Reply
Highlighted
Explorer
Posts: 9
Registered: ‎09-13-2017
Accepted Solution

Hive ODBC kerberos SASL(-1): generic failure _ GSSAPI Error

[ Edited ]

Hi,

 

We have Kerborised Cluster.

 

I'm able to use the Impala ODBC Driver on a Windows Machine, authenticate with a USERNAME  and PASSWORD using SASL.

 

When I try to connect to the Hive ODBC authenticate with Kerberos. I get the following error message:

 

FAILED!

[Microsoft][Hardy] (34) Error from server: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database).

 KDC ODBC Driver Cloudera.PNG

Tried:

KRB5_CONFIG = C:\Program Files\MIT\Kerberos5\krb5.ini

KRB5CCNAME =C:\temp\krb5cache

 

C:\Program Files\MIT\Kerberos5\venkata.keytab

C:\Program Files\MIT\Kerberos5>krb5.ini(config)

[libdefaults]
default_realm = MYKDC.YSTAT.COM
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts aes128-cts
default_tkt_enctypes = aes256-cts aes128-cts
permitted_enctypes = aes256-cts aes128-cts
udp_preference_limit = 1
kdc_timeout = 3000
max_life = 1d
max_renewable_life = 7d
kdc_tcp_ports = 88
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
MYKDC.YSTAT.COM= {
kdc = dc1.MYKDC.YSTAT.COM
admin_server = dc1.MYKDC.YSTAT.COM
max_renewable_life = 7d 0h 0m 0s
default_principal_flags = +renewable
}

 

kdc ticket cloudera.PNG

 

Tried by using different drivers(Simba, Microsoft, Cloudera)Created new users and new keytabs.

 

 

Any ideas on this error?

 

Thanks.

 

 

Cloudera Employee
Posts: 211
Registered: ‎03-23-2015

Re: Hive ODBC kerberos SASL(-1): generic failure _ GSSAPI Error

You can enable TRACE logging for ODBC driver via "Logging Options" menu, and then you can see what happened on the client side.

Please also check on HS2 log to see what message displays there.
Explorer
Posts: 9
Registered: ‎09-13-2017

Re: Hive ODBC kerberos Centrify : GSSAPI Error and SSL_connect: unknown protocol

[ Edited ]

Thanks, @EricL. It was an FQDN issue.

 

And I've changed FQDN From _Host to HiveServer2.

 

Now I get the following error message:

 

FAILED!

[Microsoft][Hardy] (34) Error from server: SSL_connect: unknown protocol.

 

hive odbc issue 2nd rep.PNG

 

We are using Centrifydc and windows server on the same Network. 

 

Any ideas on this error?

 

Thanks again @EricL.

Explorer
Posts: 9
Registered: ‎09-13-2017

Re: Hive ODBC kerberos Centrify : GSSAPI Error and SSL_connect: unknown protocol

It was a problem with KDC admin server has only Private IP.

 

Now I'm able to connect Hive ODBC by using DBeaver.

 

 

Thanks.

Cloudera Employee
Posts: 211
Registered: ‎03-23-2015

Re: Hive ODBC kerberos Centrify : GSSAPI Error and SSL_connect: unknown protocol

Glad that issue is now resolved!
Announcements