Ok, I'm running out of ideas, but I'd try the following: Build the GT again with a debug flavor (gcc32dbg, gcc64dbg) on hermione if you didn't already do so. Then run grid-cert-diagnostics in gdb and send the output. This will hopefully tell us more about the segfault, which might be related to the gridftp error.
Martin Martin Feller wrote: > Sunah, > > Can you send /etc/grid-security/certificates/45fb3f91.0 from both machines to > me > so that I can try it myself? > If I knew another way to solve the problem I'd tell you. > Maybe someone from the GridFTP or C security side has more ideas. > > Martin > > Sunah Park wrote: >> Martin, >> >> Thanks for your help. >> I built it from sources on both 2 machines.. >> and I checked the openssl version of 2 machines are same. >> >> ######################################################### >> [glo...@harry ~]$ openssl version >> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 >> ######################################################### >> [glo...@hermione ~]$ openssl version >> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 >> ######################################################### >> >> And /etc/grid-security/certificates/45fb3f91.0 are also the same on >> harry and hermione. >> It's too difficult to catch the problems.. >> Is there another way to solve the problem? >> >> Sunah Park. >> >> >> >> 2010/4/14 Martin Feller <[email protected] <mailto:[email protected]>> >> >> Sunah Park, >> >> Hm, ok. How did you install the GT on these 2 machines: Did you build it >> from sources or did you use binary installers? >> If you built it from binary installers I wonder if maybe the openssl >> version on hermione is not compatible. What are the openssl versions >> on these 2 machines? >> >> I remember one case where the installation of a binary installer >> worked fine, >> the gridftp server started ok, but transfers failed with security >> related errors, >> due to an incompatible openssl version. >> >> For sanity: Can you double-check that >> /etc/grid-security/certificates/45fb3f91.0 >> are really the same on harry and hermione? >> >> Martin >> >> 박선아 wrote: >> > Hi~ Martin, >> > I'm Cinyoung's coworker and I saw your mails you sent her to solve the >> > problems. >> > Then I did the following works written in your email: >> > * Put all grid security stuff into /etc/grid-security on both >> machines >> > * Unset all globus security related environment variables on both >> > machines for all users >> > * The content of harry:/etc/grid-security/certificates seems >> ok, at >> > least >> > grid-cert-diagnostics does not segfault. Copy the content of >> > harry:/etc/grid-security/certificates into >> > hermione:/etc/grid-security/certificates >> > But, it didn't work.. >> > These are output of harry and hermione. >> > >> > >> >> ########################################################################## >> > Harry: root >> > >> >> ########################################################################## >> > >> > *[r...@harry grid-security]# >> $GLOBUS_LOCATION/bin/grid-cert-diagnostics* >> > Checking Environment Variables >> > ============================== >> > Checking if HOME is set... /root >> > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 >> > Checking if X509_CERT_DIR is set... no >> > Checking if X509_USER_CERT is set... no >> > Checking if X509_USER_KEY is set... no >> > Checking if X509_USER_PROXY is set... no >> > Checking if GRIDMAP is set... no >> > >> > Checking Security Directories >> > ======================= >> > Determining trusted cert path... /etc/grid-security/certificates >> > Checking for cog.properties... not found >> > Checking for default gridmap location... >> /etc/grid-security/grid-mapfile >> > Checking if default gridmap exists... yes >> > >> > Checking trusted certificates... >> > ================================ >> > Getting trusted certificate list... >> > Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok >> > Checking that certificate hash matches filename... ok >> > Checking CA certificate name for 45fb3f91.0...ok >> > >> (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.sookmyung.ac.kr/CN=Globus >> <http://simpleca-harry.sookmyung.ac.kr/CN=Globus> >> > <http://simpleCA-harry.sookmyung.ac.kr/CN=Globus >> <http://simpleca-harry.sookmyung.ac.kr/CN=Globus>> Simple CA) >> > Checking if signing policy exists for 45fb3f91.0... ok >> > Verifying certificate chain for 45fb3f91.0... ok >> > >> > >> >> ########################################################################## >> > Harry: user (the user name is /aero/): >> > >> >> ########################################################################## >> > >> > *[a...