grid-cert-diagnostics seems to segfault on hermione before or at verifying the certificate chain for 45fb3f91.0
On hermione: - as root the trusted cert path is /usr/local/globus-4.2.1.1/share/certificates - as user the trusted cert path is /usr/local/globus-4.2.1.1/share/certificates On harry: - as root the trusted cert path is /root/.globus/certificates - as user the trusted cert path is /etc/grid-security/certificates To eliminate the potential for problems I would make the grid security setup more homogeneous on your machines: * Put all grid security stuff into /etc/grid-security on both machines * Unset all globus security related environment variables on both machines for all users * The content of harry:/etc/grid-security/certificates seems ok, at least grid-cert-diagnostics does not segfault. Copy the content of harry:/etc/grid-security/certificates into hermione:/etc/grid-security/certificates Does it work then? If not, paste the output of grid-cert-diagnostics from both machines again. (And please format the output a bit nicer so that it's easier to read which user executes the command and on what machine) If it works fine you can try and work with individual grid-security setups and using grid security environment variables, if you want. Martin cinyoung hur wrote: > These are output of hermione and harry. > I got confused with user account, so I executed both root and general > user(aero). > > I really thank you, advance. > > Regards, > Cinyoung Hur. Hermione: root --------------- > ------------------- > [r...@hermione ~]# $GLOBUS_LOCATION/bin/grid-cert-diagnostics > Checking Environment Variables > ============================== > Checking if HOME is set... /root > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > Checking if X509_CERT_DIR is set... no > Checking if X509_USER_CERT is set... no > Checking if X509_USER_KEY is set... no > Checking if X509_USER_PROXY is set... no > Checking if GRIDMAP is set... no > > Checking Security Directories > ======================= > Determining trusted cert path... > /usr/local/globus-4.2.1.1/share/certificates > Checking for cog.properties... not found > Checking for default gridmap location... /etc/grid-security/grid-mapfile > Checking if default gridmap exists... yes > > Checking trusted certificates... > ================================ > Getting trusted certificate list... > Checking CA file > /usr/local/globus-4.2.1.1/share/certificates/45fb3f91.0... ok > Checking that certificate hash matches filename... ok > Checking CA certificate name for 45fb3f91.0...ok > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.xxx.xx.xx/CN=Globus Simple CA) > Checking if signing policy exists for 45fb3f91.0... ok > Segmentation Fault > [r...@hermione ~]# > [r...@hermione ~]# > [r...@hermione ~]# Hermione: user: ---------------- > [r...@hermione ~]# su aero > [a...@hermione root]$ $GLOBUS_LOCATION/bin/grid-cert-diagnostics > Checking Environment Variables > ============================== > Checking if HOME is set... /home/aero > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > Checking if X509_CERT_DIR is set... no > Checking if X509_USER_CERT is set... no > Checking if X509_USER_KEY is set... no > Checking if X509_USER_PROXY is set... no > Checking if GRIDMAP is set... no > > Checking Security Directories > ======================= > Determining trusted cert path... > /usr/local/globus-4.2.1.1/share/certificates > Checking for cog.properties... not found > Checking for default gridmap location... /home/aero/.gridmap > Checking if default gridmap exists... failed > globus_sysconfig: File does not exist: /home/aero/.gridmap is not a > valid file > > > Checking trusted certificates... > ================================ > Getting trusted certificate list... > Checking CA file > /usr/local/globus-4.2.1.1/share/certificates/45fb3f91.0... ok > Checking that certificate hash matches filename... ok > Checking CA certificate name for 45fb3f91.0...ok > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.xxx.xx.xx/CN=Globus Simple CA) > Checking if signing policy exists for 45fb3f91.0... ok > Segmentation Fault > [a...@hermione root]$ > ------------------- Harry: root: ------------- > > [r...