The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "Tools/Manuals/TS13"
< Tools
Jump to navigation
Jump to search
| (3 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
{{Template:Op menubar}} | |||
{{Template:Doc_menubar}} | |||
[[Category:Operations Manuals]] | |||
{{TOC_right}} | {{TOC_right}} | ||
------ | ------ | ||
Back to [[Manuals | Back to [[Tools/Manuals/SiteProblemsFollowUp|Troubleshooting Guide]] | ||
------ | ------ | ||
| Line 46: | Line 48: | ||
This happens when the VOMS extensions are present in the user proxy, but: | This happens when the VOMS extensions are present in the user proxy, but: | ||
* either they have expired (their max. lifetime typically is a few days, | * either they have expired (their max. lifetime typically is a few days, whereas the underlying grid proxy can have a lifetime up to the expiration time of the user certificate); | ||
whereas the underlying grid proxy can have a lifetime up to the | |||
expiration time of the user certificate); | |||
* or they were signed by a server whose host cert is not present in | * or they were signed by a server whose host cert is not present in <font face="Courier New,Courier">/etc/grid-security/vomsdir</font> on the CE/LFC/SE, or its CRL is out of date, or its CA is not present; | ||
<font face="Courier New,Courier">/etc/grid-security/vomsdir</font> on the CE/LFC/SE, or its CRL is out of date, | |||
or its CA is not present; | |||
* or the VOMS extensions were signed by a VOMS server host cert that | * or the VOMS extensions were signed by a VOMS server host cert that in the meantime has expired itself. | ||
in the meantime has expired itself. | |||
Latest revision as of 13:40, 23 November 2012
| Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
| Documentation menu: | Home • | Manuals • | Procedures • | Training • | Other • | Contact ► | For: | VO managers • | Administrators |
Back to Troubleshooting Guide
Generic verification error for VOMS (failure)!
Full message
In /var/log/glite/gatekeeper.log or /var/log/gridftp-lcas_lcmaps.log (on gLite-CE):
LCAS 0: 2006-12-27.17:15:51.873516.0000031537.0000015470 : lcas_plugin_voms-plugin_confirm_authorization_from_x509(): Generic verification error for VOMS (failure)! LCAS 0: 2006-12-27.17:15:51.873516.0000031537.0000015470 : lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin failed
In /var/log/globus-gatekeeper.log or /var/log/gridftp-lcas_lcmaps.log (on LCG-CE or SE_classic):
LCMAPS 0: 2006-12-27.18:21:14.747346.0000009868.0000005366 : lcmaps_plugin_voms-plugin_run(): Generic verification error for VOMS (failure)! LCMAPS 0: 2006-12-27.18:21:14.747346.0000009868.0000005366 : lcmaps_plugin_voms-plugin_run(): voms plugin failed
In /var/log/lfc/log (on LFC) or /var/log/dpns/log (on DPM):
01/17 11:12:00 28364,0 Cns_serv: Could not establish security context: _Csec_get_voms_creds: Generic verification error for VOMS (failure) !
In /var/log/dpm/log (on DPM):
01/17 17:29:00 22553,24 dpm_serv: Could not establish security context: _Csec_get_voms_creds: Generic verification error for VOMS (failure) !
In /var/log/dpm-gsiftp/gridftp.log (on DPM):
Jan 17 17:29:46 lxdpm01 gridftpd[9941]: Generic verification error for VOMS (failure)!
Diagnosis
This happens when the VOMS extensions are present in the user proxy, but:
- either they have expired (their max. lifetime typically is a few days, whereas the underlying grid proxy can have a lifetime up to the expiration time of the user certificate);
- or they were signed by a server whose host cert is not present in /etc/grid-security/vomsdir on the CE/LFC/SE, or its CRL is out of date, or its CA is not present;
- or the VOMS extensions were signed by a VOMS server host cert that in the meantime has expired itself.