Sunah Park, Hm, ok. How did you install the GT on these 2 machines: Did you build it from sources or did you use binary installers? If you built it from binary installers I wonder if maybe the openssl version on hermione is not compatible. What are the openssl versions on these 2 machines?
I remember one case where the installation of a binary installer worked fine, the gridftp server started ok, but transfers failed with security related errors, due to an incompatible openssl version. For sanity: Can you double-check that /etc/grid-security/certificates/45fb3f91.0 are really the same on harry and hermione? Martin 박선아 wrote: > Hi~ Martin, > I'm Cinyoung's coworker and I saw your mails you sent her to solve the > problems. > Then I did the following works written in your email: > * Put all grid security stuff into /etc/grid-security on both machines > * Unset all globus security related environment variables on both > machines for all users > * The content of harry:/etc/grid-security/certificates seems ok, at > least > grid-cert-diagnostics does not segfault. Copy the content of > harry:/etc/grid-security/certificates into > hermione:/etc/grid-security/certificates > But, it didn't work.. > These are output of harry and hermione. > > ########################################################################## > Harry: root > ########################################################################## > > *[r...@harry grid-security]# $GLOBUS_LOCATION/bin/grid-cert-diagnostics* > Checking Environment Variables > ============================== > Checking if HOME is set... /root > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > Checking if X509_CERT_DIR is set... no > Checking if X509_USER_CERT is set... no > Checking if X509_USER_KEY is set... no > Checking if X509_USER_PROXY is set... no > Checking if GRIDMAP is set... no > > Checking Security Directories > ======================= > Determining trusted cert path... /etc/grid-security/certificates > Checking for cog.properties... not found > Checking for default gridmap location... /etc/grid-security/grid-mapfile > Checking if default gridmap exists... yes > > Checking trusted certificates... > ================================ > Getting trusted certificate list... > Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok > Checking that certificate hash matches filename... ok > Checking CA certificate name for 45fb3f91.0...ok > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.sookmyung.ac.kr/CN=Globus > <http://simpleCA-harry.sookmyung.ac.kr/CN=Globus> Simple CA) > Checking if signing policy exists for 45fb3f91.0... ok > Verifying certificate chain for 45fb3f91.0... ok > > ########################################################################## > Harry: user (the user name is /aero/): > ########################################################################## > > *[a...@harry grid-security]$ > $GLOBUS_LOCATION/bin/grid-cert-diagnostics* > Checking Environment Variables > ============================== > Checking if HOME is set... /home/aero > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > Checking if X509_CERT_DIR is set... no > Checking if X509_USER_CERT is set... no > Checking if X509_USER_KEY is set... no > Checking if X509_USER_PROXY is set... no > Checking if GRIDMAP is set... no > Checking Security Directories > ======================= > Determining trusted cert path... /etc/grid-security/certificates > Checking for cog.properties... not found > Checking for default gridmap location... /home/aero/.gridmap > Checking if default gridmap exists... failed > globus_sysconfig: File does not exist: /home/aero/.gridmap is > not a valid file > Checking trusted certificates... > ================================ > Getting trusted certificate list... > Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok > Checking that certificate hash matches filename... ok > Checking CA certificate name for 45fb3f91.0...ok > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.sookmyung.ac.kr/CN=Globus > <http://simpleCA-harry.sookmyung.ac.kr/CN=Globus> Simple CA) > Checking if signing policy exists for 45fb3f91.0... ok > Verifying certificate chain for 45fb3f91.0... ok > > > > ########################################################################## > Hermione: root: > ########################################################################## > > * [r...@hermione share]# $GLOBUS_LOCATION/bin/grid-cert-diagnostics * > > Checking Environment Variables > ============================== > Checking if HOME is set... /root > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > Checking if X509_CERT_DIR is set... no > Checking if X509_USER_CERT is set... no > Checking if X509_USER_KEY is set... no > Checking if X509_USER_PROXY is set... no > Checking if GRIDMAP is set... no > > Checking Security Directories > > ======================= > Determining trusted cert path... /etc/grid-security/certificates > Checking for cog.properties... not found > Checking for default gridmap location... /etc/grid-security/grid-mapfile > Checking if default gridmap exists... yes > > Checking trusted certificates... > > ================================ > Getting trusted certificate list... > Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok > Checking that certificate hash matches filename... ok > Checking CA certificate name for 45fb3f91.0...ok > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.sookmyung.ac.kr/CN=Globus > <http://simpleCA-harry.sookmyung.ac.kr/CN=Globus> Simple CA) > Checking if signing policy exists for 45fb3f91.0... ok > Segmentation Fault > > > ########################################################################## > Hermione: user(the user name is /aero)/: > ########################################################################## > > *[a...