> Hi William,
>
> Just the basics first of all.
>
> 1. Do you have a valid certificate installed?
Yup, valid until 11th February next year.
> 2. What are the permissions on the certificate?
> 3. Is there a valid copy of the certificate (permisssions and ownership)
> in /etc/grid-security/dpmmgr
> 4. Are the permissions on the certificates directory OK?
- -bash-2.05b$ cd /etc/grid-security
- -bash-2.05b$ ls -ld *.pem */*.pem certificates
drwxr-xr-x 2 root root 12288 Dec 13 10:19 certificates
- -rw-r--r-- 1 lczzdpm lczz 2245 Jan 12 2007 dpmmgr/dpmcert.pem
- -r-------- 1 lczzdpm lczz 1842 Jan 12 2007 dpmmgr/dpmkey.pem
- -rw-r--r-- 1 root root 2245 Jan 12 2007 hostcert.pem
- -r-------- 1 root root 1842 Jan 12 2007 hostkey.pem
t@gw-3 dpmmgr]# grep :4070: /etc/passwd /etc/group
/etc/passwd:lczzdpm:x:99682:4070::/localhome/lczzdpm:/bin/bash
/etc/passwd:dpmmgr:x:99682:4070::/localhome/lczzdpm:/bin/bash
/etc/group:lczz:x:4070:
/etc/group:dpmmgr:x:4070:
I have a sinking feeling that should be 444 for the certs although we haven't
had problems until now. Are more recent versions more sensitive? Chmoded
now.
> 5. Can you sent the dpm and dpns logs during one of these transactions
> that fails?
Not one of Andrew's AFAICT but the error showed up in our srmv1 log at this time
srmv1 log:
12/13 12:57:38 22346,0 advisoryDelete: returns 0
12/13 13:00:12 22346,0 srmv1: SRM02 - soap_serve error : CGSI-gSOAP: GSS Major Status: General failure
GSS Minor Status Error Chain:
unwrap.c:273: gss_unwrap: internal problem with SSL BIO: SSL_read rc=-1
OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 o
bject call
OpenSSL Error: rsa_eay.c:578: in library: rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check
failed
OpenSSL Error: rsa_pk1.c:100: in library: rsa routines, function RSA_padding_check_PKCS1_type_1: block
type is not 01
OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 o
bject call
OpenSSL Error: rsa_eay.c:578: in library: rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check
failed
OpenSSL Error: rsa_pk1.c:100: in library: rsa routines, function RSA_padding_check_PKCS1_type_1: block
type is not 01
OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 o
bject call
OpenSSL Error: rs
DPM log:
12/13 12:57:55 22252,23 dpm_srv_getpools: DP092 - getpools request by /C=UK/O=eScience/OU=UCL/L=EISD/CN
[log in to unmask] (0,0) from gw-3.ccc.ucl.ac.uk
12/13 12:57:55 22252,23 dpm_srv_getpools: returns 0
12/13 12:57:55 22252,23 dpm_srv_getpoolfs: DP092 - getpoolfs request by /C=UK/O=eScience/OU=UCL/L=EISD/
[log in to unmask] (0,0) from gw-3.ccc.ucl.ac.uk
12/13 12:57:55 22252,23 dpm_srv_getpoolfs: returns 0
12/13 12:58:59 22252,23 dpm_srv_getpools: DP092 - getpools request by /C=UK/O=eScience/OU=UCL/L=EISD/CN
[log in to unmask] (0,0) from gw-3.ccc.ucl.ac.uk
12/13 12:58:59 22252,23 dpm_srv_getpools: returns 0
12/13 12:58:59 22252,23 dpm_srv_getpoolfs: DP092 - getpoolfs request by /C=UK/O=eScience/OU=UCL/L=EISD/
[log in to unmask] (0,0) from gw-3.ccc.ucl.ac.uk
12/13 12:58:59 22252,23 dpm_srv_getpoolfs: returns 0
12/13 13:00:03 22252,23 dpm_srv_getpools: DP092 - getpools request by /C=UK/O=eScience/OU=UCL/L=EISD/CN
[log in to unmask] (0,0) from gw-3.ccc.ucl.ac.uk
12/13 13:00:03 22252,23 dpm_srv_getpools: returns 0
12/13 13:00:03 22252,23 dpm_srv_getpoolfs: DP092 - getpoolfs request by /C=UK/O=eScience/OU=UCL/L=EISD/
[log in to unmask] (0,0) from gw-3.ccc.ucl.ac.uk
12/13 13:00:03 22252,23 dpm_srv_getpoolfs: returns 0
12/13 13:01:07 22252,23 dpm_srv_getpools: DP092 - getpools request by /C=UK/O=eScience/OU=UCL/L=EISD/CN
[log in to unmask] (0,0) from gw-3.ccc.ucl.ac.uk
12/13 13:01:07 22252,23 dpm_srv_getpools: returns 0
12/13 13:01:07 22252,23 dpm_srv_getpoolfs: DP092 - getpoolfs request by /C=UK/O=eScience/OU=UCL/L=EISD/
[log in to unmask] (0,0) from gw-3.ccc.ucl.ac.uk
12/13 13:01:07 22252,23 dpm_srv_getpoolfs: returns 0
12/13 13:02:11 22252,23 dpm_srv_getpools: DP092 - getpools request by /C=UK/O=eScience/OU=UCL/L=EISD/CN
[log in to unmask] (0,0) from gw-3.ccc.ucl.ac.uk
12/13 13:02:11 22252,23 dpm_srv_getpools: returns 0
12/13 13:02:11 22252,23 dpm_srv_getpoolfs: DP092 - getpoolfs request by /C=UK/O=eScience/OU=UCL/L=EISD/
[log in to unmask] (0,0) from gw-3.ccc.ucl.ac.uk
DPNS log:
12/13 12:57:38 22129,0 Cns_srv_unlink: returns 0
12/13 13:23:10 22129,0 Cns_srv_getidmap: NS092 - getidmap request by /DC=ch/DC=cern/OU=Organic Units/OU
=Users/CN=samoper/CN=582979/CN=Judit Novak (133,10048) from gw-3.ccc.ucl.ac.uk
12/13 13:23:10 22129,0 Cns_srv_getidmap: NS098 - getidmap /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=s
amoper/CN=582979/CN=Judit Novak
> 6. What virtual id is Andrew being mapped to in the DPM database
> (Cns_user_info)?
mysql> select * from Cns_userinfo where username="/C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=andrew elwell";
+-------+--------+---------------------------------------------------------+
| rowid | userid | username |
+-------+--------+---------------------------------------------------------+
| 94 | 95 | /C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=andrew elwell |
+-------+--------+---------------------------------------------------------+
1 row in set (0.00 sec)
Thanks
------- End of Forwarded Message
|