On Wed, Jul 9, 2008 at 3:15 PM, Alvaro Simon Garcia <[log in to unmask]> wrote:
> Hi Dimitris
>
> Yes we are using latest prod version. As said Dusan adding vo port to:
>
> --uri=voms.egee.cesga.es:15110
>
> instead of
>
> --uri=voms.egee.cesga.es
>
> fix our problem
Yes there are two known problems.
see the last two of
http://glite.web.cern.ch/glite/packages/R3.1/deployment/glite-VOMS_oracle/glite-VOMS_oracle-known-issues.asp
the VOMS_mysql page is not up to date which I'll get sorted now.
Steve
>
> Cheers and thanks
> Alvaro
>>
>> If you installed the latest voms from the glite repository, it is not ok
>> to use in production, check
>>
>> https://gus.fzk.de/pages/ticket_details.php?ticket=37334
>>
>> as it has been mentioned in this list recently.
>>
>>
>> O/H Alvaro Simon Garcia έγραψε:
>>>
>>> Dear all,
>>>
>>> We are testing a new voms server for vo cesga, conf seems to work fine
>>> and voms endpoint responds to:
>>>
>>> https://voms.egee.cesga.es:8443/voms/cesga
>>>
>>> when we try from our ui:
>>>
>>> $ voms-proxy-init --voms cesga
>>> Cannot find file or dir: /home/asimon/.glite/vomses
>>> Enter GRID pass phrase:
>>> Your identity: /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon
>>> Creating temporary proxy ................................................
>>> Done
>>> Contacting voms.egee.cesga.es:15110
>>> [/DC=es/DC=irisgrid/O=cesga/CN=host/voms.egee.cesga.es] "cesga" Done
>>> Creating proxy ............................................... Done
>>> Your proxy is valid until Thu Jul 10 01:46:54 2008
>>>
>>> works fine but if we try to check voms proxy:
>>>
>>> $ voms-proxy-info -debug --all
>>> *WARNING: Unable to verify signature! Server certificate possibly not
>>> installed.*
>>> *Error: Unable to determine hostname from AC.*
>>> subject : /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon/CN=proxy
>>> issuer : /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon
>>> identity : /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon
>>> type : proxy
>>> strength : 512 bits
>>> path : /tmp/x509up_u522
>>> timeleft : 11:58:34
>>> === VO cesga extension information ===
>>> VO : cesga
>>> subject : /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon
>>> issuer : /DC=es/DC=irisgrid/O=cesga/CN=host/voms.egee.cesga.es
>>> attribute : /cesga
>>> timeleft : 11:58:34
>>>
>>> And if we try to submit a test to our ce:
>>>
>>> $ globus-job-run ce2.egee.cesga.es:2119/jobmanager-lcgsge -q cesga
>>> /bin/hostname
>>> *GRAM Job submission failed because data transfer to the server failed
>>> (error code 10)*
>>>
>>> in ce2.egee.cesga.es we got these errors:
>>>
>>> # less /var/log/globus-gatekeeper.log
>>> ...
>>> ...
>>> TIME: Wed Jul 9 13:52:50 2008
>>> PID: 10120 -- Notice: 5: Authenticated globus user:
>>> /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon
>>> lcas client name: /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon
>>> LCAS 0:
>>> LCAS 1: Initialization LCAS version 1.3.7
>>> allowing empty credentials
>>> LCAS 2: LCAS authorization request
>>> LCAS 0: lcas_userban.mod-plugin_confirm_authorization(): checking
>>> banned users in /opt/glite/etc/lcas/ban_users.db
>>> LCAS 0:
>>> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): VOMS directory
>>> error (failure)!
>>> LCAS 0: 2008-07-09.13:52:50 :
>>> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin
>>> failed
>>> LCAS 0: lcas.mod-lcas_run_va(): authorization failed for plugin
>>> /opt/glite/lib/modules/lcas_voms.mod
>>> LCAS 0: lcas.mod-lcas_run_va(): failed
>>>
>>>
>>> ce2 is a gLite3.1 with
>>> /etc/grid-security/vomsdir/cesga/voms.egee.cesga.es.lsc file.
>>>
>>> If we use our old voms server, CE users mapping works fine, any idea?
>>>
>>>
>>> Thanks in advance
>>> Alvaro
>>>
>>
>>
>
--
Steve Traylen
|