It is xrootd-3.3.6-4.CERN ....

Cheers Andreas.

On Tue, Oct 14, 2014 at 8:04 PM, Andrew Hanushevsky <
[log in to unmask]> wrote:

> Hi Andreas,
>
> If you are using an old (really old) client you will get this problem as
> it doesn't send its hostname. The sss preferentially checks for a hostname
> match but if one does not get sent (as is the case in old clients) it
> checks the ip address. So, we eed to reconcile which versions are being
> used.
>
> Andy
>
> P.S. Does the client actually have a hostname?
>
> On Tue, 14 Oct 2014, apeters1971 wrote:
>
> > We have the following problem that 'sss' authentication behind a NAT
> does not work.
> >
> > As expected the symptom is a name/ip mismatch:
> > ```
> > 141014 11:53:19 17643 root.4168:21@asa-uefke-grid-01 XrootdProtocol:
> 0100 req=3000 dlen=151
> > sec_PM: Using sss protocol, args='0.13:/etc/sss.keytab'
> > 141014 11:53:19 17643 XrootdXeq: User authentication failed; IP address
> mismatch.
> > 141014 11:53:19 17643 root.4168:21@asa-uefke-grid-01 XrootdResponse:
> 0100 sending err 3010: IP address mismatch.
> > ```
> > Was this case forseen in the 'sss' authentication model?
> >
> >
> >
> > ---
> > Reply to this email directly or view it on GitHub:
> > https://github.com/xrootd/xrootd/issues/147
>
> —
> Reply to this email directly or view it on GitHub
> <https://github.com/xrootd/xrootd/issues/147#issuecomment-59089434>.
>

—
Reply to this email directly or view it on GitHub.

{"@context":"http://schema.org","@type":"EmailMessage","description":"View this Issue on GitHub","action":{"@type":"ViewAction","url":"https://github.com/xrootd/xrootd/issues/147#issuecomment-59098018","name":"View Issue"}}

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1