Hi Mischa
>
> not sure what's going wrong, but what you see in the Argus pepd log is
> the FQANs from the payload proxy (the one which is put in
> GLEXEC_CLIENT_CERT) and should certainly NOT have the pilot role.
> You can also see that from the output:
> Payload information:
> Payload DN: /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=sciaba/CN=430796/CN=Andrea Sciaba/CN=proxy/CN=proxy/CN=proxy
> Payload Primary FQAN: /cms/Role=NULL/Capability=NULL
> The X509_USER_PROXY is used for the SSL handshake with the Argus server.
> Somehow the payload proxy does not lead to a proper mapping. You might
> find the reason in the syslog (as indicated by gLExec). It's important
> to know what type of state is returned by the Argus PEPd (e.g.
> indeterminate, not applicable etc.).
syslog shows me the following information for the event under discussion:
---*---
Jul 4 15:25:17 wn151 cvmfs2: (cms.cern.ch) Signed catalog loaded from
http://cvmfs-stratum-one.cern.ch:8000/opt/cms;http://cernvmfs.gridpp.rl.ac.uk:8000/opt/cms;http://cvmfs.rac
f.bnl.gov:8000/opt/cms, signed by Publisher: /CN=cms.cern.ch CERN-IT
Install Certificate issued by: /CN=cms.cern.ch CERN-IT Install
Jul 4 15:25:17 wn151 cvmfs2: (cms.cern.ch) switched to catalog revision 556
Jul 4 15:25:27 wn151 glexec[15068]: Trying to read /etc/glexec.conf as
201(glexec)/202(glexec)
Jul 4 15:25:27 wn151 glexec[15068]: lcmaps: checkResponseSanity: Error:
the decision for result[0] is Not Applicable. This means your request is
not allowed to continue based on this decision.
Jul 4 15:25:27 wn151 glexec[15068]: lcmaps: oh_process_uidgid: Error:
checkResponseSanity() returned a failure condition in the response
message. Stopped looking into the obligations
Jul 4 15:25:27 wn151 glexec[15068]: lcmaps: Error:
pep_authorize(request,response) failed. The Argus-PEP return code is: 9
with error message: "OH process error"
Jul 4 15:25:27 wn151 glexec[15068]: lcmaps: LCMAPS failed to do mapping
and return account information
---*---
So it returns a "Not Applicable" error but still it does not tell me the
actuall reason.
Cheers and Thanks for you help
Goncalo
|