Hello Oscar, Thank you for your help on this. Everything is working fine now. I am able to secure GLobus gridftp and gatekeeper services through lcas/lcmaps using voms credentials.
One more thing i need to ask. When i was configuring the lcas/lcmaps, log file showed some dependency on a package called org.gridsite.core. This package deals with set of extensions to the Apache web server and a toolkit for Grid credentials. But we are not using any web server. So is it possible by any means to remove this dependency? Thanks again Vipul CDAC, Banglore India. > Hi Vipul, > > That version indeed has the fix. > > I guess it's a configuration issue now. > Is the gsi-authz.conf at /etc/grid-security/gsi-authz.conf > That location is searched for by the gt4 tools. > > > The VO mapfile should only have: > "/trial" globus > "/trial/*" globus > > > I would also configure the vomslocalgroup plugin. The groupmapfile > should contain: > "/trial" globus > "/trial/*" globus > > > For testing I would only configure the lcas_userban.mod with an empty > ban _users.db file in the lcas.db.gridftp for the simple reason to test > the service. > > Let the lcas_voms.mod look to the grid-mapfile or vomapfile that you have. > > change the content of the lcas_voms.mapfile to: > "/trial" globus > "/trial/*" globus > > > Export the following elements in the gridftpd's environment: > > export LCAS_LOG_LEVEL=5 > export LCAS_DEBUG_LEVEL=5 > export LCMAPS_LOG_LEVEL=5 > export LCMAPS_DEBUG_LEVEL=5 > > 5 mean very-very verbose, 0 means nearly nothing. Normal operational > setting is: > export LCAS_LOG_LEVEL=1 > export LCAS_DEBUG_LEVEL=0 > export LCMAPS_LOG_LEVEL=1 > export LCMAPS_DEBUG_LEVEL=0 > > Tune as you seem fit. > > > cheers, > > Oscar > > > > Vipul.B wrote: >> Hi Oscar, >> Correct me if I am wrong : VOMS credential is supported for >> accessing >> pre-WS globus services like Globus gate-keeper and Globus gridFTP(Not >> only the glite versions) via the lcas-lcmaps-gt4-interface? >> If yes, then the following should work. >> I have taken the binary from the link : >> http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.glite.security.lcas-lcmaps-gt4-interface/0.0.14 >> The bug #35981 is fixed in this? >> >> And I am using Globus gridftp in GT4.0.7 >> On calling globus-url-copy, getting error : >> --------------------------------------------------- >> debug: starting to get gsiftp://192.168.61.197/home/globususer/tot >> debug: connecting to gsiftp://192.168.61.197/home/globususer/tot >> debug: response from gsiftp://192.168.61.197/home/globususer/tot: >> 220 192.168.61.197 GridFTP Server 2.7 (gcc32dbg, 1204845443-63) [Globus >> Toolkit 4.0.7] ready. >> >> debug: authenticating with gsiftp://192.168.61.197/home/globususer/tot >> debug: fault on connection to >> gsiftp://192.168.61.197/home/globususer/tot: an end-of-file was reached >> debug: data callback, error an end-of-file was reached, buffer >> 0xb7deb008, length 0, offset=0, eof=true >> debug: operation complete >> error: an end-of-file was reached >> globus_xio: An end of file occurred. >> -------------------------------------------- >> The file gets created with 0 bytes. >> Attaching the configuration files. >> >> Kindly advise. >> >> Also, how do I enable logging in LCAS-LCMAPS, so that I can trace the >> entire flow? >> >> >> Thanks & Regards, >> Vipul Borikar >> CDAC,Banglore >> >> >> >> >> >> >>> Hello Vipul, >>> >>> Please look for the newer version of the gt4 interface which has the >>> names fixed (and a bug fixed): glite-security-lcas-lcmaps-gt4-interface >>> >>> And I'd update the LCAS and LCMAPS installation