Sunah, Can you send /etc/grid-security/certificates/45fb3f91.0 from both machines to me so that I can try it myself? If I knew another way to solve the problem I'd tell you. Maybe someone from the GridFTP or C security side has more ideas.
Martin Sunah Park wrote: > Martin, > > Thanks for your help. > I built it from sources on both 2 machines.. > and I checked the openssl version of 2 machines are same. > > ######################################################### > [glo...@harry ~]$ openssl version > OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 > ######################################################### > [glo...@hermione ~]$ openssl version > OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 > ######################################################### > > And /etc/grid-security/certificates/45fb3f91.0 are also the same on > harry and hermione. > It's too difficult to catch the problems.. > Is there another way to solve the problem? > > Sunah Park. > > > > 2010/4/14 Martin Feller <[email protected] <mailto:[email protected]>> > > Sunah Park, > > Hm, ok. How did you install the GT on these 2 machines: Did you build it > from sources or did you use binary installers? > If you built it from binary installers I wonder if maybe the openssl > version on hermione is not compatible. What are the openssl versions > on these 2 machines? > > I remember one case where the installation of a binary installer > worked fine, > the gridftp server started ok, but transfers failed with security > related errors, > due to an incompatible openssl version. > > For sanity: Can you double-check that > /etc/grid-security/certificates/45fb3f91.0 > are really the same on harry and hermione? > > Martin > > 박선아 wrote: > > Hi~ Martin, > > I'm Cinyoung's coworker and I saw your mails you sent her to solve the > > problems. > > Then I did the following works written in your email: > > * Put all grid security stuff into /etc/grid-security on both > machines > > * Unset all globus security related environment variables on both > > machines for all users > > * The content of harry:/etc/grid-security/certificates seems > ok, at > > least > > grid-cert-diagnostics does not segfault. Copy the content of > > harry:/etc/grid-security/certificates into > > hermione:/etc/grid-security/certificates > > But, it didn't work.. > > These are output of harry and hermione. > > > > > ########################################################################## > > Harry: root > > > ########################################################################## > > > > *[r...@harry grid-security]# > $GLOBUS_LOCATION/bin/grid-cert-diagnostics* > > Checking Environment Variables > > ============================== > > Checking if HOME is set... /root > > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > > Checking if X509_CERT_DIR is set... no > > Checking if X509_USER_CERT is set... no > > Checking if X509_USER_KEY is set... no > > Checking if X509_USER_PROXY is set... no > > Checking if GRIDMAP is set... no > > > > Checking Security Directories > > ======================= > > Determining trusted cert path... /etc/grid-security/certificates > > Checking for cog.properties... not found > > Checking for default gridmap location... > /etc/grid-security/grid-mapfile > > Checking if default gridmap exists... yes > > > > Checking trusted certificates... > > ================================ > > Getting trusted certificate list... > > Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok > > Checking that certificate hash matches filename... ok > > Checking CA certificate name for 45fb3f91.0...ok > > > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.sookmyung.ac.kr/CN=Globus > <http://simpleca-harry.sookmyung.ac.kr/CN=Globus> > > <http://simpleCA-harry.sookmyung.ac.kr/CN=Globus > <http://simpleca-harry.sookmyung.ac.kr/CN=Globus>> Simple CA) > > Checking if signing policy exists for 45fb3f91.0... ok > > Verifying certificate chain for 45fb3f91.0... ok > > > > > ########################################################################## > > Harry: user (the user name is /aero/): > > > ########################################################################## > > > > *[a...