Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @


From EGIWiki
Jump to navigation Jump to search
Main operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security

Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators

Back to Troubleshooting Guide

No valid credential found ... System error

Full message

$ export LFC_HOST=lfc_alias.some_domain
$ lfc-ls /grid/
send2nsd: NS002 - send error : No valid credential found
/grid/: System error


This probably is due to a DNS problem: the alias for the LFC host is resolved to the IP address of the real host, but the reverse lookup of the IP address points back to the alias instead of the real host. This problem has been observed for old versions of nscd (which may run on the UI), but also a standard named may be misconfigured or otherwise in bad shape. Verify that /etc/resolv.conf only includes the desired name servers for your site.

To get more information out of commands like lfc-ls you can do this:

( export CSEC_TRACE=1 ; lfc-ls /grid )

For the case at hand the stderr would include a diagnostic like this:

ERROR: initializing context: GSS Error: GSS Major Status: Unexpected
Gatekeeper or Service Name
MECH Error: GSS Minor Status Error Chain:

init_sec_context.c:251: gss_init_sec_context: Mutual authentication failed:
The target name (/C=FOO/O=BAR/OU=XYZ/L=ABC/CN=real_hostname.some_domain)
in the context, and the target name (/CN=host/lfc_alias.some_domain) passed
to the function do not match