Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Tools/Manuals/TS13"

From EGIWiki
Jump to navigation Jump to search
(Created page with '{{TOC_right}} Category:FAQ ------ Back to Troubleshooting Guide ------ = Generic verification error for VOMS (failure)! = =…')
 
Line 46: Line 46:
This happens when the VOMS extensions are present in the user proxy, but:
This happens when the VOMS extensions are present in the user proxy, but:


* either they have expired (their max. lifetime typically is a few days,
* either they have expired (their max. lifetime typically is a few days,
whereas the underlying grid proxy can have a lifetime up to the
whereas the underlying grid proxy can have a lifetime up to the
expiration time of the user certificate);
expiration time of the user certificate);


* or they were signed by a server whose host cert is not present in
* or they were signed by a server whose host cert is not present in
{{{/etc/grid-security/vomsdir}}} on the CE/LFC/SE, or its CRL is out of date,
<font face="Courier New,Courier">/etc/grid-security/vomsdir</font> on the CE/LFC/SE, or its CRL is out of date,
or its CA is not present;
or its CA is not present;


* or the VOMS extensions were signed by a VOMS server host cert that
* or the VOMS extensions were signed by a VOMS server host cert that
in the meantime has expired itself.
in the meantime has expired itself.

Revision as of 17:45, 23 March 2011

Back to Troubleshooting Guide

Generic verification error for VOMS (failure)!

Full message

In /var/log/glite/gatekeeper.log or /var/log/gridftp-lcas_lcmaps.log (on gLite-CE): 

LCAS   0: 2006-12-27.17:15:51.873516.0000031537.0000015470 :
   lcas_plugin_voms-plugin_confirm_authorization_from_x509():
 Generic verification error for VOMS (failure)!
LCAS   0: 2006-12-27.17:15:51.873516.0000031537.0000015470 :
   lcas_plugin_voms-plugin_confirm_authorization_from_x509():
 voms plugin failed

In /var/log/globus-gatekeeper.log or /var/log/gridftp-lcas_lcmaps.log (on LCG-CE or SE_classic): 

LCMAPS 0: 2006-12-27.18:21:14.747346.0000009868.0000005366 :
   lcmaps_plugin_voms-plugin_run():
 Generic verification error for VOMS (failure)!
LCMAPS 0: 2006-12-27.18:21:14.747346.0000009868.0000005366 :
   lcmaps_plugin_voms-plugin_run():
 voms plugin failed

In /var/log/lfc/log (on LFC) or /var/log/dpns/log (on DPM): 

01/17 11:12:00 28364,0 Cns_serv: Could not establish security context:
_Csec_get_voms_creds: Generic verification error for VOMS (failure) !

In /var/log/dpm/log (on DPM): 

01/17 17:29:00 22553,24 dpm_serv: Could not establish security context:
 _Csec_get_voms_creds: Generic verification error for VOMS (failure) !

In /var/log/dpm-gsiftp/gridftp.log (on DPM): 

Jan 17 17:29:46 lxdpm01 gridftpd[9941]:
 Generic verification error for VOMS (failure)!

Diagnosis

This happens when the VOMS extensions are present in the user proxy, but:

  • either they have expired (their max. lifetime typically is a few days,

whereas the underlying grid proxy can have a lifetime up to the expiration time of the user certificate);

  • or they were signed by a server whose host cert is not present in

/etc/grid-security/vomsdir on the CE/LFC/SE, or its CRL is out of date, or its CA is not present;

  • or the VOMS extensions were signed by a VOMS server host cert that

in the meantime has expired itself.

Retrieved from "https://wiki.egi.eu/w/index.php?title=Tools/Manuals/TS13&oldid=14274"