Hi, Yes, right. If you are using the classes from C++ code (maybe even through the posix wrapper), then (to enable everything) you have to add something like this: EnvPutString( NAME_REDIRDOMAINALLOW_RE, "*" ); EnvPutString( NAME_CONNECTDOMAINALLOW_RE, "*" ); EnvPutString( NAME_REDIRDOMAINDENY_RE, "" ); EnvPutString( NAME_CONNECTDOMAINDENY_RE, "" ); These are the settings that xrdcp uses, so I suppose that you are not getting that message from xrdcp/xrd/xrdadmin (are you, Andreas?). If you don't want to enable everything, just use the usual syntax with | and * . In general, the code uses the values got from the XrdClient internal environment, while the tools have some other way to change those values. Fabrizio On Monday 12 September 2005 03:24 pm, Peter Elmer wrote: > Hi Andreas, > > XrdClientAdmin and the standalone tools don't use the ROOT environment > (which is what the BaBar KanAccess.cfg fills for BaBar applications). I'm > not really sure where that is configured for the standalone tools. > Fabrizio? > > [That said, you are approaching CNAF levels for complexity of site > configuration!! How many different OS versions are you running? ;-)] > > Pete > > On Mon, Sep 12, 2005 at 03:21:04PM +0200, Andreas Petzold wrote: > > during babar skim production I'm seeing the following error message: > > > > 050912 15:05:36 001 Xrd: : (C) 2004 SLAC XrdClientAdmin 0.3 > > 2005-09-12 15:09:41 12995 Err : CheckHostDomain - Access > > to domain 10.65.5.115 is not allowed nor denied. Not Allowed. > > 2005-09-12 15:09:41 12995 Err : HandleServerError - > > Redirection to a server out-of-domain disallowed. > > 2005-09-12 15:09:41 12995 Err : HandleServerError - New > > host: 10.65.5.115 > > 2005-09-12 15:09:41 12995 Err : HandleServerError - (list > > of allowed domains: gridka.de) > > 2005-09-12 15:09:41 12995 Err : HandleServerError - Abort. > > > > In my babar KanAccess.cfg I have: > > > > rootenv Root.XTNetFileAllowWanConnect 1 > > rootenv Root.XTNetFileAllowWanRedirect 1 > > rootenv XNet.ConnectDomainAllowRE fzk.de|gridka.de|65.10.110|65.5.115 > > rootenv XNet.RedirDomainAllowRE fzk.de|gridka.de|65.10.110|65.5.115 > > > > I thought that this should be sufficient to allow access to all our > > servers. But it looks like this is not respected. Is there any other > > play where I need to tell xrootd/xrdcp/xrd* that connection acros > > certain domains are ok? > > > > Cheers, > > > > Andreas > > ------------------------------------------------------------------------- > Peter Elmer E-mail: [log in to unmask] Phone: +41 (22) 767-4644 > Address: CERN Division PPE, Bat. 32 2C-14, CH-1211 Geneva 23, Switzerland > -------------------------------------------------------------------------