Hi,
For some reason that I cannnot understand, the GSI/VOMS access to our EOSCTA dev instance is lost. The error that appears on the client is
-bash-4.2$ xrdcp random_100MB root://antares-dev.stfc.ac.uk//eos/antaresdev/prod/dteam/george/random_100MB
[ERROR] Server responded with an error: [3010] Unable to give access - user access restricted - unauthorized identity used ; Permission denied
Looking at the MGM log, I can see that VOMS attribute extraction and the mapping to an existing user is successful. However, I did notice the following line that I cannot see in the logs of our other instances where XRootD GSI access works without an issue.
240508 10:19:37 time=1715159977.833706 func=stat level=ERROR logid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx unit=mgm@antares-eos14.scd.rl.ac.uk:1094 tid=00007f3b58636700 source=Stat:87 tident= sec=gsi uid=36300 gid=24311 name=dteam001 geo=“” user access restricted - unauthorized identity vid.uid=36300, vid.gid=24311, vid.host=“lcgui06.gridpp.rl.ac.uk”, vid.tident="georgep.1060063:410@lcgui06.gridpp.rl.ac.uk" for path=“/eos/antaresdev/prod/dteam/george/random_100MB” user@domain=“dteam001@gridpp.rl.ac.uk”
followed by
240508 10:19:37 time=1715159977.834516 func=Emsg level=ERROR logid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx unit=mgm@antares-eos14.scd.rl.ac.uk:1094 tid=00007f3b58636700 source=XrdMgmOfs:844 tident= sec= uid=0 gid=0 name= geo=“” Unable to give access - user access restricted - unauthorized identity used ; Permission denied
Can you please give me a clue what to do?
Following another post (Gsi pool account mapping), I tried this
redis-cli -p 9999 hdel eos-config:default “global:/config/eosantaresdev/mgm#AllowedUsers”
but it didnt work.
George