This error message from your trace suggests that the clocks on the two machines are not in synch. Check the clock skew between the hosts, it needs to be less than 5 minutes. Rachana "globus_gsi_callback_module: The certificate is not yet valid: Cert with subject: /O=Grid/OU=GlobusTest/OU=simpleCA-rabail/CN=grid user 1 is not yet valid- check clock skew between hosts. "
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rabail javed Sent: Wednesday, June 20, 2007 7:43 AM To: Dhwani Shah Cc: [email protected] Subject: Re: [gt-user] chained IO Exception thank u so much for ur help ....but i am still stuck with these exceptions even after changing the fqdn to wulf08.niit.edu.pk when i am starting the the container ..on the second machine as a globus user i am getting these exceptions globus-start-container 2007-06-20 15:28:43,150 ERROR service.ReliableFileTransferImp l [main,<init>:69] Unable to setup database driver with pooling.Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections. 2007-06-20 15:28:43,677 WARN service.ReliableFileTransferHome [main,initialize:97] All RFT requests will fail and all GRAM jobs that require file staging will fail.Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections. 2007-06-20 15:28:44,709 ERROR container.GSIServiceThread [ServiceThread-9,process:141] Error processing request Authentication failed . Caused by Defective credential detected . Caused by org.globus.gsi.proxy.ProxyPathValidatorException: Certificate O=Grid,OU=GlobusTest,OU=simpleCA-rabail,CN=host/wulf08.niit.edu.pk not yet valid. at org.globus.gsi.proxy.ProxyPathValidator.checkValidity(ProxyPathValidator.jav a:749) at org.globus.gsi.proxy.ProxyPathValidator.validate (ProxyPathValidator.java:367) at org.globus.gsi.gssapi.GlobusGSSContextImpl$GSSProxyPathValidator.validate(Gl obusGSSContextImpl.java:668) at org.globus.gsi.gssapi.GlobusGSSContextImpl.verifyChain(GlobusGSSContextImpl. java:704) at org.globus.gsi.gssapi.GlobusGSSContextImpl.acceptSecContext(GlobusGSSContext Impl.java:303) at org.globus.gsi.gssapi.net.GssSocket.authenticateServer (GssSocket.java:124) at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:142) at org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:161) at org.globus.wsrf.container.GSIServiceThread.process(GSIServiceThread.java :98) at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291) Failed to obtain a list of services from 'https://127.0.0.1:8443/wsrf/services/ContainerRegistryService <https://127.0.0.1:8443/wsrf/services/ContainerRegistryService> ' service: ; nested exception is: java.io.EOFException I am discussing the whole issue in the context of my second machine....as you know there are two types of certificates user certificates and hostcertificates, while obtaining the certificates i executed the followin command grid-cert-request -host `hostname` from the root user coz i was suppose to obtain the host certificate ad get it signed from CA(first machine). i got the error that wulf08 is not the fully qualified name ....so i made the following changes in my /etc/hosts file 127.0.0.1 <http://127.0.0.1/> wulf08 localhost.localdomain localhost ::1 wulf08 localhost.localdomain localhost 192.168.1.110 <http://192.168.1.110/> wulf08.niit.edu.pk <http://wulf08.niit.edu.pk/> wulf08 and after obtaining the hostcertificate and usercertificate (for auser1) and getting it signed from the CA...when i executed the command globus-start-container ....got the above exception....."proxypathvalidatorexception"......secondly while using the following command for asuer1 ...am getting an error about the clocks [EMAIL PROTECTED] root]$ grid-proxy-init -debug -verify User Cert File: /home/auser1/.globus/usercert.pem User Key File: /home/auser1/.globus/userkey.pem Trusted CA Cert Dir: /etc/grid-security/certificates Output File: /tmp/x509up_u503 Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-rabail/CN=grid user 1 Enter GRID pass phrase for this identity: Creating proxy ............++++++++++++ ........++++++++++++ Done ERROR: Couldn't verify the authenticity of the user's credential to generate a proxy from. grid_proxy_init.c:1070:globus_credential: Error verifying credential: Failed to verify credential globus_gsi_callback_module: Could not verify credential globus_gsi_callback_module: The certificate is not yet valid: Cert with subject: /O=Grid/OU=GlobusTest/OU=simpleCA-rabail/CN=grid user 1 is not yet valid- check clock skew between hosts. On 6/20/07, Dhwani Shah <[EMAIL PROTECTED]> wrote: Javed, # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 <http://127.0.0.1> localhost.localdomain localhost 192.168.1.110 FQDN wulf08 Here FQDN means Full Qualified Domain Name something like this wulf08.orgname After changing the /etc/hosts, you also need to restart the network service. After that run the hostname command If it gives right hostname then there is some other error related to certificate Cheers Dhwani rabail javed wrote: i have already done that ....this the position of my /etc/hosts file # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 <http://127.0.0.1> wulf08 localhost.localdomain localhost ::1 wulf08 localhost.localdomain localhost 192.168.1.110 wulf08 wulf08 On 6/20/07, Ben Clifford <[EMAIL PROTECTED] > wrote: you might want to configure /etc/hosts so that wulf08 maps to the correct IP address. On Wed, 20 Jun 2007, rabail javed wrote: > it given the error that wulf08 is an unknown hostname > > On 6/19/07, Ben Clifford < [EMAIL PROTECTED]> wrote: > > > > > > what happens if you use wulf08 in the hostname instead of the IP address? > > > > On Tue, 19 Jun 2007, rabail javed wrote: > > > > > counter-create -s > > https://192.168.1.110:8443/wsrf/services/CounterService > > > > test.epr > > > > > > > > > On 6/19/07, Ben Clifford <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > On Fri, 15 Jun 2007, rabail javed wrote: > > > > > > > > > hi everyone, > > > > > i am quite new to gt4....i have installed gt4 on two machines....i > > can > > > > > successfully access the services running on one machine from the > > same > > > > > machine ...but i cannt access the services running on one machine > > from > > > > the > > > > > second one . and getting this exception > > > > > > > > > > Error: ; nested exception is: > > > > > org.globus.common.ChainedIOException: Authentication failed > > > > [Caused > > > > > by: Operation unauthorized (Mechanism level: Authorization failed. > > > > Expected > > > > > "/CN=host/192.168.1.110" target but received > > > > > "/O=Grid/OU=GlobusTest/OU=simpleCA-rabail/CN=host/wulf08")] > > > > > > > > What command did you run that output that error? > > > > > > > > -- > > > > > > > > > > > > > > > > > > > > > > > -- Regards, Rabail Javed Research Student, Bachelors of Information Technology NIIT Distributed & Grid Computing Research Group, X-General Secretary IEEE NIIT Student Branch-2005, National University of Science and Technology Rawalpindi, Pakistan. -- __________________________________________________________ Dhwani Shah Software Engineer Altair Engineering India, Enterprise Computing, Bangalore - 560 087 India _______ Web Address:www.altair.com _______ Contact: (O) +91-80-6629 4500 (Ext : 4793) (M) +919900571293 _______ Skype/googletalk: dhwanishahb __________________________________________________________ -- Regards, Rabail Javed Research Student, Bachelors of Information Technology NIIT Distributed & Grid Computing Research Group, X-General Secretary IEEE NIIT Student Branch-2005, National University of Science and Technology Rawalpindi, Pakistan.
