Hi, Timur and also Alice experts! I'v been able to run test unix SRM under a regular user (after "stealing" host certificate and key from root). This is older version I checked out in october. I can copy in/out of gridftpserver. I was also trying to use SRM with a host certificate issued by Alien CA, the same used for running Alice VO services. This one didn't work and I think I need some help debugging this problem. Alien CA certificate is not in LCG distribution (asked them to fix), but in Alice software distribution, so I had to specify custom location with srmcp -x509_user_trusted_certificates and <x509TrastedCACerts> in .srmconfig/config.xml . This worked when SRM is run with a host certificate issued by french authority. When I replace this certificate and key with ones issued by Alice, srmcp gives this error: SRMClientV1 : get: try # 0 failed with error SRMClientV1 : org.globus.common.ChainedIOException: Authentication failed [Caused by: Failure unspecified at GSS-API level [Caused by: Unknown CA]] SRM log file contains: Wed Jan 18 15:47:36 CET 2006 SslGsiSocketFactory :GsiSslServerSocket accepted socket from host =/134.158.105.66 Wed Jan 18 15:47:56 CET 2006 SslGsiSocketFactory :GsiSslServerSocket, waiting for incomming connection... Wed Jan 18 15:48:07 CET 2006 SslGsiSocketFactory :GsiSslServerSocket accepted socket from host =/134.158.105.66 Wed Jan 18 15:48:07 CET 2006 SslGsiSocketFactory :GsiSslServerSocket, waiting for incomming connection... Wed Jan 18 15:48:11 CET 2006 SslGsiSocketFactory : java.net.SocketTimeoutException: Read timed out at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:129) at org.globus.gsi.gssapi.SSLUtil.read(SSLUtil.java:31) at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readToken(GSIGssInputStream.java:58) at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readHandshakeToken(GSIGssInputStream.java:48) at org.globus.gsi.gssapi.net.impl.GSIGssSocket.readToken(GSIGssSocket.java:54) at org.globus.gsi.gssapi.net.GssSocket.authenticateServer(GssSocket.java:117) at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:137) at org.globus.gsi.gssapi.net.GssSocket.getInputStream(GssSocket.java:161) at org.dcache.srm.security.SslGsiSocketFactory$GsiClientSocket.getInputStream(SslGsiSocketFactory.java:808) at org.dcache.srm.security.SslGsiSocketFactory$SocketInputStreamWrapper.retrieveInputIfNeeded(SslGsiSocketFactory.java:503) at org.dcache.srm.security.SslGsiSocketFactory$SocketInputStreamWrapper.read(SslGsiSocketFactory.java:517) at java.io.BufferedInputStream.fill(BufferedInputStream.java:183) at java.io.BufferedInputStream.read(BufferedInputStream.java:201) at electric.util.io.Streams.readLine(Unknown Source) at electric.net.http.HTTPRequest.readHeader(HTTPRequest.java:73) at electric.net.http.HTTPOperation.readHeader(HTTPOperation.java:87) at electric.net.http.WebServer.service(WebServer.java:80) at electric.net.socket.SocketServer.run(Unknown Source) at electric.net.socket.SocketRequest.run(Unknown Source) at electric.util.thread.ThreadPool.run(Unknown Source) at java.lang.Thread.run(Thread.java:534) Wed Jan 18 15:48:11 CET 2006 SslGsiSocketFactory :propogating the exception to the caller Wed Jan 18 15:48:13 CET 2006 SslGsiSocketFactory : java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:168) at org.globus.gsi.gssapi.SSLUtil.read(SSLUtil.java:31) at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readToken(GSIGssInputStream.java:58) at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readHandshakeToken(GSIGssInputStream.java:48) at org.globus.gsi.gssapi.net.impl.GSIGssSocket.readToken(GSIGssSocket.java:54) at org.globus.gsi.gssapi.net.GssSocket.authenticateServer(GssSocket.java:117) at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:137) at org.globus.gsi.gssapi.net.GssSocket.getInputStream(GssSocket.java:161) at org.dcache.srm.security.SslGsiSocketFactory$GsiClientSocket.getInputStream(SslGsiSocketFactory.java:808) at org.dcache.srm.security.SslGsiSocketFactory$SocketInputStreamWrapper.retrieveInputIfNeeded(SslGsiSocketFactory.java:503) at org.dcache.srm.security.SslGsiSocketFactory$SocketInputStreamWrapper.read(SslGsiSocketFactory.java:517) at java.io.BufferedInputStream.fill(BufferedInputStream.java:183) at java.io.BufferedInputStream.read(BufferedInputStream.java:201) at electric.util.io.Streams.readLine(Unknown Source) at electric.net.http.HTTPRequest.readHeader(HTTPRequest.java:73) at electric.net.http.HTTPOperation.readHeader(HTTPOperation.java:87) at electric.net.http.WebServer.service(WebServer.java:80) at electric.net.socket.SocketServer.run(Unknown Source) at electric.net.socket.SocketRequest.run(Unknown Source) at electric.util.thread.ThreadPool.run(Unknown Source) at java.lang.Thread.run(Thread.java:534) Wed