I believe /usr/lib64/libXrdSecgsiVOMS.so is obsolete in Xrootd 5.1.1, replaced by /usr/lib64/libXrdVOMS.so. All other config remain the same.
Wei Yang | mailto:[log in to unmask]
From: <[log in to unmask]
> on behalf of George Patargias - STFC UKRI <[log in to unmask]
Date: Friday, April 16, 2021 at 2:33 AM
To: xrootd-l <[log in to unmask]
Subject: XRootD 5.1.1 and GSI/VOMS authorisation problems
Is there any issue with XRootD 5 (5.1.1) and GSI/VOMS authorisation? When I try to copy a file out of Echo using a standard grid proxy, xrdcp hangs for some reason. And I see a lot of these errors: secgsi_Authenticate: ERROR: user mapping required, but lookup
failed - failure
I have noticed that the VOMS attributes are not extracted but I am not sure if this is important or not. At any rate, gsi grants access to the file but then nothing happens.
210416 10:27:07 525767 secgsi_XrdOucGMap::dn2user: mapping DN '/C=UK/O=eScience/OU=CLRC/L=RAL/CN=james walder' to 'atlasprod'
210416 10:27:07 525767 XrdVomsFun: proxy: /C=UK/O=eScience/OU=CLRC/L=RAL/CN=james walder/CN=1933687333
210416 10:27:07 525767 XrdVomsFun: adding cert: /C=UK/O=eScience/OU=CLRC/L=RAL/CN=james walder
210416 10:27:07 525767 XrdVomsFun: retrieval FAILED: Cannot verify AC signature!
210416 10:27:07 525767 secgsi_Authenticate: VOMS: Entity.vorg: <none>
210416 10:27:07 525767 secgsi_Authenticate: VOMS: Entity.grps: <none>
210416 10:27:07 525767 secgsi_Authenticate: VOMS: Entity.role: <none>
210416 10:27:07 525767 secgsi_Authenticate: VOMS: Entity.endorsements: <none>
210416 10:27:07 525767 XrootdXeq: jwalder.23107:[log in to unmask]
pub IP64 login as atlasprod
210416 10:27:07 525767 acc_Audit: jwalder.23107:[log in to unmask]
grant gsi [log in to unmask]
Do you have any idea what the problem might be? Thanks.
My gsi config is
sec.protparm gsi -vomsfun:/usr/lib64/libXrdSecgsiVOMS.so -vomsfunparms:certfmt=pem|vos=atlas,dteam|grps=/atlas,/dteam|grpopt=10|dbg
sec.protocol gsi -dlgpxy:1 -exppxy:=creds -crl:3 -cert:/etc/grid-security/xrootd/hostcert.pem -key:/etc/grid-security/xrootd/hostkey.pem -gridmap:/etc/grid-security/grid-mapfile -gmapopt:2 -gmapto:3600 -d:1
This email and any attachments are intended solely for the use of the named recipients. If you are not the intended recipient you must not use, disclose, copy or distribute this email or any of its attachments and should notify the sender immediately and delete
this email from your system. UK Research and Innovation (UKRI) has taken every reasonable precaution to minimise risk of this email or any attachments containing viruses or malware but the recipient should carry out its own virus and malware checks before
opening the attachments. UKRI does not accept any liability for any losses or damages which the recipient may sustain due to presence of any viruses. Opinions, conclusions or other information in this message and attachments that are not related directly to
UKRI business are solely those of the author and do not represent the views of UKRI.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link: