 |
 |
Hi Fabrizio, On Fri, 10 Mar 2017, Fabrizio Furano wrote: > Hi Marcus, > > I see that you are online, so IMO it's better to proceed by steps. > > First of all, please troubleshoot your client usage... > you may want to compare with my test server, by doing somehow like me. > > I'm on lxplus, and using my ATLAS proxy. My test server has authentication ON, and > authorization completely open. > Your test server is not reachable from outside CERN, isn't it? > The basic HTML rendering of XrdHTTP prints who you are at the bottom. Please check > that you are correctly recognized, including your voms roles. > Unfortunaely, I don't have davix-get available on the local desktop. Is there any lsetup mode for Atlas to make that available (or any other cvmfs path)? Do you get any similar output if you do this with https://dev2.gridpp.ecdf.ed.ac.uk:1094 ? If I do so in a browser for your test server, it displays: Request by /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=marcus ebert ( DN: /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=marcus ebert ) ( 94.197.120.22.threembb.co.uk ) Powered by XrdHTTP v20170305-55a66d2 (CERN IT-SDC) but no VO identification (probably because there is no voms-proxy available to the browser and it doesn't do a lockup in grid-mapfile?). Cheers, Marcus > Cheers > f > > ------------------------------------------------- > $ voms-proxy-init --voms atlas --rfc > <blah> > $ davix-get -P grid https://littlexrdhttp.cern.ch:1094/ > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> > <html xmlns="http://www.w3.org/1999/xhtml"> > <head> > <meta http-equiv="content-type" content="text/html;charset=utf-8"/> > <link rel="stylesheet" type="text/css" href="/static/css/xrdhttp.css"/> > <link rel="icon" type="image/png" href="/static/icons/xrdhttp.ico"/> > <title>/</title> > </head> > <body> > <h1>Listing of: /</h1> > <div id="header"><table id="ft"> > <thead><tr> > <th class="mode">Mode</th><th class="flags">Flags</th><th class="size">Size</th><th class="datetime">Modified</th><th > class="name">Name</th></tr></thead> > <tr><td class="mode">d--rwx</td><td class="mode">51</td><td class="size">4096</td><td class="datetime">Wed, 26 Nov 2014 15:28:25 > GMT</td><td class="name"><a href="atlas">atlas</a></td></tr><tr><td class="mode">d--rwx</td><td class="mode">51</td><td > class="size">4096</td><td class="datetime">Thu, 27 Nov 2014 16:34:50 GMT</td><td class="name"><a > href="dynafeds_demo">dynafeds_demo</a></td></tr><tr><td class="mode">d--rwx</td><td class="mode">51</td><td > class="size">167936</td><td class="datetime">Tue, 28 Feb 2017 16:44:54 GMT</td><td class="name"><a > href="georgios_test">georgios_test</a></td></tr></table></div><br><br><hr size=1><p><span id="requestby">Request by > /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=furano/CN=644746/CN=Fabrizio Furano/CN=459429248 ( VO: atlas DN: > /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=furano/CN=644746/CN=Fabrizio Furano/CN=459429248 Role: > /atlas/Role=NULL/Capability=NULL ) ( [::ffff:188.184.92.245] )</span></p> > <p>Powered by XrdHTTP v20170305-55a66d2 (CERN IT-SDC)</p> > > > On 03/10/2017 10:11 AM, Marcus Ebert wrote: >> Thanks Fabrizio! >> >> I installed the rpm from the link you sent. >> It is loading when xrootd is restarted, but still doesn't do any lookup. >> Using command line tools, what would be the easiest way to test http access? >> I tried in a browser to access the file (which asks for the certificate and then shows "File not found" while in the xrootd log >> file it still says permission denied) and also with wget and specifying the .pem files >> Probably that is the wrong way to check if http access works as expected? >> >> Cheers, >> Marcus >> >> On Fri, 10 Mar 2017, Fabrizio Furano wrote: >> >>> Hi Marcus, >>> >>> yes, you need libXrdHttpVOMS, otherwise XrdHttp will reject >>> proxy certificates. >>> >>> Right now it's being submitted to epel-testing AFAIK, so >>> it will take some more time to be reviewed. >>> In the meantime you may want to evaluate our internal build: >>> >>> http://grid-deployment.web.cern.ch/grid-deployment/dms/lcgdm/repos/el6/x86_64/ >>> >>> If you do so, please let me know how it goes. >>> >>> Cheers >>> Fabrizio >>> >>> >>> On 03/09/2017 10:54 PM, Marcus Ebert wrote: >>>> Hi, >>>> >>>> I setup a xrootd cluster which works fine with voms authentication >>>> when going through xrootd directly. >>>> To support other transfers requested by VOs I tried to enable also >>>> http. This works for files that everyone has read access to, but not >>>> for VO specific paths and files. It doesn't seem to map the incoming >>>> credentials to a VO. >>>> I think I need to install the libXrdHttpVOMS.so? Does anyone know in >>>> which repository/package this can be found for SL6? >>>> >>>> >>>> Thanks, >>>> Marcus >>>> >>>> ######################################################################## >>>> Use REPLY-ALL to reply to list >>>> >>>> To unsubscribe from the XROOTD-L list, click the following link: >>>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 >>>> >>> >>> ######################################################################## >>> Use REPLY-ALL to reply to list >>> >>> To unsubscribe from the XROOTD-L list, click the following link: >>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 >>> >>> >> > > -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1