Jan 18 15:48:13 CET 2006 SslGsiSocketFactory :propogating the exception to the caller etc... Running with $SECURITY_DEBUG true doesn't help me - it prints bunch of hex digits in columns, but nothing gives a clue. I understand, that this may be a difficult problem, since if involves interoperability between two systems that work by themselvs. :( But I'd really appreciate any advise and hint in debugging. For example, what makes client give out "Unknown CA" message ? I'll be happy to provide more info on this.. Artem. > > > > > >>Hi Artem, > >> > >> well, I fear that I am not able to do what I need without installing a > >>world of packages. > >> > >> Here is the latest output I get: > >> > >>--------- > >>fabrizio@nbbbrrepro2 16:22:49 ~/Park/JavaSRM/srmclient>bin/srmcp > >>file:////bin/sh srm://nbbbrrepro2:8443//dir1/dir2/sh-copy > >> > >>org.globus.gsi.GlobusCredentialException: Proxy file > >>(/home/fabrizio/k5-ca-proxy.pem) not found. > >> at org.globus.gsi.GlobusCredential.<init>(GlobusCredential.java:93) > >> at > >>org.dcache.srm.security.SslGsiSocketFactory.createUserCredential(SslGsiSocketFactory.java:305) > >> at > >>org.dcache.srm.security.SslGsiSocketFactory.createUserCredential(SslGsiSocketFactory.java:351) > >> at gov.fnal.srm.util.SRMClient.getGssCredential(SRMClient.java:255) > >> at gov.fnal.srm.util.SRMClient.connect(SRMClient.java:203) > >> at gov.fnal.srm.util.SRMPutClient.connect(SRMPutClient.java:152) > >> at gov.fnal.srm.util.SRMDispatcher.work(SRMDispatcher.java:436) > >> at gov.fnal.srm.util.SRMDispatcher.main(SRMDispatcher.java:200) > >>srm client error: org.globus.gsi.GlobusCredentialException: Proxy file > >>(/home/fabrizio/k5-ca-proxy.pem) not found. > >>--------- > >> > >> > >> Is there any easy way to avoid all this? Since I am not interested in > >>testing the authentication stuff, cannot I send formatted get/put > >>requests to the server? > >> > >> Fabrizio > >> > >> > >>Artem Trunov wrote: > >> > >> > >>>Hi, Fabrizio! > >>> > >>>it's srm's port for incoming requests. > >>> > >>>Artem. > >>> > >>>On Fri, 13 Jan 2006, Fabrizio Furano wrote: > >>> > >>> > >>> > >>> > >>>>Hi Artem, > >>>> > >>>>Artem Trunov wrote: > >>>> > >>>> > >>>> > >>>>>hi, Fabrizio! > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>>Yuo can also do usefull stuff with default protocol. Yuo can test how your > >>>>>>>srm interacts with xrootd(s) and what URLs it gives out for get/put > >>>>>>>requests. > >>>>>>> > >>>>>>> > >>>>>>Well, this is my intention but I have no ideas. How can I send a request > >>>>>>to the srm server? Possibly bypassing the scripts. > >>>>>> > >>>>>> > >>>>>yuo can try srmcp from srmclient package - this is the commandline srm > >>>>>copy tool. > >>>>> > >>>>>srmcp srm://yourserver:8843/path file:/tmp/test1 > >>>>> > >>>>> > >>>>> > >>>>Well, that's one of the scripts I'd like to bypass. > >>>>Anyway, what's that 8843 port number? Is it needed to contact the srm > >>>>server in the machine "yourserver" ? > >>>> > >>>> > >>>> > >>>>Fabrizio > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>I hope it could give some usefull result to you before bumping into luck > >>>>>of grid infrastructure. Although, I am doubtfull, since it needs > >>>>>authorization on the first place... Yuo can also try soap messages > >>>>>directly :( . Timur may give more usufull advise. > >>>>> > >>>>>Artem. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>>Yuo don't need to do the actual transfers? I guess. I will set > >>>>>>>up a testbed with classical stogage element and validate the transfer. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>In principle I wrote teh java code also for that. I totally ignore if it > >>>>>>works. I don't want to give away code written but *never* run.... so I > >>>>>>believe you have to wait some more time... sorry. Anyway the deployment > >>>>>>is not that hard. But definitely you need postgres. > >>>>>> > >>>>>>Fabrizio > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>>Artem. > >>>>>>> > >>>>>>>On Fri, 13 Jan 2006, Fabrizio Furano wrote: > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>>Hi Timur, > >>>>>>>> > >>>>>>>>I just managed to get my custom srm server started! > >>>>>>>> > >>>>>>>>But now I have no idea about what to do. Is there a way to inhoculate > >>>>>>>>get/put requests directly to the server to debug it? > >>>>>>>> > >>>>>>>>I gave a look at the scripts in the srmclient directory, but I don't > >>>>>>>>believe that they are the answer. Moreover, the protocol matchings are > >>>>>>>>done inside the scripts, so I believe I'd need to modify them all to > >>>>>>>>include a new protocol. > >>>>>>>> > >>>>>>>>Thank you > >>>>>>>> > >>>>>>>>Fabrizio > >>>>>>>> > >>>>>>>> > >>>>>>>> > >