Is that the client version as well? Andy On Tue, 14 Oct 2014, apeters1971 wrote: > It is xrootd-3.3.6-4.CERN .... > > Cheers Andreas. > > > On Tue, Oct 14, 2014 at 8:04 PM, Andrew Hanushevsky < > [log in to unmask]> wrote: > >> Hi Andreas, >> >> If you are using an old (really old) client you will get this problem as >> it doesn't send its hostname. The sss preferentially checks for a hostname >> match but if one does not get sent (as is the case in old clients) it >> checks the ip address. So, we eed to reconcile which versions are being >> used. >> >> Andy >> >> P.S. Does the client actually have a hostname? >> >> On Tue, 14 Oct 2014, apeters1971 wrote: >> >>> We have the following problem that 'sss' authentication behind a NAT >> does not work. >>> >>> As expected the symptom is a name/ip mismatch: >>> ``` >>> 141014 11:53:19 17643 root.4168:21@asa-uefke-grid-01 XrootdProtocol: >> 0100 req=3000 dlen=151 >>> sec_PM: Using sss protocol, args='0.13:/etc/sss.keytab' >>> 141014 11:53:19 17643 XrootdXeq: User authentication failed; IP address >> mismatch. >>> 141014 11:53:19 17643 root.4168:21@asa-uefke-grid-01 XrootdResponse: >> 0100 sending err 3010: IP address mismatch. >>> ``` >>> Was this case forseen in the 'sss' authentication model? >>> >>> >>> >>> --- >>> Reply to this email directly or view it on GitHub: >>> https://github.com/xrootd/xrootd/issues/147 >> >> ÿÿ >> Reply to this email directly or view it on GitHub >> <https://github.com/xrootd/xrootd/issues/147#issuecomment-59089434>. >> > > --- > Reply to this email directly or view it on GitHub: > https://github.com/xrootd/xrootd/issues/147#issuecomment-59098018 --- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/147#issuecomment-59098499 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1