Follow-up Comment #3, bug #87887 (project xrootd): Hi, On the remote node ascint1y: here is the keytab file and contents [root@ascint1y ~]# xrdsssadmin list /var/spool/xrootd/.xrd/sss.keytab Number Len Date/Time Created Expires Keyname User & Group ------ --- --------- ------- -------- ------- 1 32 10/07/11 14:09:02 -------- sss_keytab anybody atlas with XrdSecDEBUG=1 mount -t fuse -a gives: root@ascint1y ~]# mount -t fuse -a sec_Client: protocol request for host atlas21.hep.anl.gov token='&P=unix&P=sss,0.13:' sec_PM: Skipping unix only want sss sec_PM: Loading sss protocol object from libXrdSecsss.so sec_sss: Client keytab='/var/spool/xrootd/.xrd/sss.keytab' sec_PM: Using sss protocol, args='0.13:' sec_sss: Ret 151 bytes of credentials; k=1 sec_sss: Ret 151 bytes of credentials; k=1 sec_Client: protocol request for host atlas22.hep.anl.gov token='&P=unix&P=sss,0.13:' sec_PM: Skipping unix only want sss sec_PM: Loading sss protocol object from libXrdSecsss.so sec_sss: Client keytab='/var/spool/xrootd/.xrd/sss.keytab' sec_PM: Using sss protocol, args='0.13:' sec_sss: Ret 151 bytes of credentials; k=1 sec_sss: Ret 151 bytes of credentials; k=1 atlas22 (redirector machine) - remote xrootdfs mount [root@atlas22 ~]# xrdsssadmin list /var/spool/xrootd/.xrd/sss.keytab Number Len Date/Time Created Expires Keyname User & Group ------ --- --------- ------- -------- ------- 1 32 10/07/11 14:09:02 -------- sss_keytab anybody atlas This is a single nic machine with ntp running and the time consitent. On the other remote mount machine (stand alone xrootd data server) atlas8/atlas21 (dual nic machine) bash-3.2$ xrdcp /local/home/xrootd/xrootd-copy-test.ascint1y root://atlas22.hep.anl.gov//atlas/xrootd-copy-test.ascint1y sec_Client: protocol request for host atlas22.hep.anl.gov token='&P=unix&P=sss,0.13:' sec_PM: Loading unix protocol object from libXrdSecunix.so sec_PM: Using unix protocol, args='' sec_Client: protocol request for host ascint1y.hep.anl.gov token='&P=sss,0.13:&P=unix' sec_PM: Loading sss protocol object from libXrdSecsss.so sec_PM: Using sss protocol, args='0.13:' sec_sss: Init_Client: Unable to determine keytab location. sec_PM: Using unix protocol, args='' [xrootd] Total 0.00 MB |====================| 100.00 % [inf MB/s] bash-3.2$ xrdcp /local/home/xrootd/xrootd-copy-test.ascint1y root://atlas21.hep.anl.gov//atlas/xrootd-copy-test.ascint1y sec_Client: protocol request for host atlas21.hep.anl.gov token='&P=unix&P=sss,0.13:' sec_PM: Loading unix protocol object from libXrdSecunix.so sec_PM: Using unix protocol, args='' [xrootd] Total 0.00 MB |====================| 100.00 % [inf MB/s] As you can see when copying files with xrdcp the unix command was used. In each system here is the sss security line from the configuration file sec.protocol /usr/lib64 sss -s /var/spool/xrootd/.xrd/sss.keytab will now test with group security priv. _______________________________________________________ Reply to this item at: <http://savannah.cern.ch/bugs/?87887> _______________________________________________ Message sent via/by LCG Savannah http://savannah.cern.ch/