Can you verify that CAS server credentials? Are you sure it is using certificates for /O=Grid/OU=GlobusTest/OU= <http://simpleca-hfrd08.domain.in/OU=domain.in/CN=casadmin> simpleCA-hfrd08.domain.in/OU=domain.in/CN=casadmin and not the host certificate? Given you are using https, the container credentials will be presented for authentication and not the service credentials. I have fixed the documentation to reflect this. Rachana
_____ From: R. Kumaram [mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2008 1:11 AM To: Rachana Ananthakrishnan Cc: [email protected] Subject: Re: [gt-user] Problem with CAS server administration Thank u Rachna for clarification.. Well, I am getting following error casadmin(globus-4.0.7 @ hfrd08)cas-group-admin -c $CAS_SERVER_URL -s $CAS_SERVER_IDENTITY user create analyst analyst ; nested exception is: org.globus.common.ChainedIOException: Authentication failed [Caused by: Operation unauthorized (Mechanism level: Authorization failed. Expected "/O=Grid/OU=GlobusTest/OU=simpleCA-hfrd08.domain.in/OU=domain.in/CN=casadmin " target but received "/O=Grid/OU=GlobusTest/OU=simpleCA-hfrd08.domain.in/CN=host/hfrd08.domain.in ")] where, (~)echo $CAS_SERVER_URL https://172.16.32.157:8443/wsrf/services/CASService and (~)echo $CAS_SERVER_IDENTITY /O=Grid/OU=GlobusTest/OU=simpleCA-hfrd08.domain.in/OU=domain.in/CN=casadmin I am not getting what exactly happening wrong here. I tried with INSERT INTO user_group_entry (user_group_name, user_nickname) values ('superUserGroup', 'casadmin'); and INSERT INTO user_table (user_nickname,subject_name,trust_anchor_nickname) values ('casadmin', '/O=Grid/OU=GlobusTest/OU=simpleCA-hfrd08.domain.in/OU=domain.in/CN=casadmin ','defaultTrustAnchor'); still getting the same problem.. ie ; nested exception is: org.globus.common.ChainedIOException: Authentication failed [Caused by: Operation unauthorized (Mechanism level: Authorization failed. Expected "/O=Grid/OU=GlobusTest/OU=simpleCA-hfrd08.domain.in/OU=domain.in/CN=casadmin " target but received "/O=Grid/OU=GlobusTest/OU=simpleCA-hfrd08.domain.in/CN=host/hfrd08.domain.in ")] and On Thu, Aug 28, 2008 at 7:07 PM, Rachana Ananthakrishnan <[EMAIL PROTECTED]> wrote: CAS server URL should point to the sever you are running and in your case it is https://172.16.32.157:8443/wsrf/services/CASService What is the error you get with the above? Rachana _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Kumaram Sent: Thursday, August 28, 2008 12:13 AM To: [email protected] Subject: [gt-user] Problem with CAS server administration Hi All, I installed globus 4.0.7 , and everything seems to be fine including rft, gsiftp, container running sucessfully, I can submit job sucessfully. Now the problem is coming in CAS server administration, I have configured it according to the http://www.globus.org/toolkit/docs/4.0/admin/docbook/ch14.html database is properly set Obtained credentials for CAS service I can bootstrap the database with cas-server-bootstrap Performed all the test sucessfully Now the problem is when I try to create user, with cas-group-admin user create command with the CAS_SERVER_URL "http://localhost:8080/wsrf/services/CASService"; it gives me connection refused error: casadmin(globus-4.0.7 @ host1)cas-group-admin -c http://localhost:8080/wsrf/services/CASService user create kumaram kumaram ; nested exception is: java.net.ConnectException: Connection refused I checked the container running on globus user globus(~ @ host1)globus-start-container Starting SOAP server at: https://172.16.32.157:8443/wsrf/services/ With the following services: [1]: https://172.16.32.157:8443/wsrf/services/AdminService [2]: https://172.16.32.157:8443/wsrf/services/AuthzCalloutTestService [3]: https://172.16.32.157:8443/wsrf/services/CASService here CASService is running on 8443 port, so I have a confusion whether CAS_SERVER_URL should be "https://172.16.32.157:8443/wsrf/services/CASService"; or not ???? I tried with this but it didnt work. When I checked where my gridftp server is running, it is on 56110 port root(lib @ host1)netstat -lnpt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 :::56110 :::* LISTEN 10088/globus-gridft tcp 0 0 :::7512 :::* LISTEN 2166/xinetd tcp 0 0 :::8443 :::* LISTEN 7103/java tcp 0 0 :::2811 :::* LISTEN 2166/xinetd So I changed my CAS_SERVER_URL with http://localhost:56110/wsrf/services/CASService and tried but it is giving Number Format exception error casadmin(globus-4.0.7 @ host1)cas-group-admin -c http://localhost:56110/wsrf/services/CASService user create kumaram kumaram ; nested exception is: java.lang.NumberFormatException: For input string: "host1.domain.com" If I change my CAS_SERVER_URL with "http://172.16.32.157:56110/wsrf/services/CASService"; again the same NumberFOrmatException is coming. Can anybody please find where I am doing mistake ??? -- Regards R.Kumaram -- Regards R.Kumaram