@harry myproxy]# $GLOBUS_LOCATION/bin/grid-cert-diagnostics > Checking Environment Variables > ============================== > Checking if HOME is set... /root > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > Checking if X509_CERT_DIR is set... no > Checking if X509_USER_CERT is set... no > Checking if X509_USER_KEY is set... no > Checking if X509_USER_PROXY is set... no > Checking if GRIDMAP is set... no > > Checking Security Directories > ======================= > Determining trusted cert path... /root/.globus/certificates > Checking for cog.properties... not found > Checking for default gridmap location... /etc/grid-security/grid-mapfile > Checking if default gridmap exists... yes > > Checking trusted certificates... > ================================ > Getting trusted certificate list... > Checking CA file /root/.globus/certificates/45fb3f91.0... ok > Checking that certificate hash matches filename... ok > Checking CA certificate name for 45fb3f91.0...ok > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.xxx.xx.xx/CN=Globus Simple CA) > Checking if signing policy exists for 45fb3f91.0... ok > Verifying certificate chain for 45fb3f91.0... ok > [r...@harry myproxy]# exit > logout Harry: user: ------------- > [a...@harry globus]$ $GLOBUS_LOCATION/bin/grid-cert-diagnostics > Checking Environment Variables > ============================== > Checking if HOME is set... /home/aero > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > Checking if X509_CERT_DIR is set... no > Checking if X509_USER_CERT is set... no > Checking if X509_USER_KEY is set... no > Checking if X509_USER_PROXY is set... no > Checking if GRIDMAP is set... no > > Checking Security Directories > ======================= > Determining trusted cert path... /etc/grid-security/certificates > Checking for cog.properties... not found > Checking for default gridmap location... /home/aero/.gridmap > Checking if default gridmap exists... failed > globus_sysconfig: File does not exist: /home/aero/.gridmap is not a > valid file > > > Checking trusted certificates... > ================================ > Getting trusted certificate list... > Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok > Checking that certificate hash matches filename... ok > Checking CA certificate name for 45fb3f91.0...ok > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.sookmyung.ac.kr/CN=Globus > <http://simpleCA-harry.sookmyung.ac.kr/CN=Globus> Simple CA) > Checking if signing policy exists for 45fb3f91.0... ok > Verifying certificate chain for 45fb3f91.0... ok > [a...@harry globus]$ > > 2010/4/9 Martin Feller <[email protected] <mailto:[email protected]>> > > And what's the output of grid-cert-diagnostics on hermione? > > Martin > > cinyoung hur wrote: > > > > > > Martin, > > > > I run the command $GLOBUS_LOCATION/bin/grid-cert-diagnostic. > > if X509_CERT_DIR is not set, did it cause problem? > > > > Thanks. > > > > Regards, > > Cinyoung Hur. > > > > [r...@harry ~]# $GLOBUS_LOCATION/bin/grid-cert-diagnostics > > Checking Environment Variables > > ============================== > > Checking if HOME is set... /root > > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > > Checking if X509_CERT_DIR is set... no > > Checking if X509_USER_CERT is set... no > > Checking if X509_USER_KEY is set... no > > Checking if X509_USER_PROXY is set... no > > Checking if GRIDMAP is set... no > > > > Checking Security Directories > > ======================= > > Determining trusted cert path... > > /usr/local/globus-4.2.1.1/share/certificates > > Checking for cog.properties... not found > > Checking for default gridmap location... > /etc/grid-security/grid-mapfile > > Checking if default gridmap exists... yes > > > > Checking trusted certificates... > > ================================ > > Getting trusted certificate list... > > Checking CA file > > /usr/local/globus-4.2.1.1/share/certificates/45fb3f91.0... ok > > Checking that certificate hash matches filename... ok > > Checking CA certificate name for 45fb3f91.0...ok > > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.xxxx.xx.xx/CN=Globus > Simple CA) > > Checking if signing policy exists for 45fb3f91.0... ok > > Verifying certificate chain for 45fb3f91.0... ok > > > > > > 2010/4/9 Martin Feller <[email protected] > <mailto:[email protected]> <mailto:[email protected] > <mailto:[email protected]>>> > > > > Cinyoung, > > > > In case that didn't help resolve the issue, you might want to run > > the command > > $GLOBUS_LOCATION/bin/grid-cert-diagnostics, which prints > pretty helpful > > information about the grid security setup on a machine. > > Maybe that helps finding the golden snitch... ;) > > > > Martin > > > > Lukasz Lacinski wrote: > > > Do you have in the directory > > hermione:/etc/grid-security/certificates a certificate of the > > Certificate Authority you used to obtain your user certificate? > > Please compare /etc/grid-security/certificates on hermione and > > harry. I looks like you can transfer files between harry and your > > local machine (file:///<path_to_a_file>), and only hermione makes > > problems. > > > > > > Regards, > > > Lukasz > > > > > > > > > On Apr 8, 2010, at 8:22 AM, cinyoung hur wrote: > > > > > >> Hello, list. > > >> > > >> > > >> I'm trying to make gridftp work on two nodes, called > Hermione and > > Harry > > >> > > >> > > >> I read other problems in mailing list, someone pointed out > clock > > skew. > > >> so, I solved clock skew problems. > > >> > > >> However, I don't know what my problem is. > > >> > > >> Could anyone help me with this problem, please? > > >> > > >> Thank you. > > >> > > >> Cheers, > > >> Cinyoung Hur. > > >> > > >> ------------------------------------------------------------- > > >> [a...