 |
 |
Hi George, Am 16.04.21 um 11:43 schrieb George Patargias - STFC UKRI: > Hi Wei, > > Thanks for replying. As far as I can see libXrdSecgsiVOMS-5.so is linked libXrdVoms-5.so > > /usr/lib64/libXrdSecgsiVOMS-5.so -> libXrdVoms-5.so > > so it is libXrdVoms-5.so that I also use indeed, this symbolic link is kept in XRootD 5 to ease the transition. To be future-proof, you should still adapt your configuration as Wei outlined. Can you elaborate how the VOMS proxy was created? Is it maybe too short (<2048 bits) or not an RFC proxy? How does "voms-proxy-info" look like? Cheers, Oliver > > Best, > > George > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > *From:* Yang, Wei <[log in to unmask]> > *Sent:* 16 April 2021 10:38 > *To:* Patargias, George (STFC,RAL,SC) <[log in to unmask]>; xrootd-l <[log in to unmask]> > *Subject:* Re: XRootD 5.1.1 and GSI/VOMS authorisation problems > Hi George, > > I believe /usr/lib64/libXrdSecgsiVOMS.so is obsolete in Xrootd 5.1.1, replaced by /usr/lib64/libXrdVOMS.so. All other config remain the same. > > regards, > -- > Wei Yang | mailto:[log in to unmask] <mailto:[log in to unmask]> | 650-926-3338(O) > > From: <[log in to unmask]> on behalf of George Patargias - STFC UKRI <[log in to unmask]> > Date: Friday, April 16, 2021 at 2:33 AM > To: xrootd-l <[log in to unmask]> > Subject: XRootD 5.1.1 and GSI/VOMS authorisation problems > > Hello, > > > Is there any issue with XRootD 5 (5.1.1) and GSI/VOMS authorisation? When I try to copy a file out of Echo using a standard grid proxy, xrdcp hangs for some reason. And I see a lot of these errors: secgsi_Authenticate: ERROR: user mapping required, but lookup failed - failure > > I have noticed that the VOMS attributes are not extracted but I am not sure if this is important or not. At any rate, gsi grants access to the file but then nothing happens. > > 210416 10:27:07 525767 secgsi_XrdOucGMap::dn2user: mapping DN '/C=UK/O=eScience/OU=CLRC/L=RAL/CN=james walder' to 'atlasprod' > 210416 10:27:07 525767 XrdVomsFun: proxy: /C=UK/O=eScience/OU=CLRC/L=RAL/CN=james walder/CN=1933687333 > 210416 10:27:07 525767 XrdVomsFun: adding cert: /C=UK/O=eScience/OU=CLRC/L=RAL/CN=james walder > 210416 10:27:07 525767 XrdVomsFun: retrieval FAILED: Cannot verify AC signature! > 210416 10:27:07 525767 secgsi_Authenticate: VOMS: Entity.vorg: <none> > 210416 10:27:07 525767 secgsi_Authenticate: VOMS: Entity.grps: <none> > 210416 10:27:07 525767 secgsi_Authenticate: VOMS: Entity.role: <none> > 210416 10:27:07 525767 secgsi_Authenticate: VOMS: Entity.endorsements: <none> > 210416 10:27:07 525767 XrootdXeq: jwalder.23107:[log in to unmask] pub IP64 login as atlasprod > 210416 10:27:07 525767 acc_Audit: jwalder.23107:[log in to unmask] grant gsi [log in to unmask] stat /dteam:test1/domatest/jwalder/ROOT_testM > > Do you have any idea what the problem might be? Thanks. > > My gsi config is > > sec.protparm gsi -vomsfun:/usr/lib64/libXrdSecgsiVOMS.so -vomsfunparms:certfmt=pem|vos=atlas,dteam|grps=/atlas,/dteam|grpopt=10|dbg > sec.protocol unix > sec.protocol gsi -dlgpxy:1 -exppxy:=creds -crl:3 -cert:/etc/grid-security/xrootd/hostcert.pem -key:/etc/grid-security/xrootd/hostkey.pem -gridmap:/etc/grid-security/grid-mapfile -gmapopt:2 -gmapto:3600 -d:1 > This email and any attachments are intended solely for the use of the named recipients. If you are not the intended recipient you must not use, disclose, copy or distribute this email or any of its attachments and should notify the sender immediately and delete this email from your system. UK Research and Innovation (UKRI) has taken every reasonable precaution to minimise risk of this email or any attachments containing viruses or malware but the recipient should carry out its own virus and malware checks before opening the attachments. UKRI does not accept any liability for any losses or damages which the recipient may sustain due to presence of any viruses. Opinions, conclusions or other information in this message and attachments that are not related directly to UKRI business are solely those of the author and do not represent the views of UKRI. > > > Use REPLY-ALL to reply to list > To unsubscribe from the XROOTD-L list, click the following link: > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 <https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1> > > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > Use REPLY-ALL to reply to list > > To unsubscribe from the XROOTD-L list, click the following link: > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 <https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1> > -- Oliver Freyermuth Universität Bonn Physikalisches Institut, Raum 1.047 Nußallee 12 53115 Bonn -- Tel.: +49 228 73 2367 Fax: +49 228 73 7869 -- ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1