hiii Thanks a TON!!!!!!!!!!!!! So you mean if I want to specify multiple Roles then I have to use VOMS Version 1.7 or less because I guess I can specify multiple Roles with version below 1.7 or less. Please correct me if I am wrong.
Thanks once again Arpit On Thu, Sep 18, 2008 at 8:52 PM, Vincenzo Ciaschini < [EMAIL PROTECTED]> wrote: > This bug: > https://savannah.cern.ch/bugs/?39625 > > Currently undergoing certification. > > Ciao, > Vincenzo > > > arpit jain wrote: > >> Hii >> >> I just went through the Server log and it is like that: >> >> *Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25331]: >> msg="LOG_INFO:STARTUP:Listen (Server.cpp:361):Received connection from: >> 192.168.63.92:30360." >> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25331]: >> msg="LOG_INFO:REQUEST:Run (vomsd.cc:598):Starting Executor with pid = >> 25349" >> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]: >> msg="LOG_INFO:REQUEST:Run (vomsd.cc:610):Self : /C=IN/O=C-DAC KP >> Bangalore/OU=CTSF/CN=host/vipulb.cdacb.ernet.in" >> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]: >> msg="LOG_INFO:REQUEST:Run (vomsd.cc:611):Self CA : /C=IN/O=C-DAC KP >> Bangalore/OU=CTSF/CN=C-DAC KP CA" >> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]: >> msg="LOG_INFO:REQUEST:Run (vomsd.cc:618):At: Thu Sep 18 20:22:23 2008. >> Received Contact :" >> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]: >> msg="LOG_INFO:REQUEST:Run (vomsd.cc:619): user: /C=IN/O=C-DAC KP >> Bangalore/OU=CTSF/OU=ctsf.cdac.org.in/CN=Shamjith K V" >> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]: >> msg="LOG_INFO:REQUEST:Run (vomsd.cc:620): ca : /C=IN/O=C-DAC KP >> Bangalore/OU=CTSF/CN=C-DAC KP CA" >> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]: >> msg="LOG_INFO:REQUEST:Run (vomsd.cc:621): serial: 0183" >> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]: >> msg="LOG_ERROR:STARTUP:my_recv (globuswrap.c:112):trueres = 1." >> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]: >> msg="LOG_ERROR:STARTUP:my_recv (globuswrap.c:112):trueres = 1." >> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]: >> msg="LOG_INFO:REQUEST:Execute (vomsd.cc:740):Userid = "4"" >> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]: >> msg="LOG_INFO:REQUEST:Execute (vomsd.cc:749):Next command : >> B/trial:Normal-user" >> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]: >> msg="LOG_INFO:RESULT:Execute (vomsd.cc:970):Request Result: /trial" >> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]: >> msg="LOG_INFO:RESULT:Execute (vomsd.cc:970):Request Result: >> /trial/Role=Normal-user"* >> >> As you can see in the last few lines the server is just accepting the >> "Normal-user" role and it is not accepting the second role from user. >> >> What can be the possible reason?? >> >> Thanks >> Arpit >> >> >> On Thu, Sep 18, 2008 at 8:04 PM, arpit jain <[EMAIL PROTECTED]> >> wrote: >> >> hiii.. >>> >>> My DB is perfectly up-to-date and it is showing 2 roles for that >>> particular >>> user but due to some unknown reason I am not getting those 2 roles in >>> Proxy. >>> >>> Did u find anything wrong in the output of "voms-proy-init" which I >>> mailed >>> you earlier??? >>> I saw a thread posted by you regarding the same problem in which you >>> asked >>> to check the version of "VOMS" and then you asked to restart the VOMS >>> -Core service. I restarted the Service many times but to no effect and >>> the >>> output of >>> >>> [*opt/glite/sbin]./voms -version >>> voms >>> Version: 1.8.3 >>> Compiled: May 13 2008 18:35:09 >>> >>> *Thanks >>> Arpit >>> * >>> >>> * >>> >>> >>> On Thu, Sep 18, 2008 at 7:55 PM, Vincenzo Ciaschini < >>> [EMAIL PROTECTED]> wrote: >>> >>> arpit jain wrote: >>>> >>>> On Thu, Sep 18, 2008 at 7:25 PM, Vincenzo Ciaschini < >>>>> [EMAIL PROTECTED]> wrote: >>>>> >>>>> arpit jain wrote: >>>>> >>>>>> Hii >>>>>> >>>>>>> The reason for using non-standard location for certificate is that I >>>>>>> am >>>>>>> using proxy certificate given by MYPROXY Server which gets created in >>>>>>> /tmp/x509_u**** instead of globus certificate i.e. usercert.pem. >>>>>>> >>>>>>> The location of vomses file is also non-standard because I have >>>>>>> VOMS-client >>>>>>> i.e. (voms-proxy-init) installed in my HOME directory instead of >>>>>>> /opt/glite/. >>>>>>> >>>>>>> Any other possible reason for not getting the desired result?? >>>>>>> >>>>>>> What do you *exactly* have in your DB? >>>>>>> >>>>>> >>>>> *I have Normal-user in my Database so thats not at all a problem.* >>>>> >>>>> What is the *exact* output of voms-proxy-init? >>>>> >>>>> *Output of voms-proxy-init: >>>>> >>>>> voms-proxy-init -debug --voms trial:/trial/Role=Normal-user --voms >>>>> trial:/trial/Role=Developer -out vomsproxy -cert /tmp/x509up_u8085 >>>>> -vomses >>>>> /home/tools/shamjit/vomsclient/vomses >>>>> >>>>> Detected Globus version: 22 >>>>> Unspecified proxy version, settling on Globus version: 2 >>>>> Number of bits in key :512 >>>>> Using configuration file /home/tools/shamjit/vomsclient/vomses >>>>> Files being used: >>>>> CA certificate file: none >>>>> Trusted certificates directory : /etc/grid-security/certificates >>>>> Proxy certificate file : vomsproxy >>>>> User certificate file: /tmp/x509up_u8085 >>>>> User key file: /tmp/x509up_u8085 >>>>> Output to vomsproxy >>>>> Your identity: /C=IN/O=C-DAC KP Bangalore/OU=CTSF/OU= >>>>> ctsf.cdac.org.in/CN=Shamjith K V/CN=proxy/CN=proxy/CN=proxy >>>>> Using configuration file /home/tools/shamjit/vomsclient/vomses >>>>> Using configuration file /home/tools/shamjit/vomsclient/vomses >>>>> Creating temporary proxy to /tmp/tmp_x509up_u8085_29377 >>>>> .................++++++++++++ >>>>> .........++++++++++++ >>>>> Done >>>>> Contacting 192.168.61.197:15000 [/C=IN/O=C-DAC KP >>>>> Bangalore/OU=CTSF/CN=host/vipulb.cdacb.ernet.in] "trial" Done >>>>> Creating proxy to vomsproxy .......................++++++++++++ >>>>> ................++++++++++++ >>>>> Done >>>>> >>>>> Warning: your certificate and proxy will expire Thu Sep 18 21:55:21 >>>>> 2008 >>>>> which is within the requested lifetime of the proxy* >>>>> >>>>> >>>>> Remember that group and role names are case sensitive. >>>>> >>>>>> Are you sure the role name is Normal-user ad opposed to, for example, >>>>>> Normal-User? >>>>>> >>>>>> >>>>> *I want to know which table in DB associate a User with its ROLE????? >>>>> >>>>> The 'groups', 'roles', 'm' and 'usr' tables contain the important >>>> data. >>>> >>>> Ciao, >>>> Vincenzo >>>> >>>> *Thanks >>>>> >>>>> Arpit* >>>>> * >>>>> >>>>> >>>>> Ciao, >>>>>> Vincenzo >>>>>> >>>>>> >>>>>> Thanks >>>>>> >>>>>>> Arpit >>>>>>> >>>>>>> 2008/9/18 Fabian Lambert <[EMAIL PROTECTED]> >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> It is strange because this command work for me... >>>>>>>> >>>>>>>> Why are you using the -cert parameter, do you store your certificate >>>>>>>> in a >>>>>>>> non standard location ? Usually, your X509 certificate should be >>>>>>>> under >>>>>>>> ~/.globus directory. >>>>>>>> Same question for -vomses, you should have some default >>>>>>>> configuration >>>>>>>> file, >>>>>>>> you don't need to specify them. >>>>>>>> >>>>>>>> Maybe should you try only (to use the default configuration...) >>>>>>>> voms-proxy-init -debug --voms trial:/trial/Role=Developer --voms >>>>>>>> trial:/trial/Role=Normal-user -out vomsproxy >>>>>>>> >>>>>>>> On my side I tried this with my VO >>>>>>>> voms-proxy-init --voms atlas:/atlas/Role=AMIManager --voms >>>>>>>> atlas:/atlas/Role=AMIWriter -debug -out vomsproxy >>>>>>>> >>>>>>>> I got (after typing my passphrase), a file vomsproxy >>>>>>>> >>>>>>>> If I do then a >>>>>>>> voms-proxy-info -file vomsproxy --all >>>>>>>> >>>>>>>> I get >>>>>>>> >>>>>>>> subject : <myDN>/CN=proxy >>>>>>>> issuer : <myDN> >>>>>>>> identity : <myDN> >>>>>>>> type : proxy >>>>>>>> strength : 512 bits >>>>>>>> path : vomsproxy >>>>>>>> timeleft : 11:59:21 >>>>>>>> === VO atlas extension information === >>>>>>>> VO : atlas >>>>>>>> subject : <myDN> >>>>>>>> issuer : /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch >>>>>>>> attribute : /atlas/Role=AMIManager/Capability=NULL >>>>>>>> attribute : /atlas/Role=NULL/Capability=NULL >>>>>>>> attribute : /atlas/lcg1/Role=NULL/Capability=NULL >>>>>>>> attribute : /atlas/fr/Role=NULL/Capability=NULL >>>>>>>> attribute : /atlas/Role=AMIWriter/Capability=NULL >>>>>>>> >>>>>>>> >>>>>>>> with my two roles. >>>>>>>> >>>>>>>> >>>>>>>> arpit jain a écrit : >>>>>>>> >>>>>>>> Hii >>>>>>>> >>>>>>>> I tried giving the command the way you suggested: >>>>>>>>> * >>>>>>>>> voms-proxy-init -debug -cert /tmp/x509up_u8085 -out vomsproxy >>>>>>>>> -vomses >>>>>>>>> /home/tools/shamjit/vomsclient/vomses --voms >>>>>>>>> trial:/trial/Role=Developer >>>>>>>>> --voms trial:/trial/Role=Normal-user >>>>>>>>> >>>>>>>>> * but still I am gettting only 1 role i.e. Developer (or watever I >>>>>>>>> specify >>>>>>>>> first in the command). >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> Arpit >>>>>>>>> * >>>>>>>>> * >>>>>>>>> 2008/9/18 Fabian Lambert <[EMAIL PROTECTED] <mailto: >>>>>>>>> [EMAIL PROTECTED]>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Hi Arpit, >>>>>>>>> >>>>>>>>> Try >>>>>>>>> >>>>>>>>> voms-proxy-init --voms trial:/trial/Role=Developer --voms >>>>>>>>> /trial/Role=Normal-user >>>>>>>>> >>>>>>>>> and you should get the 2 roles in your VOMS proxy. >>>>>>>>> >>>>>>>>> Cheers >>>>>>>>> >>>>>>>>> Vincenzo Ciaschini a écrit : >>>>>>>>> >>>>>>>>> arpit jain wrote: >>>>>>>>> >>>>>>>>> Hii, >>>>>>>>> >>>>>>>>> I have assigned 2 roles (Developer and Normal-user) to my >>>>>>>>> user and now i want multiple roles in my VOMS-proxy >>>>>>>>> certificate using "voms-proxy-init", but I am getting only >>>>>>>>> one Role. I am giving the below command: >>>>>>>>> >>>>>>>>> *voms-proxy-init -debug --voms >>>>>>>>> trial:/trial/Role=Developer --order /trial/Role=Developer >>>>>>>>> --order /trial/Role=Normal-user -cert /tmp/x509up_u8085 >>>>>>>>> -out vomsproxy -vomses >>>>>>>>> /home/tools/shamjit/vomsclient/vomses >>>>>>>>> >>>>>>>>> The above command works fine but I get only 1 role i.e. >>>>>>>>> Developer in my proxy certifcate. >>>>>>>>> >>>>>>>>> *Can someone suggest where I am wrong?? >>>>>>>>> >>>>>>>>> There is no --voms:/trial/Role=Normal-user in the command line. >>>>>>>>> >>>>>>>>> Ciao, >>>>>>>>> Vincenzo >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> Arpit >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >> >
