Re: [gt-user] Authorization Problem - Have No Idea How To Solve It

Thu, 12 Mar 2009 11:44:53 -0700

Your local client does not trust the gatekeeper, guaranteed. The "delegation protocol violation" the gatekeeper is reporting is that the client is disconnecting before performing delegation. The only reason the client would disconnect like that is because it failed to authorize the gatekeeper's certificate.
Double-check your xinetd entry for the gatekeeper to make sure no X509_* environment variables are being set. Then check the issuer of your /etc/grid-security/hostcert.pem. Then check that that CA exists in the /etc/grid-security/certificates directory. Then double-check that your client environment doesn't have any X509_* variables set. Then make sure you don't have a $HOME/.globus/certificates directory. 

One of those diagnostic steps should reveal where the problem is.


Charles

On Mar 12, 2009, at 1:31 PM, Vladimir Janjic wrote:


Hi all,


I am having a problem with Globus 4.0.1 and I don't have any idea  
what is causing it and how can I solve it.



The problem is I cannot submit any job to the Gatekeeper, because I  
get



GRAM Job submission failed because an authorization operation failed  
(error code 7)



error. The globus-gatekeeper.log file gives the following error when  
i try to run, for example,

globus-job-run ardbeg.cs.st-andrews.ac.uk /bin/date :

TIME: Thu Mar 12 18:16:52 2009

 PID: 28192 -- Notice: 6: Got connection 138.251.214.66 at Thu Mar  
12 18:16:52 2009


GSS authentication failure
GSS Major Status: General failure
GSS Minor Status Error Chain:

globus_gsi_gssapi: Error during delegation: Delegation protocol  
violation

Failure: GSS failed Major:000d0000 Minor:00000001 Token:00000000

TIME: Thu Mar 12 18:16:52 2009

 PID: 28192 -- Failure: GSS failed Major:000d0000 Minor:00000001  
Token:00000000



I am submitting the job to the gatekeeper which is on the same  
machine. I have read somewhere that the
problem might be that my certificate doesn't trust the host's  
certificate, and that it is disconnecting from gatekeeper

immediately.

But, I can easily run jobs on gatekeeper locally on one other  
cluster (wnxxx.grid.info.uvt.ro), using the same user certificate as  
on ardbeg.cs.st-andrews.ac.uk. Also, the
hostcert.pem on the wnxxx.grid.info.uvt.ro cluster is signed by the  
same CA as hostcert.pem on ardbeg.cs.st-andrews.ac.uk machine, and  
files in /etc/grid-security/certificates are

the same on both machines.


I am desperate, because I need to run some tests on this machine,  
but I cannot because of these problems.


Please help!!!!!!!!

Vladimir


























					Reply via email to