--
MariaALANDESPRADILLO - 16 Aug 2006
VOMS core troubleshooting
Wrong host certificate subject in the vomses file
It is possible that after renewing a host certificate, the host certificate subject changes and the vomses file containing the VOMS server information is not updated accordingly.
The client side message is like in the following example:
bash-2.05b$ voms-proxy-init -voms mysql_vo1 -userconf ~/vomses
Your identity: /C=CH/O=CERN/OU=GRID/CN=Maria Alandes Pradillo 5561 Enter GRID pass phrase:
Creating temporary proxy ....................................... Done
Contacting lxb0769.cern.ch:15001 [/C=CH/O=CERN/OU=GRID/CN=lxb0769.cern.ch] "mysql_vo1" Failed
Error: Could not establish authenticated connection with the server.
GSS Major Status: Unexpected Gatekeeper or Service Name GSS Minor Status Error Chain:
an unknown error occurred
Failed to contact servers for mysql_vo1.
The server log file contains the following lines:
Wed Aug 16 11:04:48 2006:lxb0769.cern.ch:vomsd(4341):ERROR:REQUEST:AcceptGSIAuthentication
home/glbuild/GLITE_3_0_0_final/org.glite.security.voms/src/socklib/Server.cpp:259):Failed to establish
security context (accept):.GSS Major Status: General failure.GSS Minor Status Error
Chain:..accept_sec_context.c:305:gss_accept_sec_context: Error during delegation: Delegation protocol
violation
In this case it's good that you check whether the vomses file contains the correct host certificate subject. To check what's your VOMS host certificate subject, run the following command:
[root@lxb0769 root]# openssl x509 -in /etc/grid-security/hostcert.pem -noout -subject
subject= /C=CH/O=CERN/OU=GRID/CN=host/lxb0769.cern.ch
And check in the vomses file that the certificate subject is correct:
bash-2.05b$ more vomses
...
"mysql_vo1" "lxb0769.cern.ch" "15001" "/C=CH/O=CERN/OU=GRID/CN=host/lxb0769.cern.ch" "mysql_vo1"
...