Hi, my server was configured only to recognize atlas and dteam, I am not surprised that it rejects lsst... Anyway I see progress, your request came in fine and it's clearly a proxy even if from a VO that my server does not know. Now my questions... - Do you happen to be allowed to create an atlas or team proxy cert ? Then you may want to try with that one - Was your server (the machine, not xrootd) configured to recognize gridpp or lsst proxies ? [ it's the stuff in /etc/grid-security/vomsdir plus the ca-policy-egi-core package ] Cheers Fabrizio On 03/10/2017 02:36 PM, Marcus Ebert wrote: > Ok, getting the davix-tools was easier than I thought. They are available through a GridPP CernVM. > However, doing so I get the output: > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> > <html xmlns="http://www.w3.org/1999/xhtml"> > <head> > <meta http-equiv="content-type" content="text/html;charset=utf-8"/> > <link rel="stylesheet" type="text/css" href="/static/css/xrdhttp.css"/> > <link rel="icon" type="image/png" href="/static/icons/xrdhttp.ico"/> > <title>/</title> > </head> > <body> > <h1>Listing of: /</h1> > <div id="header"><table id="ft"> > <thead><tr> > <th class="mode">Mode</th><th class="flags">Flags</th><th class="size">Size</th><th class="datetime">Modified</th><th > class="name">Name</th></tr></thead> > <tr><td class="mode">d--rwx</td><td class="mode">51</td><td class="size">4096</td><td class="datetime">Wed, 26 Nov 2014 15:28:25 > GMT</td><td class="name"><a href="atlas">atlas</a></td></tr><tr><td class="mode">d--rwx</td><td class="mode">51</td><td > class="size">4096</td><td class="datetime">Thu, 27 Nov 2014 16:34:50 GMT</td><td class="name"><a > href="dynafeds_demo">dynafeds_demo</a></td></tr><tr><td class="mode">d--rwx</td><td class="mode">51</td><td > class="size">167936</td><td class="datetime">Tue, 28 Feb 2017 16:44:54 GMT</td><td class="name"><a > href="georgios_test">georgios_test</a></td></tr></table></div><br><br><hr size=1><p><span id="requestby">Request by > /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=marcus ebert/CN=157025827 ( DN: /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=marcus > ebert/CN=157025827 ) ( 94.197.120.22.threembb.co.uk )</span></p> > <p>Powered by XrdHTTP v20170305-55a66d2 (CERN IT-SDC)</p> > > > Which doesn't say anything about the VO. I tried with an LSST and GridPP proxy. > voms info gives for example for gridpp VO: > subject : /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=marcus ebert/CN=157025827 > issuer : /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=marcus ebert > identity : /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=marcus ebert > type : RFC compliant proxy > strength : 1024 bits > path : /tmp/x509up_u501 > timeleft : 11:59:33 > key usage : Digital Signature, Key Encipherment, Data Encipherment > === VO gridpp extension information === > VO : gridpp > subject : /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=marcus ebert > issuer : /C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk > attribute : /gridpp/Role=NULL/Capability=NULL > timeleft : 11:59:33 > uri : voms.gridpp.ac.uk:15000 > > > Cheers, > Marcus > > On Fri, 10 Mar 2017, Marcus Ebert wrote: > >> Thanks Fabrizio! >> >> I'll try to get the davix-tools made available first. >> >> Cheers, >> Marcus >> >> On Fri, 10 Mar 2017, Fabrizio Furano wrote: >> >>> Hi, >>> >>> sorry, I missed the other questions, here they are... >>> >>> On 03/10/2017 11:08 AM, Marcus Ebert wrote: >>> > Unfortunaely, I don't have davix-get available on the local desktop. Is > there any lsetup mode for Atlas to make that >>> available >>> > (or any other cvmfs path)? >>> >>> You can get davix from all the major Linux distributions with their own >>> tools, apt, yum, ... >>> >>> cvmfs certainly has it because it's used, but I cannot help you there, I >>> have no idea (others may chime in) >>> >>> > > Do you get any similar output if you do this with > https://dev2.gridpp.ecdf.ed.ac.uk:1094 ? >>> > >>> It gives to me 404 on the root directory, which is a sign of server >>> misconfiguration (despite xrootd or http) >>> >>> >>> > If I do so in a browser for your test server, it displays: >>> > Request by /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=marcus ebert ( DN: > /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=marcus >>> ebert ) ( >>> > 94.197.120.22.threembb.co.uk ) >>> > > Powered by XrdHTTP v20170305-55a66d2 (CERN IT-SDC) >>> > > but no VO identification (probably because there is no voms-proxy > available to the browser and it doesn't do a lockup in >>> > grid-mapfile?) >>> >>> Browsers do not support Grid proxies. >>> The historical workaround for that is the use of a mapfile, as you cite. >>> Xrdhttp uses the same mapfile >>> of the rest of the xrootd framework, which is a bit original if one is >>> used to the ones used e.g. by DPM. >>> >>> Anyway I would not go further that way until you have troubleshoot your >>> client setup. You must be able >>> to get from my server the same kind of output that I get. >>> >>> You can use curl, but it's more complex and less reliable. Please do an >>> attempt at getting davix. >>> >>> Please let me know >>> Fabrizio >>> >>> >>> >>> >> >> > ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1