[gt-user] Re: Old GAA Code - signing policy error

Wed, 22 Aug 2007 02:13:19 -0700 

 I installed the CA files on another node of the grid, on which i launch a
globus-gridftp-server, and with the same certificate/proxy, the transfer
works fine... so i don't know why it does not work on the other node.

 Thanks for helping,
 Francois.

On 8/22/07, Francois Hornoy <[EMAIL PROTECTED]> wrote:
>
>
>      Hello,
>
>  I have a globus-gridftp-server running on a server. On my client machine,
> i have a valid certificate, and grid-proxy-init -verify -debug runs
> successfully. When i try to make a transfer, here is the error i get:
>
>  [EMAIL PROTECTED]:~$ globus-url-copy -v -vb -dbg gsiftp://AnIP/etc/issue
> file:/tmp/foo
> Source: gsiftp://AnIP/etc/
> Dest:   file:/tmp/
>   issue  ->  foo
> debug: starting to get gsiftp://AnIP/etc/issue
> debug: connecting to gsiftp://AnIP/etc/issue
> debug: response from gsiftp://AnIP/etc/issue:
> 220 'DNSName' GridFTP Server 2.3 (gcc64, 1144436882-63) ready.
>
> debug: authenticating with gsiftp://AnIP/etc/issue
> debug: fault on connection to gsiftp://AnIP/etc/issue: globus_ftp_control:
> gss_init_sec_context failed
> debug: data callback, error globus_ftp_control: gss_init_sec_context
> failed, buffer 0xb7a9e008, length 0, offset=0, eof=true
> debug: operation complete
>
>
> error: globus_ftp_control: gss_init_sec_context failed
> globus_gsi_callback_module: Could not verify credential
> globus_gsi_callback_module: Error with signing policy
> globus_gsi_callback_module: Error in OLD GAA code: CA policy violation:
> <no reason given>
>
>
>  Googling, i found some solutions: maybe the regexp in the signing policy
> file is not matched by the certificate subject. But it is.
>
>  On the client side, the subject is: 
> /O=Grid/OU=GlobusTest/OU=simpleCA-letsim.let.fr/OU=ish-lyon.cnrs.fr/CN=fhornoy
>  On the server side, here is the signing policy, and the grid-mapfile:
>   ~# cat /etc/grid-security/certificates/661ab999.signing_policy
>   access_id_CA      X509         '/O=Grid/OU=GlobusTest/OU=
> simpleCA-letsim.let.fr/CN=Globus Simple CA'
>   pos_rights        globus        CA:sign
>   cond_subjects     globus       
> '"/O=Grid/OU=GlobusTest/OU=simpleCA-letsim.let.fr/*
> "'
>
>  So the subject matches the cond_subjects regexp.
>
>  There is this line in the grid-mapfile: 
> "/O=Grid/OU=GlobusTest/OU=simpleCA-letsim.let.fr/OU=ish-lyon.cnrs.fr/CN=fhornoy"
> fhornoy
>
>
>  Well, i don't know where this error can come from. Any help welcomed :-)
>
>  Best regards,
>  Francois.
>
>
>

Reply via email to