@harry grid-security]$ > > $GLOBUS_LOCATION/bin/grid-cert-diagnostics* > > Checking Environment Variables > > ============================== > > Checking if HOME is set... /home/aero > > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > > Checking if X509_CERT_DIR is set... no > > Checking if X509_USER_CERT is set... no > > Checking if X509_USER_KEY is set... no > > Checking if X509_USER_PROXY is set... no > > Checking if GRIDMAP is set... no > > Checking Security Directories > > ======================= > > Determining trusted cert path... /etc/grid-security/certificates > > Checking for cog.properties... not found > > Checking for default gridmap location... /home/aero/.gridmap > > Checking if default gridmap exists... failed > > globus_sysconfig: File does not exist: /home/aero/.gridmap is > > not a valid file > > Checking trusted certificates... > > ================================ > > Getting trusted certificate list... > > Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok > > Checking that certificate hash matches filename... ok > > Checking CA certificate name for 45fb3f91.0...ok > > > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.sookmyung.ac.kr/CN=Globus > <http://simpleca-harry.sookmyung.ac.kr/CN=Globus> > > <http://simpleCA-harry.sookmyung.ac.kr/CN=Globus > <http://simpleca-harry.sookmyung.ac.kr/CN=Globus>> Simple CA) > > Checking if signing policy exists for 45fb3f91.0... ok > > Verifying certificate chain for 45fb3f91.0... ok > > > > > > > > > ########################################################################## > > Hermione: root: > > > ########################################################################## > > > > * [r...@hermione share]# > $GLOBUS_LOCATION/bin/grid-cert-diagnostics * > > > > Checking Environment Variables > > ============================== > > Checking if HOME is set... /root > > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > > Checking if X509_CERT_DIR is set... no > > Checking if X509_USER_CERT is set... no > > Checking if X509_USER_KEY is set... no > > Checking if X509_USER_PROXY is set... no > > Checking if GRIDMAP is set... no > > > > Checking Security Directories > > > > ======================= > > Determining trusted cert path... /etc/grid-security/certificates > > Checking for cog.properties... not found > > Checking for default gridmap location... > /etc/grid-security/grid-mapfile > > Checking if default gridmap exists... yes > > > > Checking trusted certificates... > > > > ================================ > > Getting trusted certificate list... > > Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok > > Checking that certificate hash matches filename... ok > > Checking CA certificate name for 45fb3f91.0...ok > > > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.sookmyung.ac.kr/CN=Globus > <http://simpleca-harry.sookmyung.ac.kr/CN=Globus> > > <http://simpleCA-harry.sookmyung.ac.kr/CN=Globus > <http://simpleca-harry.sookmyung.ac.kr/CN=Globus>> Simple CA) > > Checking if signing policy exists for 45fb3f91.0... ok > > Segmentation Fault > > > > > > > ########################################################################## > > Hermione: user(the user name is /aero)/: > > > ########################################################################## > > > > *[a...@hermione share]$ > $GLOBUS_LOCATION/bin/grid-cert-diagnostics* > > Checking Environment Variables > > ============================== > > Checking if HOME is set... /home/aero > > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 > > Checking if X509_CERT_DIR is set... no > > Checking if X509_USER_CERT is set... no > > Checking if X509_USER_KEY is set... no > > Checking if X509_USER_PROXY is set... no > > Checking if GRIDMAP is set... no > > > > Checking Security Directories > > ======================= > > Determining trusted cert path... /etc/grid-security/certificates > > Checking for cog.properties... not found > > Checking for default gridmap location... /home/aero/.gridmap > > Checking if default gridmap exists... failed > > globus_sysconfig: File does not exist: /home/aero/.gridmap is > > not a valid file > > Checking trusted certificates... > > ================================ > > Getting trusted certificate list... > > Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok > > Checking that certificate hash matches filename... ok > > Checking CA certificate name for 45fb3f91.0...ok > > > (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.sookmyung.ac.kr/CN=Globus > <http://simpleca-harry.sookmyung.ac.kr/CN=Globus> > > <http://simpleCA-harry.sookmyung.ac.kr/CN=Globus > <http://simpleca-harry.sookmyung.ac.kr/CN=Globus>> Simple CA) > > Checking if signing policy exists for 45fb3f91.0... ok > > Segmentation Fault > > > > > > ########################################################################### > > Then I got the same error like this. > > > > ########################################################################## > > > > *[a...