On 03/23/2010 09:07 AM, Andreas Haupt wrote:
> Hi *,
>
> The VO vo.cta.in2p3.fr has an authentication problem on our lcg-CE. I
> can reproduce the problem on my test CE. A client with a valid voms
> proxy:
>
> [blade84] ~ % voms-proxy-info -all
> subject : /O=GermanGrid/OU=DESY/CN=Andreas Haupt/CN=proxy
> issuer : /O=GermanGrid/OU=DESY/CN=Andreas Haupt
> identity : /O=GermanGrid/OU=DESY/CN=Andreas Haupt
> type : proxy
> strength : 1024 bits
> path : /tmp/x509up_u9132
> timeleft : 11:33:22
> === VO vo.cta.in2p3.fr extension information ===
> VO : vo.cta.in2p3.fr
> subject : /O=GermanGrid/OU=DESY/CN=Andreas Haupt
> issuer : /O=GRID-FR/C=FR/O=CNRS/OU=CC-LYON/CN=cclcgvomsli01.in2p3.fr
> attribute : /vo.cta.in2p3.fr/Role=NULL/Capability=NULL
> timeleft : 11:33:22
> uri : cclcgvomsli01.in2p3.fr:15008
> [blade84] ~ % globus-job-run brutus-vm1 /bin/hostname
> GRAM Job submission failed because authentication with the remote server failed (error code 7)
>
> On my CE I can see this error message in /var/log/globus-gatekeeper.log:
>
> LCAS 0:
> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): VOMS
> Signature error (failure)!
> LCAS 0: 2010-03-23.07:55:14 :
> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin
> failed
> LCAS 0: lcas.mod-lcas_run_va(): authorization failed for
> plugin /opt/glite/lib/modules/lcas_voms.mod
> LCAS 0: lcas.mod-lcas_run_va(): failed
> LCAS failed authorization.
> Failure in LCAS Authorization
> Failure: globus_gss_assist_gridmap() failed authorization.
> globus_gss_assist: Error invoking callout
> globus_callout_module: The callout returned an error
> an unknown error occurred
>
> But I do not really understand this. I thought, everything is in place
> on this CE:
>
> [root@brutus-vm1 ~]# cat /etc/grid-security/vomsdir/vo.cta.in2p3.fr/cclcgvomsli01.in2p3.fr.lsc
> /O=GRID-FR/C=FR/O=CNRS/OU=CC-LYON/CN=cclcgvomsli01.in2p3.fr
> /C=FR/O=CNRS/CN=GRID-FR
> [root@brutus-vm1 ~]# openssl x509 -dates -in /etc/grid-security/vomsdir/cclcgvomsli01.in2p3.fr.1413.pem -noout
> notBefore=Dec 1 15:39:07 2009 GMT
> notAfter=Dec 1 15:39:07 2010 GMT
>
> Anything I am missing? It works for all other VOs ...
>
> Cheers& Thanks
> Andreas
>
In cclcgvomsli01.in2p3.fr.lsc the second line should be
/C=FR/O=CNRS/CN=GRID2-FR
Cheers
Edith
--
--------------------------------------------------------------
Edith Knoops
CPPM/CNRS Mail: [log in to unmask]
163 Av de Luminy case 902 Tel : (+33) (0)4 91 82 72 02
13288 Marseille Cedex 9 France Fax : (+33) (0)4 91 82 72 99
--------------------------------------------------------------
|