Thanks for all your help.
Increasing the debug levels points to "Error opening LCAS lib:
liblcas.so: cannot open shared object file: No such file or
directory", which to my shame is addressed in the manual:
http://www.nikhef.nl/grid/lcaslcmaps/man/glexec.1.0_9.html#LIBRARY%20PATH%20NOTES
My glexec.conf was made by yaim (though obviously I run some crippled
version of yaim here), I will try with the libraries added and minus
the <if,there,are> and report back.
cheers,
Daniela
On 14 June 2012 14:42, Stephen Jones <[log in to unmask]> wrote:
> On 06/14/2012 12:34 PM, Daniela Bauer wrote:
>>
>> user_white_list = .lt2-opsplt,<if,there,are>
>
>
>
> Hi Daniela;
>
> Maybe I've seen 202 before, but I can't remember why! What's the
> ".lt2-opsplt,<if,there,are>" line for? If,There,Are? It looks like a bug.
> Anything in syslog?
>
> Note: My /opt/glite/etc/glexec.conf is slightly different:
> [root@r21-n01 scripts]# cat /opt/glite/etc/glexec.conf
>
> [glexec]
> silent_logging = no
> log_level = 0
> user_white_list = .pilalc,.pilatl,.pilcms,.pillhb,.pilops
> linger = yes
> target_lock_mechanism = flock
> input_lock_mechanism = flock
> lcmaps_db_file = /opt/glite/etc/lcmaps/lcmaps-glexec.db
>
> lcmaps_log_file = /var/log/glexec/lcas_lcmaps.log
> lcmaps_debug_level = 0
> lcmaps_log_level = 1
> lcmaps_get_account_policy = glexec_get_account
> lcmaps_verify_account_policy = glexec_verify_account
>
> lcas_db_file = /opt/glite/etc/lcas/lcas-glexec.db
>
> lcas_log_file = /var/log/glexec/lcas_lcmaps.log
> lcas_debug_level = 0
> lcas_log_level = 1
> user_identity_switch_by = lcmaps
> preserve_env_variables = no
> log_destination = file
> log_file = /var/log/glexec/glexec_log
>
> Turn the logging up. And here's another test scheme:
>
> Make a proxy.
> voms-proxy-init --voms dteam
>
> Be on test worker node, as root. Copy in the proxy.
> scp root@hepgrid1://user2/sjones/.globus/x509up_u460 /tmp/x509up_u460
>
>
> Change ownership of proxy to a pilot account.
> chown pilatl01:atlas /tmp/x509up_u460
>
> Change permissions.
> chmod 600 /tmp/x509up_u460
>
> Switch to the pilot user.
> su - pilatl01
>
>
> Run these commands to setup for the test.
> export GLEXEC_CLIENT_CERT=/tmp/x509up_u460
> export GLEXEC_SOURCE_PROXY=/tmp/x509up_u460
> export X509_USER_PROXY=/tmp/x509up_u460
>
> Do the test
> /opt/glite/sbin/glexec /usr/bin/id
>
>
> If all is well, you will see something like this:
> uid=24683(dteam184) gid=2028(dteam) groups=2028(dteam)
>
>
> Steve
>
>
>
>
>
>
> --
> Steve Jones [log in to unmask]
> System Administrator office: 220
> High Energy Physics Division tel (int): 42334
> Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334
> University of Liverpool http://www.liv.ac.uk/physics/hep/
--
-----------------------------------------------------------
[log in to unmask]
HEP Group/Physics Dep
Imperial College
Tel: +44-(0)20-75947810
http://www.hep.ph.ic.ac.uk/~dbauer/
|