@harry grid-security]$ >> > $GLOBUS_LOCATION/bin/grid-cert-diagnostics* >> > Checking Environment Variables >> > ============================== >> > Checking if HOME is set... /home/aero >> > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 >> > Checking if X509_CERT_DIR is set... no >> > Checking if X509_USER_CERT is set... no >> > Checking if X509_USER_KEY is set... no >> > Checking if X509_USER_PROXY is set... no >> > Checking if GRIDMAP is set... no >> > Checking Security Directories >> > ======================= >> > Determining trusted cert path... /etc/grid-security/certificates >> > Checking for cog.properties... not found >> > Checking for default gridmap location... /home/aero/.gridmap >> > Checking if default gridmap exists... failed >> > globus_sysconfig: File does not exist: /home/aero/.gridmap is >> > not a valid file >> > Checking trusted certificates... >> > ================================ >> > Getting trusted certificate list... >> > Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok >> > Checking that certificate hash matches filename... ok >> > Checking CA certificate name for 45fb3f91.0...ok >> > >> (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.sookmyung.ac.kr/CN=Globus >> <http://simpleca-harry.sookmyung.ac.kr/CN=Globus> >> > <http://simpleCA-harry.sookmyung.ac.kr/CN=Globus >> <http://simpleca-harry.sookmyung.ac.kr/CN=Globus>> Simple CA) >> > Checking if signing policy exists for 45fb3f91.0... ok >> > Verifying certificate chain for 45fb3f91.0... ok >> > >> > >> > >> > >> >> ########################################################################## >> > Hermione: root: >> > >> >> ########################################################################## >> > >> > * [r...@hermione share]# >> $GLOBUS_LOCATION/bin/grid-cert-diagnostics * >> > >> > Checking Environment Variables >> > ============================== >> > Checking if HOME is set... /root >> > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 >> > Checking if X509_CERT_DIR is set... no >> > Checking if X509_USER_CERT is set... no >> > Checking if X509_USER_KEY is set... no >> > Checking if X509_USER_PROXY is set... no >> > Checking if GRIDMAP is set... no >> > >> > Checking Security Directories >> > >> > ======================= >> > Determining trusted cert path... /etc/grid-security/certificates >> > Checking for cog.properties... not found >> > Checking for default gridmap location... >> /etc/grid-security/grid-mapfile >> > Checking if default gridmap exists... yes >> > >> > Checking trusted certificates... >> > >> > ================================ >> > Getting trusted certificate list... >> > Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok >> > Checking that certificate hash matches filename... ok >> > Checking CA certificate name for 45fb3f91.0...ok >> > >> (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.sookmyung.ac.kr/CN=Globus >> <http://simpleca-harry.sookmyung.ac.kr/CN=Globus> >> > <http://simpleCA-harry.sookmyung.ac.kr/CN=Globus >> <http://simpleca-harry.sookmyung.ac.kr/CN=Globus>> Simple CA) >> > Checking if signing policy exists for 45fb3f91.0... ok >> > Segmentation Fault >> > >> > >> > >> >> ########################################################################## >> > Hermione: user(the user name is /aero)/: >> > >> >> ########################################################################## >> > >> > *[a...@hermione share]$ >> $GLOBUS_LOCATION/bin/grid-cert-diagnostics* >> > Checking Environment Variables >> > ============================== >> > Checking if HOME is set... /home/aero >> > Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 >> > Checking if X509_CERT_DIR is set... no >> > Checking if X509_USER_CERT is set... no >> > Checking if X509_USER_KEY is set... no >> > Checking if X509_USER_PROXY is set... no >> > Checking if GRIDMAP is set... no >> > >> > Checking Security Directories >> > ======================= >> > Determining trusted cert path... /etc/grid-security/certificates >> > Checking for cog.properties... not found >> > Checking for default gridmap location... /home/aero/.gridmap >> > Checking if default gridmap exists... failed >> > globus_sysconfig: File does not exist: /home/aero/.gridmap is >> > not a valid file >> > Checking trusted certificates... >> > ================================ >> > Getting trusted certificate list... >> > Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok >> > Checking that certificate hash matches filename... ok >> > Checking CA certificate name for 45fb3f91.0...ok >> > >> (/O=Grid/OU=GlobusTest/OU=simpleCA-harry.sookmyung.ac.kr/CN=Globus >> <http://simpleca-harry.sookmyung.ac.kr/CN=Globus> >> > <http://simpleCA-harry.sookmyung.ac.kr/CN=Globus >> <http://simpleca-harry.sookmyung.ac.kr/CN=Globus>> Simple CA) >> > Checking if signing policy exists for 45fb3f91.0... ok >> > Segmentation Fault >> > >> > >> >> ########################################################################### >> > Then I got the same error like this. >> > >> >> ########################################################################## >> > >> > *[a...