Hi John,
Yep, we added her DN to /opt/glite/etc/lcas/ban_users.db
Could this be causing our problems?
Mike.
Gordon, JC (John) wrote:
> Andrew, you haven't just banned the biomed rogue have you?
>
> john
>
> -----Original Message-----
> From: "Andrew Elwell" <[log in to unmask]>
> To: "[log in to unmask]" <[log in to unmask]>
> Sent: 08/08/08 17:02
> Subject: lcas_voms.mod woes
>
> Hi Gang,
>
> typical on a Friday afternoon we started to fail sam tests with the dreaded
> 10 data transfer to the server failed
>
> looking at the gatekeeper logs we have a problem with the lcas_voms plugin:
>
> going from
>
> TIME: Fri Aug 8 14:17:27 2008
> PID: 5511 -- Notice: 5: Authenticated globus user:
> /C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart
> lcas client name: /C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart
> LCAS 0:
> LCAS 1: Initialization LCAS version 1.3.7
> allowing empty credentials
> LCAS 2: LCAS authorization request
> LCAS 0: lcas_userban.mod-plugin_confirm_authorization():
> checking banned users in /opt/glite/etc/lcas/ban_users.db
> LCAS 0: 2008-08-08.14:17:27 :
> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin
> succeeded
> LCAS 0: lcas.mod-lcas_run_va(): succeeded
> LCAS 1: Termination LCAS
>
>
> to
>
> TIME: Fri Aug 8 14:17:54 2008
> PID: 5949 -- Notice: 5: Authenticated globus user:
> /C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart
> lcas client name: /C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart
> LCAS 0:
> LCAS 1: Initialization LCAS version 1.3.7
> allowing empty credentials
> LCAS 2: LCAS authorization request
> LCAS 0: lcas_userban.mod-plugin_confirm_authorization():
> checking banned users in /opt/glite/etc/lcas/ban_users.db
> LCAS 0:
> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): Did not
> find a matching VO entry in the authorization file
> LCAS 0: 2008-08-08.14:17:54 :
> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin
> failed
> LCAS 0: lcas.mod-lcas_run_va(): authorization failed for plugin
> /opt/glite/lib/modules/lcas_voms.mod
> LCAS 0: lcas.mod-lcas_run_va(): failed
> TIME: Fri Aug 8 14:17:58 2008
> PID: 6023 -- Notice: 6: Got connection 192.36.236.93 at Fri Aug 8
> 14:17:58 2008
>
>
>
> -- any thoughts on where to start hunting?
>
> We commented out the lcas.db entry to get the site alive again but
> this isn't sustainable
>
> svr021:~# cat /opt/glite/etc/lcas/lcas.db
> # LCAS database/plugin list
> #
> # Format of each line:
> # pluginname="<name/path of plugin>", pluginargs="<arguments>"
> #
> pluginname=lcas_userban.mod,pluginargs=ban_users.db
> ##pluginname=lcas_voms.mod,pluginargs="-vomsdir
> /etc/grid-security/vomsdir/ -certdir /etc/grid-security/certificates/
> -authfile /etc/grid-security/grid-mapfile -authformat simple
> -use_user_dn"
>
>
> svr021:~# ls -ld /etc/grid-security/vomsdir/
> /etc/grid-security/certificates/ /etc/grid-security/grid-mapfile
> drwxr-xr-x 2 root root 20480 Aug 8 14:26 /etc/grid-security/certificates/
> -rw-r--r-- 1 root root 867344 Aug 8 14:17 /etc/grid-security/grid-mapfile
> drwxr-xr-x 21 root root 4096 Jul 22 23:16 /etc/grid-security/vomsdir/
>
>
> yes the grid-mapfile was altered at this time as we'd added a new user
> but diffing doesn't look bad.
>
> Andrew
|