On 7/19/07, Charles Bacon <[EMAIL PROTECTED]> wrote:
If it's really the exact same error, then that would indicate that the
replacement host certificate didn't get loaded. Otherwise the line reading:The
name of the remote host ( here.host.fr)
would have to read
The name of the remote host ( here1.host.fr <http://here.host.fr/>)
If it's not, then something has gone wrong with how GridFTP is getting its
hostcert. How is your gridFTP server being launched? If it's from xinetd,
then I'm very confused. If you ran it by hand as root, you might need to
restart it.
Hum you are right (as often ;) ). GridFTP was reading the hostcert in the
directory /etc/grid-security/ and not in $GLOBUS_LOCATION/etc. And in
/etc/grid-security/, it was an old version of hostcert....
So i made a symbolic link to $GLOBUS_LOCATION/etc/host{cert,key}.pem and
now it works.
Thank you for your help,
Cheers, Francois.
So, could you paste the error from after you replace the certificate, just
so I can be sure that it really reads the exact same thing, and not just
something similar?
Thanks!
Charles
On Jul 19, 2007, at 4:59 PM, Francois Hornoy wrote:
Hi Charles,
On 7/19/07, Charles Bacon <[EMAIL PROTECTED]> wrote:
>
> Can you show what the error message is when you replace the certificate
> with one that reads here1 instead of here? The algorithm should be:
>
> 1) Get IP address associated with the hostname
> 2) Reverse-lookup that IP
>
> So if here1 -> IP1 -> here1, then that sounds like the right name to use
> in the certificate.
>
Thanks for the explanation. "nslookup" ensures me that it is right
here1->IP1->here1.
Though, still the error. It's the same error. I just regenerate a host
certificate (and i redo the copy for the container) on the server.
May i change something on the client? May i change the CA of the grid,
hosted on the server, with the correct hostname (here1)?
Francois.
Charles
>
> On Jul 19, 2007, at 4:45 PM, Francois Hornoy wrote:
>
> I'm experiencing some DNS related problems. The "server" running the
> globus container is " here.host.fr". But the DNS server replies
"here1.host.fr".
> The "hostname" command on that server outputs: "here.host.fr".
>
> So i (logically?) get this error:
>
> $ globus-url-copy -vb gsiftp://here.host.fr/etc/issue file:/tmp/foo
> Source: gsiftp://here.host.fr/etc/
> Dest: file:/tmp/
> issue -> foo
>
>
> error: globus_ftp_control: gss_init_sec_context failed
> GSS Major Status: Unexpected Gatekeeper or Service Name
> globus_gsi_gssapi: Authorization denied: The name of the remote host (
> here.host.fr), and the expected name for the remote host (here1.host.fr)
> do not match. This happens when the name in the host certificate does not
> match the information obtained from DNS and is often a DNS configuration
> problem.
>
>
> I tried to regenerate the host certificates putting here1.host.fr but
> the same happens. So i guess the problem is that the "hostname" is
> here.host.fr... Is it the problem? And how can i deal with this as i
> can't change the DNS configurations?
>
>
> Thanks for helping,
>
> Francois.
>
>
>
>
