Tools/Manuals/TS13
< Tools
Jump to navigation
Jump to search
Revision as of 17:44, 23 March 2011 by Aesch (talk | contribs) (Created page with '{{TOC_right}} Category:FAQ ------ Back to Troubleshooting Guide ------ = Generic verification error for VOMS (failure)! = =…')
Back to Troubleshooting Guide
Generic verification error for VOMS (failure)!
Full message
In /var/log/glite/gatekeeper.log or /var/log/gridftp-lcas_lcmaps.log (on gLite-CE):
LCAS 0: 2006-12-27.17:15:51.873516.0000031537.0000015470 : lcas_plugin_voms-plugin_confirm_authorization_from_x509(): Generic verification error for VOMS (failure)! LCAS 0: 2006-12-27.17:15:51.873516.0000031537.0000015470 : lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin failed
In /var/log/globus-gatekeeper.log or /var/log/gridftp-lcas_lcmaps.log (on LCG-CE or SE_classic):
LCMAPS 0: 2006-12-27.18:21:14.747346.0000009868.0000005366 : lcmaps_plugin_voms-plugin_run(): Generic verification error for VOMS (failure)! LCMAPS 0: 2006-12-27.18:21:14.747346.0000009868.0000005366 : lcmaps_plugin_voms-plugin_run(): voms plugin failed
In /var/log/lfc/log (on LFC) or /var/log/dpns/log (on DPM):
01/17 11:12:00 28364,0 Cns_serv: Could not establish security context: _Csec_get_voms_creds: Generic verification error for VOMS (failure) !
In /var/log/dpm/log (on DPM):
01/17 17:29:00 22553,24 dpm_serv: Could not establish security context: _Csec_get_voms_creds: Generic verification error for VOMS (failure) !
In /var/log/dpm-gsiftp/gridftp.log (on DPM):
Jan 17 17:29:46 lxdpm01 gridftpd[9941]: Generic verification error for VOMS (failure)!
Diagnosis
This happens when the VOMS extensions are present in the user proxy, but:
* either they have expired (their max. lifetime typically is a few days, whereas the underlying grid proxy can have a lifetime up to the expiration time of the user certificate);
* or they were signed by a server whose host cert is not present in {{{/etc/grid-security/vomsdir}}} on the CE/LFC/SE, or its CRL is out of date, or its CA is not present;
* or the VOMS extensions were signed by a VOMS server host cert that in the meantime has expired itself.