to the glite versions: >>> http://linuxsoft.cern.ch/EGEE/gLite/R3.1/generic/sl4/i386/RPMS.release/ >>> >>> Also in the glite-security-lcas-lcmaps-gt4-interface package, there >>> should be a small script that loads the lcas-lcmaps-gt4-interface and >>> redirects it to the LCAS and LCMAPS frameworks for the AuthZ and >>> identity mapping functionality. >>> >>> These edg-* tools are very old. >>> >>> The LCAS framework now has the configuration to allow >>> "/VO=trial/GROUP=trial/*" globus >>> >>> This should be changed to the new format for VOMS FQANs >>> "/trial" globus >>> "/trial/*" globus >>> >>> Here is more info on the configuration: >>> https://savannah.cern.ch/patch/?1830 >>> >>> The lcmaps configuration on that page is not for a GridFTP, but the >>> version of the RPMS that are used now in the EGEE systems is stated >>> here. >>> >>> >>> When I look at the lcas-vomsfile you send, then I guess this to be your >>> grid-mapfile for testing. As the 'globus' account is a non-pool >>> account, >>> its a local account. If you wish to do the identity (to Unix account) >>> mapping based on the VOMS FQANs, then you should use the >>> voms_localaccount plugin and the posix_enf plugin. >>> >>> >>> Example lcmaps.db: >>> BOF >>> path = /opt/glite/lib/modules >>> >>> >>> vomslocalaccount = "lcmaps_voms_localaccount.mod" >>> " -gridmapfile /etic/grid-security/gridmapfile" >>> >>> posix_enf = "lcmaps_posix_enf.mod" >>> >>> >>> # policies >>> vomsevalpolicy: >>> vomslocalaccount -> posix_enf >>> EOF >>> >>> >>> cheers, >>> >>> Oscar >>> >>> >>> >>> Vipul Borikar wrote: >>>> Hello all, >>>> I am trying to access pre-WS components of Globus like gridFTP >>>> through VOMS credential. >>>> For this, I have installed the following : >>>> #GT4.0.7 >>>> #VOMS server 1.8 and used it to generate VOMS certificates. >>>> #LCAS, LCMAPS binary RPM for Red hat is taken from the link >>>> http://grid-deployment.web.cern.ch/grid-deployment/download/RpmDir/WP4/ >>>> The components installed are : >>>> # edg-lcas_gcc3_2_2-voms_plugins-1.1.22-1 >>>> # edg-lcas_gcc3_2_2-1.1.22-1 >>>> # edg-lcmaps_gcc3_2_2-0.0.30-1 >>>> # edg-lcmaps_gcc3_2_2-voms_plugins-0.0.30-1 >>>> # edg-lcmaps_gcc3_2_2-basic_plugins-0.0.30 >>>> # org.glite.security.lcas-lcmaps-gt4-interface libraries from eticsoft >>>> >>>> >>>> Then I generate VOMS credential through voms-proxy-init in the >>>> standard >>>> location. >>>> Then when I give the command >>>> >>>> globus-url-copy -dbg gsiftp://192.168.61.197/home/globususer/tot >>>> file:///home/globususer/wall/tot1 >>>> >>>> I get the error : >>>> debug: starting to get gsiftp://192.168.61.197/home/globususer/tot >>>> debug: connecting to gsiftp://192.168.61.197/home/globususer/tot >>>> debug: response from gsiftp://192.168.61.197/home/globususer/tot: >>>> 220 192.168.61.197 GridFTP Server 2.7 (gcc32dbg, 1204845443-63) >>>> [Globus >>>> Toolkit 4.0.7] ready. >>>> >>>> debug: authenticating with gsiftp://192.168.61.197/home/globususer/tot >>>> debug: fault on connection to >>>> gsiftp://192.168.61.197/home/globususer/tot: an end-of-file was >>>> reached >>>> debug: data callback, error an end-of-file was reached, buffer >>>> 0xb7deb008, length 0, offset=0, eof=true >>>> debug: operation complete >>>> >>>> error: an end-of-file was reached >>>> globus_xio: An end of file occurred. >>>> >>>> The file gets created with 0 bytes. >>>> Has anyone tried this? >>>> Attaching the file lcas_voms.mapfile and the voms-proxy-info >>>> >>>> Thanks & Regards, >>>> Vipul Borikar >>>> CDAC Banglore,India >>>> >>>> >>> >> > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
