Reply
Contributor
Posts: 31
Registered: ‎06-26-2015
Accepted Solution

Kerberos authentication from windows machine?

[ Edited ]

Hello !

 

After some work I finished setting up Cloudera + MIT Kerberos + Windows AD.

 

from linux machine, I'm able to run "kinit ben@WIN-REALM" and then access hadoop or visit namenode webadmin. Of course I did configure SPNEGO on the web browser.

 

However, after logging in to my windows machine, which authenticate through windows AD, I can't access namenode webadmin which is at http://namenode:50070.

I tried running kinit from CMD but nothing changes.

this is what i get when i visit namenode webadmin.

 

HTTP ERROR 403

Problem accessing /index.html. Reason:

    GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

 

what extra configuration do i need to do on windows to access hadoop webadmin page?

 

thank you!

Ben


Powered by Jetty://

 

Contributor
Posts: 31
Registered: ‎06-26-2015

Re: Kerberos authentication from windows machine?

to answer my own question

 

I need to run this on windows cmd

 

ksetup /addkdc <REALM> <KDC hostname>
ksetup /addhosttorealmmap <httpFS hostname> <REALM>

 

and set SPNEGO settings on browser

Master
Posts: 326
Registered: ‎07-01-2015

Re: Kerberos authentication from windows machine?

I tried the same, run the ksetup but didnt helped.
My computer is not in the AD, the KDC is dedicated to the Hadoop cluster and I try to log into the Solr Web UI.. Using curl from ANY node of the Hadoop cluster works fine, if the user has a ticket. But usiung Chrome or IE fails on Defective tokend detected.

Contributor
Posts: 31
Registered: ‎06-26-2015

Re: Kerberos authentication from windows machine?

what's the error msg after "Defective tokend detected"?

 

also make sure all of your Cloudera server has correct /etc/krb5.conf file defined.

Expert Contributor
Posts: 68
Registered: ‎10-04-2016

Re: Kerberos authentication from windows machine?

Same thing happened to me. Used curl on edge node without any issue.

Explorer
Posts: 10
Registered: ‎06-05-2018

Re: Kerberos authentication from windows machine?

Hi Ben,

 

I too have similar error from Error 403. So when i tried to add kdc using ksetup from command prompt from my windows machine. Am getting this error 

 

Failed to create Kerberos key: 5 (0x5)
Failed to open Kerberos Key: 0x5
Failed /AddKdc : 0xc0000001

 

Thanks

 

 

Highlighted
Explorer
Posts: 10
Registered: ‎06-05-2018

Re: Kerberos authentication from windows machine?

Now i could add the KDC to windows. It worked for me. 

 

Thanks

Champion
Posts: 746
Registered: ‎05-16-2016

Re: Kerberos authentication from windows machine?

You should have MIT client to be installed in the windows 

Explorer
Posts: 10
Registered: ‎06-05-2018

Re: Kerberos authentication from windows machine?

No not required, I didn't install MIT client to my widows machine.  It worked for me by adding kerberos realm name and hostname parameteres in the CMD prompt.

Explorer
Posts: 10
Registered: ‎06-05-2018

Re: Kerberos authentication from windows machine?

By just doing the below has resolved my issue.

 

I need to run this on windows cmd

 

ksetup /addkdc <REALM> <KDC hostname>
ksetup /addhosttorealmmap <httpFS hostname> <REALM>

 

and set SPNEGO settings on browser

Announcements