Dear All,
A Atlas user, invoking the production role, is failing to be authorized
in our ce02.lip.pt (lcg-ce with gLite 3.1 in SL4).
Here is the log message:
---*---
TIME: Tue Jan 15 13:13:38 2008
PID: 10085 -- Notice: 5: Authenticated globus user:
/DC=es/DC=irisgrid/O=pic/CN=xavier-espinal
lcas client name: /DC=es/DC=irisgrid/O=pic/CN=xavier-espinal
LCAS 0:
LCAS 1: Initialization LCAS version 1.3.7.0
allowing empty credentials
LCAS 2: LCAS authorization request
LCAS 0: lcas_userban.mod-plugin_confirm_authorization():
checking banned users in /opt/glite/etc/lcas/ban_users.db
LCAS 0:
lcas_plugin_voms-plugin_confirm_authorization_from_x509(): Generic
verification error for VOMS (failure): AC not yet (or not anymore) val
id.
LCAS 0: 2008-01-15.13:13:38 :
lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin
failed
LCAS 0: lcas.mod-lcas_run_va(): authorization failed for plugin
/opt/glite/lib/modules/lcas_voms.mod
LCAS 0: lcas.mod-lcas_run_va(): failed
JMA 2008/01/15 13:13:59 GATEKEEPER_JM_ID
2008-01-15.13:13:18.0000010032.0000000000 JM exiting
---*---
Other Atlas users are correctly authorized.
VOMS certificates and crls from the user CA are ok:
---*---
[root@ce02 ~]# openssl x509 -text -noout -in
/etc/grid-security/vomsdir/lcg-voms.cern.ch.2007-05-07 | grep -A 3 Validity
Validity
Not Before: May 7 11:10:27 2007 GMT
Not After : May 6 11:10:27 2008 GMT
Subject: DC=ch, DC=cern, OU=computers, CN=lcg-voms.cern.ch
[root@ce02 ~]# openssl crl -text -noout -in
/etc/grid-security/certificates/9dd23746.r0 | grep -A 3 Issuer
Issuer: /DC=es/DC=irisgrid/CN=IRISGridCA
Last Update: Jan 10 14:50:28 2008 GMT
Next Update: Feb 9 14:50:28 2008 GMT
CRL extensions:
---*---
I also asked the user to try a globus-url-copy which works properly:
---*---
[espinal@vobox05 PilotFactory]$ globus-url-copy -vb file:///bin/bash
gsiftp://ce02.lip.pt/tmp/xavi_test_150108.dat
Source: file:///bin/
Dest: gsiftp://ce02.lip.pt/tmp/
bash -> xavi_test_150108.dat
616248 bytes 0.42 MB/sec avg 0.42 MB/sec inst
---*---
Moreover, the user is mapped in grid-mapfile.
Isn't grid-mapfile supposed to work with VOMS fails? Can you give me
other suggestions?
Thanks in advance
Cheers
Goncalo
|