The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Tools/Manuals/TS26
| Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
| Documentation menu: | Home • | Manuals • | Procedures • | Training • | Other • | Contact ► | For: | VO managers • | Administrators |
Back to Troubleshooting Guide
No valid credential found ... System error
Full message
$ export LFC_HOST=lfc_alias.some_domain $ lfc-ls /grid/ send2nsd: NS002 - send error : No valid credential found /grid/: System error
Diagnosis
This probably is due to a DNS problem: the alias for the LFC host is resolved to the IP address of the real host, but the reverse lookup of the IP address points back to the alias instead of the real host. This problem has been observed for old versions of nscd (which may run on the UI), but also a standard named may be misconfigured or otherwise in bad shape. Verify that /etc/resolv.conf only includes the desired name servers for your site.
To get more information out of commands like lfc-ls you can do this:
( export CSEC_TRACE=1 ; lfc-ls /grid )
For the case at hand the stderr would include a diagnostic like this:
ERROR: initializing context: GSS Error: GSS Major Status: Unexpected Gatekeeper or Service Name MECH Error: GSS Minor Status Error Chain: init_sec_context.c:251: gss_init_sec_context: Mutual authentication failed: The target name (/C=FOO/O=BAR/OU=XYZ/L=ABC/CN=real_hostname.some_domain) in the context, and the target name (/CN=host/lfc_alias.some_domain) passed to the function do not match