https://community.cloudera.com/t5/Support-Questions/Http-Error-500-KerberosName-NoMatchingRule/m-p/195421#M157477 <P>You have multiple realms involved. I guess I missed that point somewhere.</P><P>You need to add a specific rule to translate the trusted realm, EXAMPLE.COM. So you should add the following to the rule set:</P><PRE>RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//</PRE><P>You should also have (by default, from Ambari)</P><PRE>RULE:[1:$1@$0](.*@MY.PROD.EXAMPLE.COM)s/@.*// </PRE><P>Ambari should do this for you if you set the "Additional Realms" value to contain "EXAMPLE.COM". </P><P>I am not sure if you will need to manually update the auth-to-local rules for Solr. </P> Wed, 24 Jan 2018 01:10:01 GMT rlevas 2018-01-24T01:10:01Z