Jump to content
  • Announcements

    • admin

      PBS Forum Has Closed   06/12/17

      The PBS Works Support Forum is no longer active.  For PBS community-oriented questions and support, please join the discussion at http://community.pbspro.org.  Any new security advisories related to commercially-licensed products will be posted in the PBS User Area (https://secure.altair.com/UserArea/). 
slb_l3

Job submission from NATed machine

Recommended Posts

I have a number of users who want to use a Linux virtual machine to do their basic scripts and setup work.  From the Linux virtual - which in our environment must be NATed - they'd like to submit jobs with a simple qsub command.

Is there a way to get this to work?  Right now I get:

% qsub -I -q NewMach
pbs_iff: error returned: 15031
pbs_iff: error returned: 15031
No Permission.
qsub: cannot connect to server slapp47 (errno=15007)

slb

 

Share this post


Link to post
Share on other sites

It would be helpful to have a server log in this case. For security, PBS does a forward/backward name resolution check to ensure that it's not being spoofed. It's possible that your NAT configuration is interfering with that, since this requires that the name of the submitting host be resolvable from the server. The interface library also invokes an authentication program (pbs_iff) to authenticate itself to the server when it issues the "connect" request.  Pbs_iff must be setuid root, since it has to open privileged ports to authenticate.

Share this post


Link to post
Share on other sites

Steve - Here's the server log:

07/18/2016 15:55:52;0100;Server@pbssvr7;Req;;Type 0 request received from scbrown@sl072240.csw.l-3com.com, sock=12

07/18/2016 15:55:52;0100;Server@pbssvr7;Req;;Type 49 request received from scbrown@sl072240.csw.l-3com.com, sock=13

07/18/2016 15:55:52;0080;Server@pbssvr7;Req;req_reject;Reject reply code=15019, aux=0, type=49, from scbrown@sl072240.csw.l-3com.com

07/18/2016 15:55:52;0100;Server@pbssvr7;Req;;Type 49 request received from scbrown@sl072240.csw.l-3com.com, sock=13

07/18/2016 15:55:52;0080;Server@pbssvr7;Req;req_reject;Reject reply code=15019, aux=0, type=49, from scbrown@sl072240.csw.l-3com.com

If the authentication program needs to use privileged ports, that could very well be a problem.  This may require a proxy to connect :(  Also, how does the name get resolved?  As the NAT machine does not necessarily have a resolvable name.

I'm a bit surprised this hasn't been an issue for others...

 

 

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×