Dear All, Our CE running lcg-CE-3.1.37-0 had its site-info.def changed yesterday & yaim rerun. Since then it fails all OPS SAM tests being unable to map DN to opssgm account. Alice, LHCb & CMS SAM tests all ok though. In /etc/grid-security grep -l opssgm * results in nothing whereas on sister CE (running 3.1.38 if it matters) it's found in several files. The change to site-info.def was changing QUEUE_GROUPS=" /dteam/ROLE=lcgadmin /dteam/ROLE=production dteam /ops/ROLE=lcgadmin /ops/ROLE=production ops /alice/ROLE=lcgadmin /alice/ROLE=production /alice/ROLE=pilot alice etcetc-for-other-VOs " QUEUES="long medium short express" LONG_GROUP_ENABLE="$QUEUE_GROUPS" MEDIUM_GROUP_ENABLE="$QUEUE_GROUPS" SHORT_GROUP_ENABLE="$QUEUE_GROUPS" to TESTQUEUE_GROUPS=" /dteam/ROLE=lcgadmin /dteam/ROLE=production dteam /ops/ROLE=lcgadmin /ops/ROLE=production ops " REALQUEUE_GROUPS=" /alice/ROLE=lcgadmin /alice/ROLE=production /alice/ROLE=pilot alice etcetc-for-other-VOs-except-ops+dteam " QUEUES="long medium short express" QUEUE_GROUPS="${TESTQUEUE_GROUPS} ${REALQUEUE_GROUPS}" SHORT_GROUP_ENABLE=$QUEUE_GROUPS EXPRESS_GROUP_ENABLE=$QUEUE_GROUPS # don't give ops access to long/medium = SAM jobs time out in queue LONG_GROUP_ENABLE=$REALQUEUE_GROUPS MEDIUM_GROUP_ENABLE=$REALQUEUE_GROUPS Are "" really needed around $QUEUE_GROUPS in <queue>_GROUP_ENABLE? Is the space in the new defined QUEUE_GROUPS likely the bug? Is there some other bug there? Having rerun yaim, qmgr now says ops only allowed to short & express. The symptoms are in /var/log/globus-gatekeeper.log lcas client name: /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=samoper/CN=582979/CN=Judit Novak LCAS 0: lcas_plugin_voms-plugin_confirm_authorization_from_x509(): Did not find a matching VO entry in the authorization file Until finding the post http://scotgrid.blogspot.com/2008/08/nanocmos-lcas-fail.html So as they said, commenting out the lcas_voms.mod in /opt/glite/etc/lcas/lcas.db Now the error in /var/log/globus-gatekeeper.log changes to LCMAPS 0: 2010-02-14.04:02:48.0000006664.0000000000 : lcmaps_plugin_voms_localaccount-plugin_run(): Could not find a VOMS localaccount in /etc/grid-security/grid-mapfile (failure) Help! How does yaim make files in /etc/grid-security & 'lose' knowledge of opssgm ? (Afraid don't know much about this) This CE shares a gridmapdir with its sister CE (different arch SL5 WN) via NFS so that pool accounts should get mapped the same on both clusters, but opssgm is not in there. Now, anyway. Sister CE passing all OPS SAM tests, still has older form of site-info.def. (PS both CEs actually in Scheduled MAINT ATM for HPC machine room Power Maintenance) Very grateful for debug help.