If it's really the exact same error, then that would indicate that
the replacement host certificate didn't get loaded. Otherwise the
line reading:
The name of the remote host ( here.host.fr)
would have to read
The name of the remote host ( here1.host.fr)
If it's not, then something has gone wrong with how GridFTP is
getting its hostcert. How is your gridFTP server being launched? If
it's from xinetd, then I'm very confused. If you ran it by hand as
root, you might need to restart it.
So, could you paste the error from after you replace the certificate,
just so I can be sure that it really reads the exact same thing, and
not just something similar?
Thanks!
Charles
On Jul 19, 2007, at 4:59 PM, Francois Hornoy wrote:
Hi Charles,
On 7/19/07, Charles Bacon <[EMAIL PROTECTED]> wrote:
Can you show what the error message is when you replace the
certificate with one that reads here1 instead of here? The
algorithm should be:
1) Get IP address associated with the hostname
2) Reverse-lookup that IP
So if here1 -> IP1 -> here1, then that sounds like the right name
to use in the certificate.
Thanks for the explanation. "nslookup" ensures me that it is right
here1->IP1->here1.
Though, still the error. It's the same error. I just regenerate a
host certificate (and i redo the copy for the container) on the
server.
May i change something on the client? May i change the CA of the
grid, hosted on the server, with the correct hostname (here1)?
Francois.
Charles
On Jul 19, 2007, at 4:45 PM, Francois Hornoy wrote:
I'm experiencing some DNS related problems. The "server" running
the globus container is " here.host.fr". But the DNS server
replies " here1.host.fr". The "hostname" command on that server
outputs: "here.host.fr".
So i (logically?) get this error:
$ globus-url-copy -vb gsiftp://here.host.fr/etc/issue file:/tmp/foo
Source: gsiftp://here.host.fr/etc/
Dest: file:/tmp/
issue -> foo
error: globus_ftp_control: gss_init_sec_context failed
GSS Major Status: Unexpected Gatekeeper or Service Name
globus_gsi_gssapi: Authorization denied: The name of the remote
host ( here.host.fr), and the expected name for the remote host
(here1.host.fr) do not match. This happens when the name in the
host certificate does not match the information obtained from DNS
and is often a DNS configuration problem.
I tried to regenerate the host certificates putting
here1.host.fr but the same happens. So i guess the problem is that
the "hostname" is here.host.fr... Is it the problem? And how can i
deal with this as i can't change the DNS configurations?
Thanks for helping,
Francois.
