Hi Fabrizio,
we are using the XrdClientAdmin perl wrapper. I'm not really familiar
with the code that uses it nor the XrdClientAdmin code itself, so it
will take a while to figure out how to implement this in the perl code.
Probably have to put that into the arguments given to XrdInitialize.
We'll see.
Anyway, it will be a bit awkward to hardcode the domains. I'm afraid
we'll have to come up with some new config file for our code :-(. Is
there no way to have some central config that is adhered to by all parts
of the system, ROOT or standalone or else?
Cheers,
Andreas
Fabrizio Furano wrote:
> Hi,
>
> Yes, right.
>
> If you are using the classes from C++ code (maybe even through the posix
> wrapper), then (to enable everything) you have to add something like this:
>
> EnvPutString( NAME_REDIRDOMAINALLOW_RE, "*" );
> EnvPutString( NAME_CONNECTDOMAINALLOW_RE, "*" );
> EnvPutString( NAME_REDIRDOMAINDENY_RE, "" );
> EnvPutString( NAME_CONNECTDOMAINDENY_RE, "" );
>
> These are the settings that xrdcp uses, so I suppose that you are not getting
> that message from xrdcp/xrd/xrdadmin (are you, Andreas?).
> If you don't want to enable everything, just use the usual syntax with | and
> * .
>
> In general, the code uses the values got from the XrdClient internal
> environment, while the tools have some other way to change those values.
>
> Fabrizio
>
> On Monday 12 September 2005 03:24 pm, Peter Elmer wrote:
>
>> Hi Andreas,
>>
>> XrdClientAdmin and the standalone tools don't use the ROOT environment
>>(which is what the BaBar KanAccess.cfg fills for BaBar applications). I'm
>>not really sure where that is configured for the standalone tools.
>>Fabrizio?
>>
>> [That said, you are approaching CNAF levels for complexity of site
>>configuration!! How many different OS versions are you running? ;-)]
>>
>> Pete
>>
>>On Mon, Sep 12, 2005 at 03:21:04PM +0200, Andreas Petzold wrote:
>>
>>>during babar skim production I'm seeing the following error message:
>>>
>>>050912 15:05:36 001 Xrd: : (C) 2004 SLAC XrdClientAdmin 0.3
>>>2005-09-12 15:09:41 12995 Err : CheckHostDomain - Access
>>>to domain 10.65.5.115 is not allowed nor denied. Not Allowed.
>>>2005-09-12 15:09:41 12995 Err : HandleServerError -
>>>Redirection to a server out-of-domain disallowed.
>>>2005-09-12 15:09:41 12995 Err : HandleServerError - New
>>>host: 10.65.5.115
>>>2005-09-12 15:09:41 12995 Err : HandleServerError - (list
>>>of allowed domains: gridka.de)
>>>2005-09-12 15:09:41 12995 Err : HandleServerError - Abort.
>>>
>>>In my babar KanAccess.cfg I have:
>>>
>>>rootenv Root.XTNetFileAllowWanConnect 1
>>>rootenv Root.XTNetFileAllowWanRedirect 1
>>>rootenv XNet.ConnectDomainAllowRE fzk.de|gridka.de|65.10.110|65.5.115
>>>rootenv XNet.RedirDomainAllowRE fzk.de|gridka.de|65.10.110|65.5.115
>>>
>>>I thought that this should be sufficient to allow access to all our
>>>servers. But it looks like this is not respected. Is there any other
>>>play where I need to tell xrootd/xrdcp/xrd* that connection acros
>>>certain domains are ok?
>>>
>>> Cheers,
>>>
>>> Andreas
>>
>>-------------------------------------------------------------------------
>>Peter Elmer E-mail: [log in to unmask] Phone: +41 (22) 767-4644
>>Address: CERN Division PPE, Bat. 32 2C-14, CH-1211 Geneva 23, Switzerland
>>-------------------------------------------------------------------------
|