https://community.cloudera.com/t5/Support-Questions/Http-Error-500-KerberosName-NoMatchingRule/m-p/195418#M157474 <PRE>RULE:[1:$1@$0](ambari-qa-cluster1@MY.PROD.EXAMPLE.COM)s/.*/ambari-qa/ RULE:[1:$1@$0](hbase-cluster1@MY.PROD.EXAMPLE.COM)s/.*/hbase/ RULE:[1:$1@$0](hdfs-cluster1@MY.PROD.EXAMPLE.COM)s/.*/hdfs/ RULE:[1:$1@$0](spark-cluster1@MY.PROD.EXAMPLE.COM)s/.*/spark/ RULE:[1:$1@$0](zeppelin-cluster1@MY.PROD.EXAMPLE.COM)s/.*/zeppelin/ RULE:[1:$1@$0](.*@MY.PROD.EXAMPLE.COM)s/@.*// RULE:[2:$1@$0](amshbase@MY.PROD.EXAMPLE.COM)s/.*/ams/ RULE:[2:$1@$0](amszk@MY.PROD.EXAMPLE.COM)s/.*/ams/ RULE:[2:$1@$0](atlas@MY.PROD.EXAMPLE.COM)s/.*/atlas/ RULE:[2:$1@$0](dn@MY.PROD.EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](falcon@MY.PROD.EXAMPLE.COM)s/.*/falcon/ RULE:[2:$1@$0](hbase@MY.PROD.EXAMPLE.COM)s/.*/hbase/ RULE:[2:$1@$0](hive@MY.PROD.EXAMPLE.COM)s/.*/hive/ RULE:[2:$1@$0](jhs@MY.PROD.EXAMPLE.COM)s/.*/mapred/ RULE:[2:$1@$0](jn@MY.PROD.EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](knox@MY.PROD.EXAMPLE.COM)s/.*/knox/ RULE:[2:$1@$0](livy@MY.PROD.EXAMPLE.COM)s/.*/livy/ RULE:[2:$1@$0](nfs@MY.PROD.EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](nm@MY.PROD.EXAMPLE.COM)s/.*/yarn/ RULE:[2:$1@$0](nn@MY.PROD.EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](oozie@MY.PROD.EXAMPLE.COM)s/.*/oozie/ RULE:[2:$1@$0](rangeradmin@MY.PROD.EXAMPLE.COM)s/.*/ranger/ RULE:[2:$1@$0](rangertagsync@MY.PROD.EXAMPLE.COM)s/.*/rangertagsync/ RULE:[2:$1@$0](rangerusersync@MY.PROD.EXAMPLE.COM)s/.*/rangerusersync/ RULE:[2:$1@$0](rm@MY.PROD.EXAMPLE.COM)s/.*/yarn/ RULE:[2:$1@$0](yarn@MY.PROD.EXAMPLE.COM)s/.*/yarn/ RULE:[1:$1@$0](infra-solr@MY.PROD.EXAMPLE.COM)s/.*/solr/ RULE:[2:$1@$0](infra-solr@MY.PROD.EXAMPLE.COM)s/.*/solr/ DEFAULT</PRE><P>I added the last two before DEFAULT (that was already there).</P><P>It is still not working.</P><P>The rule you mentionned is already there.</P><P>Please note that my user name is <EM>username@EXAMPLE.COM</EM> whereas all principals name are <EM>@MY.PROD.EXAMPLE.COM</EM></P><P><EM><BR /></EM></P><P>When I look into <STRONG>/etc/ambari-infra-solr/conf/security.json</STRONG>, I get :</P><PRE>{ "authentication": { "class": "org.apache.solr.security.KerberosPlugin" }, "authorization": { "class": "org.apache.ambari.infra.security.InfraRuleBasedAuthorizationPlugin", "user-role": { "infra-solr@MY.PROD.EXAMPLE.COM": "admin", "logsearch@MY.PROD.EXAMPLE.COM": ["logsearch_user", "ranger_admin_user", "dev"], "logfeeder@MY.PROD.EXAMPLE.COM": ["logfeeder_user", "dev"], "atlas@MY.PROD.EXAMPLE.COM": ["atlas_user", "ranger_audit_user", "dev"], "nn@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"], "hbase@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"], "hive@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"], "knox@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"], "kafka@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"], "rangerkms@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"], "storm-bdtest1@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"], "rm@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"], "nifi@MY.PROD.EXAMPLE.COM": ["ranger_audit_user", "dev"], "rangeradmin@MY.PROD.EXAMPLE.COM": ["ranger_admin_user", "ranger_audit_user", "dev"] }, "permissions": [ { "name" : "collection-admin-read", "role" :null }, { "name" : "collection-admin-edit", "role" : ["admin", "logsearch_user", "logfeeder_user", "atlas_user", "ranger_admin_user"] }, { "name":"read", "role": "dev" }, { "collection": ["hadoop_logs", "audit_logs", "history"], "role": ["admin", "logsearch_user", "logfeeder_user"], "name": "logsearch-manager", "path": "/*" }, { "collection": ["vertex_index", "edge_index", "fulltext_index"], "role": ["admin", "atlas_user"], "name": "atlas-manager", "path": "/*" }, { "collection": "ranger_audits", "role": ["admin", "ranger_admin_user", "ranger_audit_user"], "name": "ranger-manager", "path": "/*" }] } }</PRE> Tue, 23 Jan 2018 14:36:16 GMT julian_blin 2018-01-23T14:36:16Z