Hi, While we are trying out the things you pointed out, I would like to get clarified on one issue : This VOMS credential has been integrated with LCAS-LCMAPSframework to work with pre-WS grid services like gridFTP/GRAM. In EGEE, this works with gLite gate-keeper and gridFTP(which is but a wrap-around of the respective Globus services). Right? If so, then has anyone tried using the LCAS-LCMAPS framework with Globus gate-keeper and gridFTP?
Thanks & Regards, Kakoli > -----Original Message----- > From: Oscar Koeroo [mailto:[EMAIL PROTECTED] > Sent: Monday, September 29, 2008 6:55 PM > To: Vipul.B > Cc: [EMAIL PROTECTED]; [email protected] > Subject: Re: Problem in using LCAS-LCMAPS with Globus and VOMS > > > Hi Vipul, > > That version indeed has the fix. > > I guess it's a configuration issue now. > Is the gsi-authz.conf at /etc/grid-security/gsi-authz.conf > That location is searched for by the gt4 tools. > > > The VO mapfile should only have: > "/trial" globus > "/trial/*" globus > > > I would also configure the vomslocalgroup plugin. The groupmapfile > should contain: > "/trial" globus > "/trial/*" globus > > > For testing I would only configure the lcas_userban.mod with an empty > ban _users.db file in the lcas.db.gridftp for the simple reason to test > the service. > > Let the lcas_voms.mod look to the grid-mapfile or vomapfile that you have. > > change the content of the lcas_voms.mapfile to: > "/trial" globus > "/trial/*" globus > > > Export the following elements in the gridftpd's environment: > > export LCAS_LOG_LEVEL=5 > export LCAS_DEBUG_LEVEL=5 > export LCMAPS_LOG_LEVEL=5 > export LCMAPS_DEBUG_LEVEL=5 > > 5 mean very-very verbose, 0 means nearly nothing. Normal operational > setting is: > export LCAS_LOG_LEVEL=1 > export LCAS_DEBUG_LEVEL=0 > export LCMAPS_LOG_LEVEL=1 > export LCMAPS_DEBUG_LEVEL=0 > > Tune as you seem fit. > > > cheers, > > Oscar > > > > Vipul.B wrote: > > Hi Oscar, > > Correct me if I am wrong : VOMS credential is supported for > accessing > > pre-WS globus services like Globus gate-keeper and Globus gridFTP(Not > > only the glite versions) via the lcas-lcmaps-gt4-interface? > > If yes, then the following should work. > > I have taken the binary from the link : > > > http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gl > ite.security.lcas-lcmaps-gt4-interface/0.0.14 > > The bug #35981 is fixed in this? > > > > And I am using Globus gridftp in GT4.0.7 > > On calling globus-url-copy, getting error : > > --------------------------------------------------- > > debug: starting to get gsiftp://192.168.61.197/home/globususer/tot > > debug: connecting to gsiftp://192.168.61.197/home/globususer/tot > > debug: response from gsiftp://192.168.61.197/home/globususer/tot: > > 220 192.168.61.197 GridFTP Server 2.7 (gcc32dbg, 1204845443-63) [Globus > > Toolkit 4.0.7] ready. > > > > debug: authenticating with gsiftp://192.168.61.197/home/globususer/tot > > debug: fault on connection to > > gsiftp://192.168.61.197/home/globususer/tot: an end-of-file was reached > > debug: data callback, error an end-of-file was reached, buffer > > 0xb7deb008, length 0, offset=0, eof=true > > debug: operation complete > > error: an end-of-file was reached > > globus_xio: An end of file occurred. > > -------------------------------------------- > > The file gets created with 0 bytes. > > Attaching the configuration files. > > > > Kindly advise. > > > > Also, how do I enable logging in LCAS-LCMAPS, so that I can trace the > > entire flow? > > > > > > Thanks & Regards, > > Vipul Borikar > > CDAC,Banglore > > > > > > > > > > > > > >> Hello Vipul, > >> > >> Please look for the newer version of the gt4 interface which has the > >> names fixed (and a bug fixed): glite-security-lcas-lcmaps-gt4-interface > >> > >> And I'd update the LCAS and LCMAPS installation to the glite versions: > >> http://linuxsoft.cern.ch/EGEE/gLite/R3.1/generic/sl4/i386/RPMS.release/ > >> > >> Also in the glite-security-lcas-lcmaps-gt4-interface package, there > >> should be a small script that loads the lcas-lcmaps-gt4-interface and > >> redirects it to the LCAS and LCMAPS frameworks for the AuthZ and > >> identity mapping functionality. > >> > >> These edg-* tools are very old. > >> > >> The LCAS framework now has the configuration to allow > >> "/VO=trial/GROUP=trial/*" globus > >> > >> This should be changed to the new format for VOMS FQANs > >> "/trial" globus > >> "/trial/*" globus > >> > >> Here is more info on the configuration: > >> https://savannah.cern.ch/patch/?1830 > >> > >> The lcmaps configuration on that page is not for a GridFTP, but the > >> version of the RPMS that are used now in the EGEE systems is > stated here. > >> > >> > >> When I look at the lcas-vomsfile you send, then I guess this to be your > >> grid-mapfile for testing. As the 'globus' account is a > non-pool account, > >> its a local account. If you wish to do the identity (to Unix account) > >> mapping based on the VOMS FQANs, then you should use the > >> voms_localaccount plugin and the posix_enf plugin. > >> > >> > >> Example lcmaps.db: > >> BOF > >> path = /opt/glite/lib/modules > >> > >> > >> vomslocalaccount = "lcmaps_voms_localaccount.mod" > >> " -gridmapfile /etic/grid-security/gridmapfile" > >> > >> posix_enf = "lcmaps_posix_enf.mod" > >> > >> > >> # policies > >> vomsevalpolicy: > >> vomslocalaccount -> posix_enf > >> EOF > >> > >> > >> cheers, > >> > >> Oscar > >> > >> > >> > >> Vipul Borikar wrote: > >>> Hello all, > >>> I am trying to access pre-WS components of Globus like gridFTP > >>> through VOMS credential. > >>> For this, I have installed the following : > >>> #GT4.0.7 > >>> #VOMS server 1.8 and used it to generate VOMS certificates. > >>> #LCAS, LCMAPS binary RPM for Red hat is taken from the link > >>> > http://grid-deployment.web.cern.ch/grid-deployment/download/RpmDir/WP4/ > >>> The components installed are : > >>> # edg-lcas_gcc3_2_2-voms_plugins-1.1.22-1 > >>> # edg-lcas_gcc3_2_2-1.1.22-1 > >>> # edg-lcmaps_gcc3_2_2-0.0.30-1 > >>> # edg-lcmaps_gcc3_2_2-voms_plugins-0.0.30-1 > >>> # edg-lcmaps_gcc3_2_2-basic_plugins-0.0.30 > >>> # org.glite.security.lcas-lcmaps-gt4-interface libraries from eticsoft > >>> > >>> > >>> Then I generate VOMS credential through voms-proxy-init in > the standard > >>> location. > >>> Then when I give the command > >>> > >>> globus-url-copy -dbg gsiftp://192.168.61.197/home/globususer/tot > >>> file:///home/globususer/wall/tot1 > >>> > >>> I get the error : > >>> debug: starting to get gsiftp://192.168.61.197/home/globususer/tot > >>> debug: connecting to gsiftp://192.168.61.197/home/globususer/tot > >>> debug: response from gsiftp://192.168.61.197/home/globususer/tot: > >>> 220 192.168.61.197 GridFTP Server 2.7 (gcc32dbg, > 1204845443-63) [Globus > >>> Toolkit 4.0.7] ready. > >>> > >>> debug: authenticating with gsiftp://192.168.61.197/home/globususer/tot > >>> debug: fault on connection to > >>> gsiftp://192.168.61.197/home/globususer/tot: an end-of-file > was reached > >>> debug: data callback, error an end-of-file was reached, buffer > >>> 0xb7deb008, length 0, offset=0, eof=true > >>> debug: operation complete > >>> > >>> error: an end-of-file was reached > >>> globus_xio: An end of file occurred. > >>> > >>> The file gets created with 0 bytes. > >>> Has anyone tried this? > >>> Attaching the file lcas_voms.mapfile and the voms-proxy-info > >>> > >>> Thanks & Regards, > >>> Vipul Borikar > >>> CDAC Banglore,India > >>> > >>> > >> > > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