@hermione /]$ globus-url-copy -dbg > > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > > <http://hermione.sookmyung.ac.kr/etc/group> > > \gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>* > > debug: starting to size > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > > <http://hermione.sookmyung.ac.kr/etc/group> > > debug: connecting to > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > > <http://hermione.sookmyung.ac.kr/etc/group> > > debug: response from > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > > <http://hermione.sookmyung.ac.kr/etc/group>: > > 220 hermione.sookmyung.ac.kr > <http://hermione.sookmyung.ac.kr/> <http://hermione.sookmyung.ac.kr > <http://hermione.sookmyung.ac.kr/>> > > GridFTP Server 3.15 (gcc32, 1222656151-78) [Globus Toolkit > 4.2.1] ready. > > debug: authenticating with > > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > > <http://hermione.sookmyung.ac.kr/etc/group> > > debug: response from > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > > <http://hermione.sookmyung.ac.kr/etc/group>: > > 530-globus_xio: Authentication Error > > 530-OpenSSL Error: s3_srvr.c:2490: in library: SSL routines, > > function SSL3_GET_CLIENT_CERTIFICATE: no certificate returned > > 530-globus_gsi_callback_module: Could not verify credential > > 530-globus_gsi_callback_module: Could not verify credential: > invalid > > CA certificate > > 530 End. > > debug: fault on connection to > > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > > <http://hermione.sookmyung.ac.kr/etc/group> > > debug: operation complete > > debug: starting to transfer > > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > > <http://hermione.sookmyung.ac.kr/etc/group> to > > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > debug: connecting to > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > debug: response from > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > > 220 harry.sookmyung.ac.kr <http://harry.sookmyung.ac.kr/> > <http://harry.sookmyung.ac.kr <http://harry.sookmyung.ac.kr/>> GridFTP > > Server 3.15 (gcc32dbgpthr, 1222656151-78) [Globus Toolkit > 4.2.1] ready. > > debug: authenticating with > > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > debug: response from > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > > 230 User aero logged in. > > debug: sending command to > > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > > SITE HELP > > debug: response from > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > > 214-The following commands are recognized: > > ALLO APPE REST CWD CDUP DCAU EPSV FEAT > > ERET MDTM STAT ESTO HELP LIST MODE NLST > > MLSD PASV RNFR MLST NOOP OPTS STOR PASS > > PBSZ PORT PROT SITE EPRT RETR SPOR SCKS > > TREV PWD QUIT SBUF SIZE SPAS STRU SYST > > RNTO TYPE USER LANG MKD RMD DELE CKSM > > 214 End > > debug: sending command to > > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > > FEAT > > debug: response from > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > > 211-Extensions supported > > AUTHZ_ASSERT > > UTF8 > > LANG EN > > DCAU > > PARALLEL > > SIZE > > MLST > > > Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.group*;Unk*; > > ERET > > ESTO > > SPAS > > SPOR > > REST STREAM > > MDTM > > PASV AllowDelayed; > > 211 End. > > debug: sending command to > > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > > TYPE I > > debug: response from > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > > 200 Type set to I. > > debug: sending command to > > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > > PBSZ 1048576 > > debug: response from > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > > 200 PBSZ=1048576 > > debug: sending command to > > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > > PASV > > debug: response from > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > > 227 Entering Passive Mode (203,153,146,56,201,186) > > debug: sending command to > > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry > <http://harry.sookmyung.ac.kr/tmp/from-harry> > > <http://harry.sookmyung.ac.kr/tmp/from-harry>: > > STOR /tmp/from-harry > > debug: sending command to > > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > > <http://hermione.sookmyung.ac.kr/etc/group>: > > TYPE I > > debug: response from > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > > <http://hermione.sookmyung.ac.kr/etc/group>: > > 530 Must perform GSSAPI authentication. > > debug: fault on connection to > > gsiftp://hermione.sookmyung.ac.kr/etc/group > <http://hermione.sookmyung.ac.kr/etc/group> > > <http://hermione.sookmyung.ac.kr/etc/group> > > debug: operation complete > > error: globus_ftp_client: the server responded with an error > > 530 Must perform GSSAPI authentication. > > > > I really don't know what the problem is.. > > > > Regards, > > Sunah Park. > > > > > > > >