@hermione /]$ globus-url-copy -dbg >> > gsiftp://hermione.sookmyung.ac.kr/etc/group >> <http://hermione.sookmyung.ac.kr/etc/group> >> > <http://hermione.sookmyung.ac.kr/etc/group> >> > \gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>* >> > debug: starting to size >> gsiftp://hermione.sookmyung.ac.kr/etc/group >> <http://hermione.sookmyung.ac.kr/etc/group> >> > <http://hermione.sookmyung.ac.kr/etc/group> >> > debug: connecting to >> gsiftp://hermione.sookmyung.ac.kr/etc/group >> <http://hermione.sookmyung.ac.kr/etc/group> >> > <http://hermione.sookmyung.ac.kr/etc/group> >> > debug: response from >> gsiftp://hermione.sookmyung.ac.kr/etc/group >> <http://hermione.sookmyung.ac.kr/etc/group> >> > <http://hermione.sookmyung.ac.kr/etc/group>: >> > 220 hermione.sookmyung.ac.kr >> <http://hermione.sookmyung.ac.kr/> <http://hermione.sookmyung.ac.kr >> <http://hermione.sookmyung.ac.kr/>> >> > GridFTP Server 3.15 (gcc32, 1222656151-78) [Globus Toolkit >> 4.2.1] ready. >> > debug: authenticating with >> > gsiftp://hermione.sookmyung.ac.kr/etc/group >> <http://hermione.sookmyung.ac.kr/etc/group> >> > <http://hermione.sookmyung.ac.kr/etc/group> >> > debug: response from >> gsiftp://hermione.sookmyung.ac.kr/etc/group >> <http://hermione.sookmyung.ac.kr/etc/group> >> > <http://hermione.sookmyung.ac.kr/etc/group>: >> > 530-globus_xio: Authentication Error >> > 530-OpenSSL Error: s3_srvr.c:2490: in library: SSL routines, >> > function SSL3_GET_CLIENT_CERTIFICATE: no certificate returned >> > 530-globus_gsi_callback_module: Could not verify credential >> > 530-globus_gsi_callback_module: Could not verify credential: >> invalid >> > CA certificate >> > 530 End. >> > debug: fault on connection to >> > gsiftp://hermione.sookmyung.ac.kr/etc/group >> <http://hermione.sookmyung.ac.kr/etc/group> >> > <http://hermione.sookmyung.ac.kr/etc/group> >> > debug: operation complete >> > debug: starting to transfer >> > gsiftp://hermione.sookmyung.ac.kr/etc/group >> <http://hermione.sookmyung.ac.kr/etc/group> >> > <http://hermione.sookmyung.ac.kr/etc/group> to >> > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > debug: connecting to >> gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > debug: response from >> gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>: >> > 220 harry.sookmyung.ac.kr <http://harry.sookmyung.ac.kr/> >> <http://harry.sookmyung.ac.kr <http://harry.sookmyung.ac.kr/>> GridFTP >> > Server 3.15 (gcc32dbgpthr, 1222656151-78) [Globus Toolkit >> 4.2.1] ready. >> > debug: authenticating with >> > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > debug: response from >> gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>: >> > 230 User aero logged in. >> > debug: sending command to >> > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>: >> > SITE HELP >> > debug: response from >> gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>: >> > 214-The following commands are recognized: >> > ALLO APPE REST CWD CDUP DCAU EPSV FEAT >> > ERET MDTM STAT ESTO HELP LIST MODE NLST >> > MLSD PASV RNFR MLST NOOP OPTS STOR PASS >> > PBSZ PORT PROT SITE EPRT RETR SPOR SCKS >> > TREV PWD QUIT SBUF SIZE SPAS STRU SYST >> > RNTO TYPE USER LANG MKD RMD DELE CKSM >> > 214 End >> > debug: sending command to >> > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>: >> > FEAT >> > debug: response from >> gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>: >> > 211-Extensions supported >> > AUTHZ_ASSERT >> > UTF8 >> > LANG EN >> > DCAU >> > PARALLEL >> > SIZE >> > MLST >> > >> >> Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.group*;Unk*; >> > ERET >> > ESTO >> > SPAS >> > SPOR >> > REST STREAM >> > MDTM >> > PASV AllowDelayed; >> > 211 End. >> > debug: sending command to >> > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>: >> > TYPE I >> > debug: response from >> gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>: >> > 200 Type set to I. >> > debug: sending command to >> > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>: >> > PBSZ 1048576 >> > debug: response from >> gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>: >> > 200 PBSZ=1048576 >> > debug: sending command to >> > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>: >> > PASV >> > debug: response from >> gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>: >> > 227 Entering Passive Mode (203,153,146,56,201,186) >> > debug: sending command to >> > gsiftp://harry.sookmyung.ac.kr/tmp/from-harry >> <http://harry.sookmyung.ac.kr/tmp/from-harry> >> > <http://harry.sookmyung.ac.kr/tmp/from-harry>: >> > STOR /tmp/from-harry >> > debug: sending command to >> > gsiftp://hermione.sookmyung.ac.kr/etc/group >> <http://hermione.sookmyung.ac.kr/etc/group> >> > <http://hermione.sookmyung.ac.kr/etc/group>: >> > TYPE I >> > debug: response from >> gsiftp://hermione.sookmyung.ac.kr/etc/group >> <http://hermione.sookmyung.ac.kr/etc/group> >> > <http://hermione.sookmyung.ac.kr/etc/group>: >> > 530 Must perform GSSAPI authentication. >> > debug: fault on connection to >> > gsiftp://hermione.sookmyung.ac.kr/etc/group >> <http://hermione.sookmyung.ac.kr/etc/group> >> > <http://hermione.sookmyung.ac.kr/etc/group> >> > debug: operation complete >> > error: globus_ftp_client: the server responded with an error >> > 530 Must perform GSSAPI authentication. >> > >> > I really don't know what the problem is.. >> > >> > Regards, >> > Sunah Park. >> > >> > >> > >> >> >
