 |
 |
Hi, well... sorry for ignoring that you were using the perl wrapper. Yes, the way you found is the way I'd be suggesting you in that case. Anyway you can drop the first two parameters. They were used in very old versions. Fabrizio On Monday 12 September 2005 06:39 pm, Andreas Petzold wrote: > Hi Fabrizio, > > that was easier than I thought :-). XrdInitilize is indeed the place to > put the > > XTNetFileAllowWanConnect 1 > XTNetFileAllowWanRedirect 1 > ConnectDomainAllowRE fzk.de|gridka.de|65.10.110 > RedirDomainAllowRE fzk.de|gridka.de|65.10.110 > > (I don't know about the first two XTNetFile lines) > > Hmm, I gonna give that a try. > > Cheers, > > Andreas > > Andreas Petzold wrote: > > Hi Fabrizio, > > > > we are using the XrdClientAdmin perl wrapper. I'm not really familiar > > with the code that uses it nor the XrdClientAdmin code itself, so it > > will take a while to figure out how to implement this in the perl code. > > Probably have to put that into the arguments given to XrdInitialize. > > We'll see. > > > > Anyway, it will be a bit awkward to hardcode the domains. I'm afraid > > we'll have to come up with some new config file for our code :-(. Is > > there no way to have some central config that is adhered to by all parts > > of the system, ROOT or standalone or else? > > > > Cheers, > > > > Andreas > > > > Fabrizio Furano wrote: > >>Hi, > >> > >> Yes, right. > >> > >> If you are using the classes from C++ code (maybe even through the posix > >>wrapper), then (to enable everything) you have to add something like > >> this: > >> > >> EnvPutString( NAME_REDIRDOMAINALLOW_RE, "*" ); > >> EnvPutString( NAME_CONNECTDOMAINALLOW_RE, "*" ); > >> EnvPutString( NAME_REDIRDOMAINDENY_RE, "" ); > >> EnvPutString( NAME_CONNECTDOMAINDENY_RE, "" ); > >> > >> These are the settings that xrdcp uses, so I suppose that you are not > >> getting that message from xrdcp/xrd/xrdadmin (are you, Andreas?). > >> If you don't want to enable everything, just use the usual syntax with | > >> and * . > >> > >> In general, the code uses the values got from the XrdClient internal > >>environment, while the tools have some other way to change those values. > >> > >> Fabrizio > >> > >>On Monday 12 September 2005 03:24 pm, Peter Elmer wrote: > >>> Hi Andreas, > >>> > >>> XrdClientAdmin and the standalone tools don't use the ROOT environment > >>>(which is what the BaBar KanAccess.cfg fills for BaBar applications). > >>> I'm not really sure where that is configured for the standalone tools. > >>> Fabrizio? > >>> > >>> [That said, you are approaching CNAF levels for complexity of site > >>>configuration!! How many different OS versions are you running? ;-)] > >>> > >>> Pete > >>> > >>>On Mon, Sep 12, 2005 at 03:21:04PM +0200, Andreas Petzold wrote: > >>>>during babar skim production I'm seeing the following error message: > >>>> > >>>>050912 15:05:36 001 Xrd: : (C) 2004 SLAC XrdClientAdmin 0.3 > >>>>2005-09-12 15:09:41 12995 Err : CheckHostDomain - Access > >>>>to domain 10.65.5.115 is not allowed nor denied. Not Allowed. > >>>>2005-09-12 15:09:41 12995 Err : HandleServerError - > >>>>Redirection to a server out-of-domain disallowed. > >>>>2005-09-12 15:09:41 12995 Err : HandleServerError - New > >>>>host: 10.65.5.115 > >>>>2005-09-12 15:09:41 12995 Err : HandleServerError - (list > >>>>of allowed domains: gridka.de) > >>>>2005-09-12 15:09:41 12995 Err : HandleServerError - Abort. > >>>> > >>>>In my babar KanAccess.cfg I have: > >>>> > >>>>rootenv Root.XTNetFileAllowWanConnect 1 > >>>>rootenv Root.XTNetFileAllowWanRedirect 1 > >>>>rootenv XNet.ConnectDomainAllowRE fzk.de|gridka.de|65.10.110|65.5.115 > >>>>rootenv XNet.RedirDomainAllowRE fzk.de|gridka.de|65.10.110|65.5.115 > >>>> > >>>>I thought that this should be sufficient to allow access to all our > >>>>servers. But it looks like this is not respected. Is there any other > >>>>play where I need to tell xrootd/xrdcp/xrd* that connection acros > >>>>certain domains are ok? > >>>> > >>>> Cheers, > >>>> > >>>> Andreas > >>> > >>>------------------------------------------------------------------------ > >>>- Peter Elmer E-mail: [log in to unmask] Phone: +41 (22) > >>> 767-4644 Address: CERN Division PPE, Bat. 32 2C-14, CH-1211 Geneva 23, > >>> Switzerland > >>> ----------------------------------------------------------------------- > >>>--