07-15-2015 02:48 PM - last edited on 11-08-2016 08:05 AM by cjervis
After some work I finished setting up Cloudera + MIT Kerberos + Windows AD.
from linux machine, I'm able to run "kinit ben@WIN-REALM" and then access hadoop or visit namenode webadmin. Of course I did configure SPNEGO on the web browser.
However, after logging in to my windows machine, which authenticate through windows AD, I can't access namenode webadmin which is at http://namenode:50070.
I tried running kinit from CMD but nothing changes.
this is what i get when i visit namenode webadmin.
HTTP ERROR 403
Problem accessing /index.html. Reason:
GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
what extra configuration do i need to do on windows to access hadoop webadmin page?
Powered by Jetty://
09-22-2015 09:29 AM
to answer my own question
I need to run this on windows cmd
ksetup /addkdc <REALM> <KDC hostname>
ksetup /addhosttorealmmap <httpFS hostname> <REALM>
and set SPNEGO settings on browser
04-26-2016 01:18 AM
I tried the same, run the ksetup but didnt helped.
My computer is not in the AD, the KDC is dedicated to the Hadoop cluster and I try to log into the Solr Web UI.. Using curl from ANY node of the Hadoop cluster works fine, if the user has a ticket. But usiung Chrome or IE fails on Defective tokend detected.
06-05-2018 04:11 PM
I too have similar error from Error 403. So when i tried to add kdc using ksetup from command prompt from my windows machine. Am getting this error
Failed to create Kerberos key: 5 (0x5)
Failed to open Kerberos Key: 0x5
Failed /AddKdc : 0xc0000001