 |
 |
Hi Fabrizio, that was easier than I thought :-). XrdInitilize is indeed the place to put the XTNetFileAllowWanConnect 1 XTNetFileAllowWanRedirect 1 ConnectDomainAllowRE fzk.de|gridka.de|65.10.110 RedirDomainAllowRE fzk.de|gridka.de|65.10.110 (I don't know about the first two XTNetFile lines) Hmm, I gonna give that a try. Cheers, Andreas Andreas Petzold wrote: > Hi Fabrizio, > > we are using the XrdClientAdmin perl wrapper. I'm not really familiar > with the code that uses it nor the XrdClientAdmin code itself, so it > will take a while to figure out how to implement this in the perl code. > Probably have to put that into the arguments given to XrdInitialize. > We'll see. > > Anyway, it will be a bit awkward to hardcode the domains. I'm afraid > we'll have to come up with some new config file for our code :-(. Is > there no way to have some central config that is adhered to by all parts > of the system, ROOT or standalone or else? > > Cheers, > > Andreas > > Fabrizio Furano wrote: > >>Hi, >> >> Yes, right. >> >> If you are using the classes from C++ code (maybe even through the posix >>wrapper), then (to enable everything) you have to add something like this: >> >> EnvPutString( NAME_REDIRDOMAINALLOW_RE, "*" ); >> EnvPutString( NAME_CONNECTDOMAINALLOW_RE, "*" ); >> EnvPutString( NAME_REDIRDOMAINDENY_RE, "" ); >> EnvPutString( NAME_CONNECTDOMAINDENY_RE, "" ); >> >> These are the settings that xrdcp uses, so I suppose that you are not getting >>that message from xrdcp/xrd/xrdadmin (are you, Andreas?). >> If you don't want to enable everything, just use the usual syntax with | and >>* . >> >> In general, the code uses the values got from the XrdClient internal >>environment, while the tools have some other way to change those values. >> >> Fabrizio >> >>On Monday 12 September 2005 03:24 pm, Peter Elmer wrote: >> >> >>> Hi Andreas, >>> >>> XrdClientAdmin and the standalone tools don't use the ROOT environment >>>(which is what the BaBar KanAccess.cfg fills for BaBar applications). I'm >>>not really sure where that is configured for the standalone tools. >>>Fabrizio? >>> >>> [That said, you are approaching CNAF levels for complexity of site >>>configuration!! How many different OS versions are you running? ;-)] >>> >>> Pete >>> >>>On Mon, Sep 12, 2005 at 03:21:04PM +0200, Andreas Petzold wrote: >>> >>> >>>>during babar skim production I'm seeing the following error message: >>>> >>>>050912 15:05:36 001 Xrd: : (C) 2004 SLAC XrdClientAdmin 0.3 >>>>2005-09-12 15:09:41 12995 Err : CheckHostDomain - Access >>>>to domain 10.65.5.115 is not allowed nor denied. Not Allowed. >>>>2005-09-12 15:09:41 12995 Err : HandleServerError - >>>>Redirection to a server out-of-domain disallowed. >>>>2005-09-12 15:09:41 12995 Err : HandleServerError - New >>>>host: 10.65.5.115 >>>>2005-09-12 15:09:41 12995 Err : HandleServerError - (list >>>>of allowed domains: gridka.de) >>>>2005-09-12 15:09:41 12995 Err : HandleServerError - Abort. >>>> >>>>In my babar KanAccess.cfg I have: >>>> >>>>rootenv Root.XTNetFileAllowWanConnect 1 >>>>rootenv Root.XTNetFileAllowWanRedirect 1 >>>>rootenv XNet.ConnectDomainAllowRE fzk.de|gridka.de|65.10.110|65.5.115 >>>>rootenv XNet.RedirDomainAllowRE fzk.de|gridka.de|65.10.110|65.5.115 >>>> >>>>I thought that this should be sufficient to allow access to all our >>>>servers. But it looks like this is not respected. Is there any other >>>>play where I need to tell xrootd/xrdcp/xrd* that connection acros >>>>certain domains are ok? >>>> >>>> Cheers, >>>> >>>> Andreas >>> >>>------------------------------------------------------------------------- >>>Peter Elmer E-mail: [log in to unmask] Phone: +41 (22) 767-4644 >>>Address: CERN Division PPE, Bat. 32 2C-14, CH-1211 Geneva 23, Switzerland >>>-------------------------------------------------------------------------