CAT_INVALID_AUTHENTICATION

[emedernach]

Hello,

I have an authentication problem after installing B2STAGE-GridFTP with IRODS 4.1.6

I use uberftp client to login:

530-Login incorrect. : iRODS DSI. Error: 'clientLogin' failed.. CAT_INVALID_AUTHENTICATION: , status: -826000. 530- 530 End.

Here is my current configuration:

$LD_LIBRARY_PATH "$LD_LIBRARY_PATH:/root/GRIDFTP/iRODS_DSI" $irodsConnectAsAdmin "rods" load_dsi_module iRODS auth_level 4

Without the above lines I could log to GridFTP server without problems

My DN is registered both in GridFTP server and with the ICAT server and I could iput/iget files to IRODS.

Thanks in advance,

Emmanuel Medernach

[muccix]

Hi Emmanuel,

that error could be due to several causes; please double check the following configurations:

1. check if the globus-gridftp-server is running with the LD_PRELOAD env variable configured (you can chack with $ ps eww PID).
2. check if from the user who runs the gridftp server command line you can perform an "ils" command (if not, do an "iinit" do authenticate the rodsadmin user)

Then another question: is the GridfTP server started as a system service (i.e. in /etc/init.d)? Another user has faced your issue when the init script for the gridftp server is in /etc/init.d..

Best, Roberto

[emedernach]

Hi Roberto,

1 and 2 are Ok

Yes, we run GridFTP as a system service

Here are the logs from the gridftp server:

ts=2015-11-30T07:39:18.075943Z id=8974 event=globus-gridftp-server.session.authn.start ts=2015-11-30T07:39:18.181006Z id=8974 event=globus-gridftp-server.session.message sender=client msg="USER :globus-mapping: " ts=2015-11-30T07:39:18.181042Z id=8974 event=globus-gridftp-server.session.message sender=server msg="331 Password required for :globus-mapping:. " ts=2015-11-30T07:39:18.181458Z id=8974 event=globus-gridftp-server.session.message sender=client msg="PASS dummy " ts=2015-11-30T07:39:18.181487Z id=8974 event=globus-gridftp-server.session.authn.end user=:globus-mapping: DN="/O=GRID-FR/C=FR/O=CNRS/OU=IPHC/CN=Emmanuel Medernach" status=0 ts=2015-11-30T07:39:18.181593Z id=8974 event=globus-gridftp-server.session.authz.start user=:globus-mapping: DN="/O=GRID-FR/C=FR/O=CNRS/OU=IPHC/CN=Emmanuel Medernach" ts=2015-11-30T07:39:18.182369Z id=8974 event=globus-gridftp-server.session.authz.end localuser=root DN="/O=GRID-FR/C=FR/O=CNRS/OU=IPHC/CN=Emmanuel Medernach" status=0 ts=2015-11-30T07:39:18.384936Z id=8974 event=globus-gridftp-server.session.message sender=client msg="PASS dummy " ts=2015-11-30T07:39:18.384983Z id=8974 event=globus-gridftp-server.session.message sender=server msg="530-Login incorrect. : iRODS DSI. Error: 'clientLogin' failed.. CAT_INVALID_AUTHENTICATION: , status: -826000. 530- 530 End. "

[muccix]

Hi Emmanuel,

could you try to start the gridftp server from the command line, instead as a system service. I'm not sure why, but another user facing the same problem resolved that way.

[emedernach]

Thanks for your advices, it works correctly now with the system service.

Here is our configuration:

• File /etc/sysconfig/globus-gridftp-server

export LD_PRELOAD="${LD_PRELOAD:+$LD_PRELOAD:}/usr/lib64/libglobus_gridftp_server.so:/root/GRIDFTP/iRODS_DSI/libglobus_gridftp_server_iRODS.so"

• Configuration file gridftp.conf

$LD_LIBRARY_PATH "/root/GRIDFTP/iRODS_DSI" $irodsConnectAsAdmin "rods" load_dsi_module iRODS auth_level 4 $HOME /root

[muccix]

Good to know!

For the sake of clarity (and to help other users facing the same issue) could you explain what was the problem and how your configuration fixed it?

Thanks in advance

[emedernach]

Hi Roberto,

The error encountered when connecting with a GridFTP client is:

530-Login incorrect. : iRODS DSI. Error: 'clientLogin' failed.. CAT_INVALID_AUTHENTICATION: , status: -826000. 530- 530 End.

I compared the processes environment between sysinit and manual execution until the error disappeared. The LD_PRELOAD is now set in /etc/sysconfig/globus-gridftp-server which is read by sysinit script and the $HOME variable was missing.

Best regards,

Emmanuel Medernach