@hermione ~]$ globus-url-copy -dbg > > gsiftp://hermione.xxxx.xx.xx/etc/group > > gsiftp://harry.xxxx.xx.xx/tmp/from-a > > >> debug: starting to size gsiftp://hermione.xxxx.xx.xx/etc/group > > >> debug: connecting to gsiftp://hermione.xxxx.xx.xx/etc/group > > >> debug: response from gsiftp://hermione.xxxx.xx.xx/etc/group: > > >> 220 hermione.xxxx.xx.xx GridFTP Server 3.15 (gcc32, > > 1222656151-78) [Globus Toolkit 4.2.1] ready. > > >> > > >> debug: authenticating with > gsiftp://hermione.xxxx.xx.xx/etc/group > > >> debug: response from gsiftp://hermione.xxxx.xx.xx/etc/group: > > >> 530-globus_xio: Authentication Error > > >> 530-OpenSSL Error: s3_srvr.c:2490: in library: SSL routines, > > function SSL3_GET_CLIENT_CERTIFICATE: no certificate returned > > >> 530-globus_gsi_callback_module: Could not verify credential > > >> 530-globus_gsi_callback_module: Could not verify credential: > > invalid CA certificate > > >> 530 End. > > >> > > >> debug: fault on connection to > gsiftp://hermione.xxxx.xx.xx/etc/group > > >> debug: operation complete > > >> debug: starting to transfer > > gsiftp://hermione.xxxx.xx.xx/etc/group to > > gsiftp://harry.xxxx.xx.xx/tmp/from-a > > >> debug: connecting to gsiftp://harry.xxxx.xx.xx/tmp/from-a > > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > > >> 220 harry.xxxx.xx.xx GridFTP Server 3.15 (gcc32dbgpthr, > > 1222656151-78) [Globus Toolkit 4.2.1] ready. > > >> > > >> debug: authenticating with gsiftp://harry.xxxx.xx.xx/tmp/from-a > > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > > >> 230 User aero logged in. > > >> > > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > > >> SITE HELP > > >> > > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > > >> 214-The following commands are recognized: > > >> ALLO APPE REST CWD CDUP DCAU EPSV > FEAT > > >> ERET MDTM STAT ESTO HELP LIST MODE > NLST > > >> MLSD PASV RNFR MLST NOOP OPTS STOR > PASS > > >> PBSZ PORT PROT SITE EPRT RETR SPOR > SCKS > > >> TREV PWD QUIT SBUF SIZE SPAS STRU > SYST > > >> RNTO TYPE USER LANG MKD RMD DELE > CKSM > > >> 214 End > > >> > > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > > >> FEAT > > >> > > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > > >> 211-Extensions supported > > >> AUTHZ_ASSERT > > >> UTF8 > > >> LANG EN > > >> DCAU > > >> PARALLEL > > >> SIZE > > >> MLST > > > > Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.group*;Unique*;UNIX.slink*; > > >> ERET > > >> ESTO > > >> SPAS > > >> SPOR > > >> REST STREAM > > >> MDTM > > >> PASV AllowDelayed; > > >> 211 End. > > >> > > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > > >> TYPE I > > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > > >> 200 Type set to I. > > >> > > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > > >> PBSZ 1048576 > > >> > > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > > >> 200 PBSZ=1048576 > > >> > > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > > >> PASV > > >> > > >> debug: response from gsiftp://harry.xxxx.xx.xx/tmp/from-a: > > >> 227 Entering Passive Mode (203,153,146,56,137,160) > > >> > > >> debug: sending command to gsiftp://harry.xxxx.xx.xx/tmp/from-a: > > >> STOR /tmp/from-a > > >> > > >> debug: sending command to > gsiftp://hermione.xxxx.xx.xx/etc/group: > > >> TYPE I > > >> debug: response from gsiftp://hermione.xxxx.xx.xx/etc/group: > > >> 530 Must perform GSSAPI authentication. > > >> > > >> debug: fault on connection to > gsiftp://hermione.xxxx.xx.xx/etc/group > > >> debug: operation complete > > >> > > >> error: globus_ftp_client: the server responded with an error > > >> 530 Must perform GSSAPI authentication. > > >> > > >> [a...@hermione ~]$ > > >> ------------------------------------------------------------- > > >> > > >> > > >> > > > > > > > > > > > > > > > > -- > Cinyoung Hur, M.S., > Distributed Systems Laboratory > Sookmyung Women's University > > E-mail : [email protected] <mailto:[email protected]> > Office : +82-2-703-3259 > Mobile : +82-10-5135-9331 >
