https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321475#M228418 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/44519">@enirys</a>&nbsp;Free ipa with Ambari 2.6.x&nbsp; is not supported, Free ipa is supported from Ambari 2.7.x onwards</P><P>&nbsp;</P><P>&nbsp;</P> Sat, 24 Jul 2021 14:19:52 GMT Scharan 2021-07-24T14:19:52Z https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321442#M228401 <P>From ambari webui (Admin -&gt; Kerberos -&gt; Regenerate Keytabs) when i try to regenerate keytabs it fails on <STRONG>Create Principals</STRONG> step with the following error message</P><LI-CODE lang="markup">2021-07-22 17:39:06,690 - Failed to create principal, HTTP/cnode28.26f5de01-5e40-4d8a-98bd-a4353b7bf5e3.datalake@26F5DE01-5E40-4D8A-98BD-A4353B7BF5E3.DATALAKE - Failed to create service principal for HTTP/cnode28.26f5de01-5e40-4d8a-98bd-a4353b7bf5e3.datalake@26F5DE01-5E40-4D8A-98BD-A4353B7BF5E3.DATALAKE STDOUT: STDERR: ipa: ERROR: service with name "HTTP/cnode28.26f5de01-5e40-4d8a-98bd-a4353b7bf5e3.datalake@26F5DE01-5E40-4D8A-98BD-A4353B7BF5E3.DATALAKE" already exists</LI-CODE><P>Bellow ambari kerberos config:</P><LI-CODE lang="markup">authentication.kerberos.auth_to_local.rules=DEFAULT authentication.kerberos.enabled=true authentication.kerberos.spnego.keytab.file=/etc/security/keytabs/spnego.service.keytab authentication.kerberos.spnego.principal=HTTP/enode6.26f5de01-5e40-4d8a-98bd-a4353b7bf5e3.datalake authentication.kerberos.user.types=LDAP</LI-CODE><P>Thanks in advance for your help</P> Fri, 23 Jul 2021 13:26:50 GMT https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321442#M228401 enirys 2021-07-23T13:26:50Z https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321446#M228403 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/44519">@enirys</a>&nbsp;</P><P>Follow the below steps on ambari db</P><P>1. Take ambari DB backup</P><P>2. Execute the below mentioned SQL commands on ambari DB&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup"># DELETE FROM ambari.kkp_mapping_service where kkp_id in (select kkp_id from ambari.kerberos_keytab_principal where principal_name = 'HTTP/cnode28.26f5de01-5e40-4d8a-98bd-a4353b7bf5e3.datalake@26F5DE01-5E40-4D8A-98BD-A4353B7BF5E3.DATALAKE'); # DELETE FROM kerberos_keytab_principal WHERE principal_name='HTTP/cnode28.26f5de01-5e40-4d8a-98bd-a4353b7bf5e3.datalake@26F5DE01-5E40-4D8A-98BD-A4353B7BF5E3.DATALAKE'; # DELETE FROM kerberos_principal WHERE principal_name='HTTP/cnode28.26f5de01-5e40-4d8a-98bd-a4353b7bf5e3.datalake@26F5DE01-5E40-4D8A-98BD-A4353B7BF5E3.DATALAKE';</LI-CODE><P>&nbsp;3. After executing above command restart ambari server and regenerate the keytabs</P> Fri, 23 Jul 2021 14:09:56 GMT https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321446#M228403 Scharan 2021-07-23T14:09:56Z https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321458#M228408 <P>Hi <a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/35149">@Scharan</a>&nbsp;</P><P>thanks for your feedback, but i don't have kkp_mapping_service and kerberos_keytab_principal tables but only kerberos_principal and kerberos_principal_host</P> Fri, 23 Jul 2021 16:25:44 GMT https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321458#M228408 enirys 2021-07-23T16:25:44Z https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321472#M228416 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/44519">@enirys</a>&nbsp;In Ambari 2.7.x below tables should exists whether your cluster is kerberized or not</P><P>&nbsp;</P><P>Can you check and confirm does below table exists in Ambari DB</P><P>&nbsp;</P><LI-CODE lang="markup">kerberos_descriptor kerberos_keytab kerberos_keytab_principal kerberos_principal key_value_store kkp_mapping_service</LI-CODE><P>&nbsp;</P> Sat, 24 Jul 2021 06:08:52 GMT https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321472#M228416 Scharan 2021-07-24T06:08:52Z https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321474#M228417 <P>hi <a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/35149">@Scharan</a>&nbsp;</P><P>My ambari version is <STRONG>2.6.2.2</STRONG></P><P>&nbsp;</P><P>i have only these tables</P><LI-CODE lang="markup">kerberos_descriptor kerberos_principal key_value_store</LI-CODE><P>&nbsp;Other tables doesn't exists</P><LI-CODE lang="markup">kerberos_keytab kerberos_keytab_principal kkp_mapping_service</LI-CODE><P>&nbsp;</P> Sat, 24 Jul 2021 13:14:35 GMT https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321474#M228417 enirys 2021-07-24T13:14:35Z https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321475#M228418 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/44519">@enirys</a>&nbsp;Free ipa with Ambari 2.6.x&nbsp; is not supported, Free ipa is supported from Ambari 2.7.x onwards</P><P>&nbsp;</P><P>&nbsp;</P> Sat, 24 Jul 2021 14:19:52 GMT https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321475#M228418 Scharan 2021-07-24T14:19:52Z https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321553#M228441 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/35149">@Scharan</a>&nbsp;</P><P>&nbsp;</P><P>I don't think the issue is related to ambari version, we have an integration cluster with similar configuration (Amabari 2.6.2.2 and freeipa) and keytab regeneration is working fine.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="enirys_0-1627289021462.png" style="width: 400px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/31964i3E81D852141346BB/image-size/medium?v=v2&amp;px=400" role="button" title="enirys_0-1627289021462.png" alt="enirys_0-1627289021462.png" /></span></P><P>&nbsp;</P> Mon, 26 Jul 2021 08:45:39 GMT https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321553#M228441 enirys 2021-07-26T08:45:39Z https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321574#M228454 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/44519">@enirys</a>&nbsp;</P><P>Can you once remove the problematic kerberos principal from FreeIPA and then try and regenerate the&nbsp;kerberos keytabs</P><PRE> ipa-rmkeytab [ <STRONG>-p</STRONG> principal-name ] [ <STRONG>-k</STRONG> keytab-file ] [ <STRONG>-r</STRONG> realm ] [ <STRONG>-d</STRONG> ]</PRE><P>&nbsp;</P> Mon, 26 Jul 2021 13:07:44 GMT https://community.cloudera.com/t5/Support-Questions/Failed-to-regenerate-kerberos-keytabs/m-p/321574#M228454 jAnshula 2021-07-26T13:07:44Z