On 11/25/2014 03:49 PM, Winnie Lacesso wrote:
> Steve & Ewan, THANKS**N for info. Using Steve's HowTo on the OX UI:
>
> lacesso@pplxint8> voms-proxy-init --voms cms --vomses /etc/vomses/cms-lcg-voms2.cern.ch
> Enter GRID pass phrase for this identity:
> Contacting lcg-voms2.cern.ch:15002
> [/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch] "cms"...
> Remote VOMS server contacted succesfully.
>
> WARNING: VOMS AC validation for VO cms failed for the following reasons:
> LSC signature validation failed: matching AA cert
Well, here's an idea. That looks like a problem with the LSC files.
The LSC files contain the DN and the Authority's DN.
The chain of trust requires the right LSC files to be in place.
So make this check, which lists the LSC files, cats them and md5sums them.
Let us know if the files for (say) cms are OK, like (I hope) these
ones are:
# cd /etc/grid-security/vomsdir/cms
# for f in *lsc; do echo LSC Fle: $f; cat $f; md5sum $f; done
LSC Fle: lcg-voms2.cern.ch.lsc
/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch
/DC=ch/DC=cern/CN=CERN Grid Certification Authority
6de61c4159714255af72e88d42533ba9 lcg-voms2.cern.ch.lsc
LSC Fle: lcg-voms.cern.ch.lsc
/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority
4860d8cc6bfddf904abd9ae1cc148bcb lcg-voms.cern.ch.lsc
LSC Fle: voms2.cern.ch.lsc
/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch
/DC=ch/DC=cern/CN=CERN Grid Certification Authority
6d76808d910addd12c72b89139be5e2c voms2.cern.ch.lsc
LSC Fle: voms.cern.ch.lsc
/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority
49bb61e3fd367854a2a57443d1bef4dd voms.cern.ch.lsc
Cheers,
Steve
> CN=lcg-voms2.cern.ch,OU=computers,DC=cern,DC=ch fails signature
> verification.
> AC signature verification failure: no valid VOMS server
> credential found.
>
> Created proxy in /tmp/x509up_u1152.
>
> Your proxy is valid until Tue Nov 25 22:52:03 GMT 2014
>
> Not sure if that's success or fail! Same output using
> /etc/vomses/cms-voms2.cern.ch
>
> With voms-proxy-init --voms cms --vomses /etc/vomses/cms-lcg-voms.cern.ch
> No such error messages.
>
> However not likely any CMS users at Oxford so suppose not matter!
>
> On the Bristol UI, both the new ones work fine:
>
> phpwl@lcgui02> voms-proxy-init --voms cms --vomses /etc/vomses/cms-lcg-voms2.cern.ch
> Enter GRID pass phrase for this identity:
> Contacting lcg-voms2.cern.ch:15002 [/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch] "cms"...
> Remote VOMS server contacted succesfully.
> Created proxy in /tmp/x509up_u50895.
> Your proxy is valid until Wed Nov 26 03:41:56 GMT 2014
>
> ditto using --vomses /etc/vomses/cms-voms2.cern.ch Hurrah!
>
> They had consistently errored out before (first tried this several days
> ago). Suspect someone at remote end may've noticed something wrong & fixed
> it - it all works now.
>
> Thanks as ever for the good TB-SUPPORT!
>
> Winnie Lacesso / Bristol University Particle Physics Computing Systems
> HH Wills Physics Laboratory, Tyndall Avenue, Bristol, BS8 1TL, UK
--
Steve Jones [log in to unmask]
System Administrator office: 220
High Energy Physics Division tel (int): 42334
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334
University of Liverpool http://www.liv.ac.uk/physics/hep/
|