 |
 |
Hi Todd, It doesn't work with a single account to map to, either for a particular VO or for a particular role/group within a VO. In this case, you need to have a pool of opssgm accounts. and to map your role to .opssgm, or just use the existing pool .ops for the whole VO... Best regards, Antun ----- Antun Balaz E-mail: [log in to unmask] Web: http://www.scl.rs/ Phone: +381 11 3713152 Fax: +381 11 3162190 Scientific Computing Laboratory Institute of Physics Belgrade Pregrevica 118, 11080 Belgrade, Serbia ----- On 26 May 2010, at 04:33 , Todd Wu wrote: > Dear list, > > I have installed a wms for ronagios, but I encountered a problem that the wms can't > recogonize the role of my FQANs. > > Example: ops VO without role: > > $ voms-proxy-info -all > subject : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236/CN=proxy > issuer : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236 > identity : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236 > type : proxy > strength : 512 bits > path : /tmp/x509up_u45065 > timeleft : 11:59:50 > === VO ops extension information === > VO : ops > subject : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236 > issuer : /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch > attribute : /ops/Role=NULL/Capability=NULL > attribute : /ops/ROC/Role=NULL/Capability=NULL > attribute : /ops/ROC/AsiaPacific/Role=NULL/Capability=NULL > timeleft : 11:59:50 > $ glite-wms-job-submit -a test.jdl > > Connecting to the service https://rocwms.grid.sinica.edu.tw:7443/glite_wms_wmproxy_server > > > ====================== glite-wms-job-submit Success ====================== > > The job has been successfully submitted to the WMProxy > Your job identifier is: > > https://roclb.grid.sinica.edu.tw:9000/fvC9qYUE0Dw-CE902BIfGA > > ========================================================================== > > Example: ops VO with role: > > $ voms-proxy-info -all subject : > /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236/CN=proxy > issuer : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236 > identity : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236 > type : proxy > strength : 512 bits > path : /tmp/x509up_u45065 > timeleft : 11:59:54 > === VO ops extension information === > VO : ops > subject : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236 > issuer : /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch > attribute : /ops/Role=lcgadmin/Capability=NULL > attribute : /ops/ROC/Role=NULL/Capability=NULL > attribute : /ops/ROC/AsiaPacific/Role=NULL/Capability=NULL > attribute : /ops/Role=NULL/Capability=NULL > timeleft : 11:59:54 > $ glite-wms-job-submit -a test.jdl > Connecting to the service https://rocwms.grid.sinica.edu.tw:7443/glite_wms_wmproxy_server > > > Error - Operation failed > Unable to submit the job to the service: > https://rocwms.grid.sinica.edu.tw:7443/glite_wms_wmproxy_server > LCMAPS failed to map user credential > > Method: jobSubmit > Error code: 1207 > > > In rocwms grid-mapfile, the mapping rule is correct: > "/ops/Role=lcgadmin/Capability=NULL" opssgm > "/ops/Role=lcgadmin" opssgm > "/ops/Role=NULL/Capability=NULL" .ops > "/ops" .ops > > I can simply add my DN into mapfile to solve the problem, but I am wondering why this > happened and how to fix it? > Many thanks. > > BR, > Todd