And what's the output of grid-cert-diagnostics on hermione? Martin
cinyoung hur wrote: > > > Martin, > > I run the command $GLOBUS_LOCATION/bin/grid-cert-diagnostic. > if X509_CERT_DIR is not set, did it cause problem? > > Thanks. > > Regards, > Cinyoung Hur. > > [r...@harry ~]# $GLOBUS_LOCATION/bin/grid-cert-diagnostics > Checking Environment Variables > ============================== > Checking if HOME is set... /root > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > Checking if X509_CERT_DIR is set... no > Checking if X509_USER_CERT is set... no > Checking if X509_USER_KEY is set... no > Checking if X509_USER_PROXY is set... no > Checking if GRIDMAP is set... no > > Checking Security Directories > ======================= > Determining trusted cert path... > /usr/local/globus-4.2.1.1/share/certificates > Checking for cog.properties... not found > Checking for default gridmap location... /etc/grid-security/grid-mapfile > Checking if default gridmap exists... yes > > Checking trusted certificates... > ================================ > Getting trusted certificate list... > Checking CA file > /usr/local/globus-4.2.1.1/share/certificates/45fb3f91.0... ok > Checking that certificate hash matches filename... ok > Checking CA certificate name for 45fb3f91.0...ok > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.xxxx.xx.xx/CN=Globus Simple CA) > Checking if signing policy exists for 45fb3f91.0... ok > Verifying certificate chain for 45fb3f91.0... ok > > > 2010/4/9 Martin Feller <[email protected] <mailto:[email protected]>> > > Cinyoung, > > In case that didn't help resolve the issue, you might want to run > the command > $GLOBUS_LOCATION/bin/grid-cert-diagnostics, which prints pretty helpful > information about the grid security setup on a machine. > Maybe that helps finding the golden snitch... ;) > > Martin > > Lukasz Lacinski wrote: > > Do you have in the directory > hermione:/etc/grid-security/certificates a certificate of the > Certificate Authority you used to obtain your user certificate? > Please compare /etc/grid-security/certificates on hermione and > harry. I looks like you can transfer files between harry and your > local machine (file:///<path_to_a_file>), and only hermione makes > problems. > > > > Regards, > > Lukasz > > > > > > On Apr 8, 2010, at 8:22 AM, cinyoung hur wrote: > > > >> Hello, list. > >> > >> > >> I'm trying to make gridftp work on two nodes, called Hermione and > Harry > >> > >> > >> I read other problems in mailing list, someone pointed out clock > skew. > >> so, I solved clock skew problems. > >> > >> However, I don't know what my problem is. > >> > >> Could anyone help me with this problem, please? > >> > >> Thank you. > >> > >> Cheers, > >> Cinyoung Hur. > >> > >> ------------------------------------------------------------- > >> [a...@hermione ~]$ globus-url-copy -dbg > gsiftp://hermione.xxxx.xx.xx/etc/group > gsiftp://harry.xxxx.xx.xx/tmp/from-a > >> debug: starting to size gsiftp://hermione.xxxx.xx.xx/etc/group > >> debug: connecting to gsiftp://hermione.xxxx.xx.xx/etc/group > >> debug: response from gsiftp://hermione.xxxx.xx.xx/etc/group: > >> 220 hermione.xxxx.xx.xx GridFTP Server 3.15 (gcc32, > 1222656151-78) [Globus Toolkit 4.2.1] ready. > >> > >> debug: authenticating with gsiftp://hermione.xxxx.xx.xx/etc/group > >> debug: response from gsiftp://hermione.xxxx.xx.xx/etc/group: > >> 530-globus_xio: Authentication Error > >> 530-OpenSSL Error: s3_srvr.c:2490: in library: SSL routines, > function SSL3_GET_CLIENT_CERTIFICATE: no certificate returned > >> 530-globus_gsi_callback_module: Could not verify credential > >> 530-globus_gsi_callback_module: Could not verify credential: > invalid CA certificate > >> 530 End. > >> > >> debug: fault on connection to gsiftp://hermione.xxxx.xx.xx/etc/group > >> debug: operation complete > >> debug: starting to transfer > gsiftp://hermione.xxxx.xx.xx/etc/group to > gsiftp://harry.xxxx.xx.xx/tmp/from-a > >> debug: connecting to gsiftp://harry.xxxx.xx.xx/tmp/from-a > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 220 harry.xxxx.xx.xx GridFTP Server 3.15 (gcc32dbgpthr, > 1222656151-78) [Globus Toolkit 4.2.1] ready. > >> > >> debug: authenticating with gsiftp://harry.xxxx.xx.xx/tmp/from-a > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 230 User aero logged in. > >> > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> SITE HELP > >> > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 214-The following commands are recognized: > >> ALLO APPE REST CWD CDUP DCAU EPSV FEAT > >> ERET MDTM STAT ESTO HELP LIST MODE NLST > >> MLSD PASV RNFR MLST NOOP OPTS STOR PASS > >> PBSZ PORT PROT SITE EPRT RETR SPOR SCKS > >> TREV PWD QUIT SBUF SIZE SPAS STRU SYST > >> RNTO TYPE USER LANG MKD RMD DELE CKSM > >> 214 End > >> > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> FEAT > >> > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 211-Extensions supported > >> AUTHZ_ASSERT > >> UTF8 > >> LANG EN > >> DCAU > >> PARALLEL > >> SIZE > >> MLST > > Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.group*;Unique*;UNIX.slink*; > >> ERET > >> ESTO > >> SPAS > >> SPOR > >> REST STREAM > >> MDTM > >> PASV AllowDelayed; > >> 211 End. > >> > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> TYPE I > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 200 Type set to I. > >> > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> PBSZ 1048576 > >> > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 200 PBSZ=1048576 > >> > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> PASV > >> > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> 227 Entering Passive Mode (203,153,146,56,137,160) > >> > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > >> STOR /tmp/from-a > >> > >> debug: sending command to gsiftp://hermione.xxxx.xx.xx/etc/group: > >> TYPE I > >> debug: response from gsiftp://hermione.xxxx.xx.xx/etc/group: > >> 530 Must perform GSSAPI authentication. > >> > >> debug: fault on connection to gsiftp://hermione.xxxx.xx.xx/etc/group > >> debug: operation complete > >> > >> error: globus_ftp_client: the server responded with an error > >> 530 Must perform GSSAPI authentication. > >> > >> [a...@hermione ~]$ > >> ------------------------------------------------------------- > >> > >> > >> > > > > > >
