Martin, I run the command $GLOBUS_LOCATION/bin/grid-cert-diagnostic. if X509_CERT_DIR is not set, did it cause problem?
Thanks. Regards, Cinyoung Hur. [r...@harry ~]# $GLOBUS_LOCATION/bin/grid-cert-diagnostics Checking Environment Variables ============================== Checking if HOME is set... /root Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 Checking if X509_CERT_DIR is set... no Checking if X509_USER_CERT is set... no Checking if X509_USER_KEY is set... no Checking if X509_USER_PROXY is set... no Checking if GRIDMAP is set... no Checking Security Directories ======================= Determining trusted cert path... /usr/local/globus-4.2.1.1/share/certificates Checking for cog.properties... not found Checking for default gridmap location... /etc/grid-security/grid-mapfile Checking if default gridmap exists... yes Checking trusted certificates... ================================ Getting trusted certificate list... Checking CA file /usr/local/globus-4.2.1.1/share/certificates/45fb3f91.0... ok Checking that certificate hash matches filename... ok Checking CA certificate name for 45fb3f91.0...ok (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.xxxx.xx.xx/CN=Globus Simple CA) Checking if signing policy exists for 45fb3f91.0... ok Verifying certificate chain for 45fb3f91.0... ok 2010/4/9 Martin Feller <[email protected]> Cinyoung, > > In case that didn't help resolve the issue, you might want to run the > command > $GLOBUS_LOCATION/bin/grid-cert-diagnostics, which prints pretty helpful > information about the grid security setup on a machine. > Maybe that helps finding the golden snitch... ;) > > Martin > > Lukasz Lacinski wrote: > > Do you have in the directory hermione:/etc/grid-security/certificates a > certificate of the Certificate Authority you used to obtain your user > certificate? Please compare /etc/grid-security/certificates on hermione and > harry. I looks like you can transfer files between harry and your local > machine (file:///<path_to_a_file>), and only hermione makes problems. > > > > Regards, > > Lukasz > > > > > > On Apr 8, 2010, at 8:22 AM, cinyoung hur wrote: > > > >> Hello, list. > >> > >> > >> I'm trying to make gridftp work on two nodes, called Hermione and Harry > >> > >> > >> I read other problems in mailing list, someone pointed out clock skew. > >> so, I solved clock skew problems. > >> > >> However, I don't know what my problem is. > >> > >> Could anyone help me with this problem, please? > >> > >> Thank you. > >> > >> Cheers, > >> Cinyoung Hur. > >> > >> ------------------------------------------------------------- > >> [a...@hermione ~]$ globus-url-copy -dbg > gsiftp://hermione.xxxx.xx.xx/etc/group gsiftp://harry.xxxx.xx.xx/tmp/from-a > >> debug: starting to size gsiftp://hermione.xxxx.xx.xx/etc/group > >> debug: connecting to gsiftp://hermione.xxxx.xx.xx/etc/group > >> debug: response from gsiftp://hermione.xxxx.xx.xx/etc/group: > >> 220 hermione.xxxx.xx.xx GridFTP Server 3.15 (gcc32, 1222656151-78) > [Globus Toolkit 4.2.1] ready. > >> > >> debug: authenticating with gsiftp://hermione.xxxx.xx.xx/etc/group > >> debug: response from gsiftp://hermione.xxxx.xx.xx/etc/group: > >> 530-globus_xio: Authentication Error > >> 530-OpenSSL Error: s3_srvr.c:2490: in library: SSL routines, function > SSL3_GET_CLIENT_CERTIFICATE: no certificate returned > >> 530-globus_gsi_callback_module: Could not verify credential > >> 530-globus_gsi_callback_module: Could not verify credential: invalid CA > certificate > >> 530 End. > >> > >> debug: fault on connection to gsiftp://hermione.xxxx.xx.xx/etc/group > >> debug: operation complete > >> debug: starting to transfer gsiftp://hermione.xxxx.xx.xx/etc/group to > gsiftp://harry.xxxx.xx.xx/tmp/from-a > >> debug: connecting to gsiftp://harry.xxxx.xx.xx/tmp/from-a > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 220 harry.xxxx.xx.xx GridFTP Server 3.15 (gcc32dbgpthr, 1222656151-78) > [Globus Toolkit 4.2.1] ready. > >> > >> debug: authenticating with gsiftp://harry.xxxx.xx.xx/tmp/from-a > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 230 User aero logged in. > >> > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> SITE HELP > >> > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 214-The following commands are recognized: > >> ALLO APPE REST CWD CDUP DCAU EPSV FEAT > >> ERET MDTM STAT ESTO HELP LIST MODE NLST > >> MLSD PASV RNFR MLST NOOP OPTS STOR PASS > >> PBSZ PORT PROT SITE EPRT RETR SPOR SCKS > >> TREV PWD QUIT SBUF SIZE SPAS STRU SYST > >> RNTO TYPE USER LANG MKD RMD DELE CKSM > >> 214 End > >> > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> FEAT > >> > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 211-Extensions supported > >> AUTHZ_ASSERT > >> UTF8 > >> LANG EN > >> DCAU > >> PARALLEL > >> SIZE > >> MLST > Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.group*;Unique*;UNIX.slink*; > >> ERET > >> ESTO > >> SPAS > >> SPOR > >> REST STREAM > >> MDTM > >> PASV AllowDelayed; > >> 211 End. > >> > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> TYPE I > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 200 Type set to I. > >> > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> PBSZ 1048576 > >> > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 200 PBSZ=1048576 > >> > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> PASV > >> > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 227 Entering Passive Mode (203,153,146,56,137,160) > >> > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> STOR /tmp/from-a > >> > >> debug: sending command to gsiftp://hermione.xxxx.xx.xx/etc/group: > >> TYPE I > >> debug: response from gsiftp://hermione.xxxx.xx.xx/etc/group: > >> 530 Must perform GSSAPI authentication. > >> > >> debug: fault on connection to gsiftp://hermione.xxxx.xx.xx/etc/group > >> debug: operation complete > >> > >> error: globus_ftp_client: the server responded with an error > >> 530 Must perform GSSAPI authentication. > >> > >> [a...@hermione ~]$ > >> ------------------------------------------------------------- > >> > >> > >> > > > >