@hermione share]$ $GLOBUS_LOCATION/bin/grid-cert-diagnostics* > Checking Environment Variables > ============================== > Checking if HOME is set... /home/aero > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > Checking if X509_CERT_DIR is set... no > Checking if X509_USER_CERT is set... no > Checking if X509_USER_KEY is set... no > Checking if X509_USER_PROXY is set... no > Checking if GRIDMAP is set... no > > Checking Security Directories > ======================= > Determining trusted cert path... /etc/grid-security/certificates > Checking for cog.properties... not found > Checking for default gridmap location... /home/aero/.gridmap > Checking if default gridmap exists... failed > globus_sysconfig: File does not exist: /home/aero/.gridmap is > not a valid file > Checking trusted certificates... > ================================ > Getting trusted certificate list... > Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok > Checking that certificate hash matches filename... ok > Checking CA certificate name for 45fb3f91.0...ok > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.sookmyung.ac.kr/CN=Globus > <http://simpleCA-harry.sookmyung.ac.kr/CN=Globus> Simple CA) > Checking if signing policy exists for 45fb3f91.0... ok > Segmentation Fault > > ########################################################################### > Then I got the same error like this. > ########################################################################## > > *[a...@hermione /]$ globus-url-copy -dbg > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > \gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>* > debug: starting to size gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > debug: connecting to gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > debug: response from gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group>: > 220 hermione.sookmyung.ac.kr <http://hermione.sookmyung.ac.kr> > GridFTP Server 3.15 (gcc32, 1222656151-78) [Globus Toolkit 4.2.1] ready. > debug: authenticating with > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > debug: response from gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group>: > 530-globus_xio: Authentication Error > 530-OpenSSL Error: s3_srvr.c:2490: in library: SSL routines, > function SSL3_GET_CLIENT_CERTIFICATE: no certificate returned > 530-globus_gsi_callback_module: Could not verify credential > 530-globus_gsi_callback_module: Could not verify credential: invalid > CA certificate > 530 End. > debug: fault on connection to > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > debug: operation complete > debug: starting to transfer > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> to > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > debug: connecting to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > 220 harry.sookmyung.ac.kr <http://harry.sookmyung.ac.kr> GridFTP > Server 3.15 (gcc32dbgpthr, 1222656151-78) [Globus Toolkit 4.2.1] ready. > debug: authenticating with > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > 230 User aero logged in. > debug: sending command to > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > SITE HELP > debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > 214-The following commands are recognized: > ALLO APPE REST CWD CDUP DCAU EPSV FEAT > ERET MDTM STAT ESTO HELP LIST MODE NLST > MLSD PASV RNFR MLST NOOP OPTS STOR PASS > PBSZ PORT PROT SITE EPRT RETR SPOR SCKS > TREV PWD QUIT SBUF SIZE SPAS STRU SYST > RNTO TYPE USER LANG MKD RMD DELE CKSM > 214 End > debug: sending command to > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > FEAT > debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > 211-Extensions supported > AUTHZ_ASSERT > UTF8 > LANG EN > DCAU > PARALLEL > SIZE > MLST > Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.group*;Unk*; > ERET > ESTO > SPAS > SPOR > REST STREAM > MDTM > PASV AllowDelayed; > 211 End. > debug: sending command to > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > TYPE I > debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > 200 Type set to I. > debug: sending command to > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > PBSZ 1048576 > debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > 200 PBSZ=1048576 > debug: sending command to > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > PASV > debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > 227 Entering Passive Mode (203,153,146,56,201,186) > debug: sending command to > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > STOR /tmp/from-harry > debug: sending command to > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group>: > TYPE I > debug: response from gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group>: > 530 Must perform GSSAPI authentication. > debug: fault on connection to > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > debug: operation complete > error: globus_ftp_client: the server responded with an error > 530 Must perform GSSAPI authentication. > > I really don't know what the problem is.. > > Regards, > Sunah Park. > > >
