Hello, As many have noticed before, despite lots of entries for the pretend-naughty user in our gridftp logs they were not in the dmlite "userlist". In order to ban the user via dmlite I had to "useradd" them first (useradd "DN"). As I barely touch puppet at Lancaster I'm afraid I can neither confirm or deny that the argus puppet line Raul shared works - but it looks right. Cheers, Matt On 19/03/2019 11:46, Sam Skipsey wrote: > (I also note to the group that all of you should already have > dpm-argus installed, since it has been a soft requirement for GridPP > Storage sites for more than a year now !) > > On Tue, 19 Mar 2019 at 10:54, RAUL H C LOPES <[log in to unmask]> wrote: >> >> Hi, >> >> >> I had sent this to Dviid, Sam and Matt yesterday. >> >> >> I have used this SSC to run some tests in Brunel. Target is to check what works in DPM. >> >> >> Important: my storage at Brunel runs on DOME pre-1.12.1. You'll have seen it is in epel-tesing. >> >> >> Facts: >> >> - the old way to ban users in DPM before 1.10 doesn't work. >> >> dpns-modifyusrmap --uid 3734 --user "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=acaillet/CN=700993/CN=Amelie Caillet" --status LOCAL_BAN >> >> I tested it several times between Friday and today. >> >> >> Important: I discussed this today with dpm-dev and dpns-modifyusrmap does not work. >> >> >> >> - you can ban a user in DOME 1.12 with dmlite-shell by issuing >> >> userban "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=acaillet/CN=700993/CN=Amelie Caillet" 2 >> >> >> >> - you can check it >> >> >> dmlite-shell -e "userinfo"| grep BANNED >> - /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=acaillet/CN=700993/CN=Amelie Caillet (ID: 3734) (BANNED - LOCAL_BAN) >> >> >> - central ban seems to work. It uses a cron job to read from your designated Argus servers. >> >> >> Important: you have to install dpm-argus which isnot in epel. Stangely enough it is only found in UMD-4-updates. >> >> >> if you use puppet, then add to your recipe a class like >> >> >> class{'lcgdm::argus': >> argus_url => 'pumpkin.brunel.ac.uk:8154/authz', >> } >> >> I wonder if Matt can confirm it. >> >> >> Sam doesn't have DOME in production, however I bellieve that dmlite-shell ban will work. >> >> >> Thanks, raul >> >> >> >> ________________________________ >> >> To unsubscribe from the GRIDPP-STORAGE list, click the following link: >> https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=GRIDPP-STORAGE&A=1 > > ######################################################################## > > To unsubscribe from the GRIDPP-STORAGE list, click the following link: > https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=GRIDPP-STORAGE&A=1 > ######################################################################## To unsubscribe from the GRIDPP-STORAGE list, click the following link: https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=GRIDPP-STORAGE&A=1