
> Please could anyone who's managed to get fusion to work for them, or
has
> seen similar symptoms with another of the smaller, more esoteric VOs,
> please share with me any secrets you uncovered during your trials.
>
> For reference my fusion voms .lsc files looks like:
> cat /etc/grid-security/vomsdir/fusion/swevo.ific.uv.es.lsc
> DC=es/DC=irisgrid/O=ific/CN=swevo.ific.uv.es
> /DC=es/DC=irisgrid/CN=IRISGridCA
I think you said you'd solved this, but is there a missing / in the
first DN?
QMUL had a similar problem with superbvo.org (which has two voms servers
- the first worked, but the CA of the second wasn't listed in the .lsc
file. It turns out you need to list both in the yaim config.
Similarly for t2k.org and vo.londongrid.ac.uk I'd got the CA (which is
the second line in the file) wrong (historical reasons I think).
The error message in /var/log/messages could do with improving it has to
be said.
Chris
|