https://community.cloudera.com/t5/Archives-of-Support-Questions/Import-KDC-Account-Manager-Credentials-Command-failed/m-p/48541#M48807 <P>I worked around this by using this enctype in the wizard.</P><P>&nbsp;</P><PRE>default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 rc4-hmac default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 rc4-hmac permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 rc4-hmac</PRE><P>&nbsp;</P><P>&nbsp;</P><P>Curiously I had rc4-hmac in my /etc/krb5.conf and also on the KDC server but for whatever reason it didn't seem to be working. Switching to the above encryption type solved my issue with the wizard.</P> Wed, 14 Dec 2016 18:28:19 GMT slmingol 2016-12-14T18:28:19Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Import-KDC-Account-Manager-Credentials-Command-failed/m-p/48519#M48806 <P>I'm attempting to install CDH 5.9 and enable Kerberos but am getting the following error when going through the Kerberos wizard.</P><P>&nbsp;</P><PRE>/usr/share/cmf/bin/import_credentials.sh failed with exit code 1 and output of &lt;&lt; + export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin + PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin + KEYTAB_OUT=/var/run/cloudera-scm-server/cmf4852346331449807753.keytab + USER=cloudera-scm/admin@TD.MYDOM.COM + PASSWD=REDACTED + KVNO=1 + SLEEP=0 + RHEL_FILE=/etc/redhat-release + '[' -f /etc/redhat-release ']' + set +e + grep Tikanga /etc/redhat-release + '[' 1 -eq 0 ']' + '[' 0 -eq 0 ']' + grep 'CentOS release 5' /etc/redhat-release + '[' 1 -eq 0 ']' + '[' 0 -eq 0 ']' + grep 'Scientific Linux release 5' /etc/redhat-release + '[' 1 -eq 0 ']' + set -e + '[' -z /etc/krb5.conf ']' + echo 'Using custom config path '\''/etc/krb5.conf'\'', contents below:' + cat /etc/krb5.conf + IFS=' ' + read -a ENC_ARR + for ENC in '"${ENC_ARR[@]}"' + ktutil + echo 'addent -REDACTED -p cloudera-scm/admin@TD.MYDOM.COM -k 1 -e rc4-hmac' + '[' 0 -eq 1 ']' + echo REDACTED + echo 'wkt /var/run/cloudera-scm-server/cmf4852346331449807753.keytab' + chmod 600 /var/run/cloudera-scm-server/cmf4852346331449807753.keytab + kinit -k -t /var/run/cloudera-scm-server/cmf4852346331449807753.keytab cloudera-scm/admin@TD.MYDOM.COM kinit: Generic preauthentication failure while getting initial credentials &gt;&gt;</PRE><P>The principal cloudera-scm/admin@TD.MYDOM.COM works fine when I do this on the CM Host.</P><P>&nbsp;</P><PRE>$ kinit cloudera-scm/admin@TD.MYDOM.COM Password for cloudera-scm/admin@TD.MYDOM.COM: $ klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: cloudera-scm/admin@TD.MYDOM.COM Valid starting Expires Service principal 12/14/16 09:30:07 12/14/16 09:40:07 krbtgt/TD.MYDOM.COM@TD.MYDOM.COM renew until 12/21/16 09:30:05, Etype (skey, tkt): des3-cbc-sha1, des3-cbc-sha1</PRE> Wed, 14 Dec 2016 14:31:57 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Import-KDC-Account-Manager-Credentials-Command-failed/m-p/48519#M48806 slmingol 2016-12-14T14:31:57Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Import-KDC-Account-Manager-Credentials-Command-failed/m-p/48541#M48807 <P>I worked around this by using this enctype in the wizard.</P><P>&nbsp;</P><PRE>default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 rc4-hmac default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 rc4-hmac permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 rc4-hmac</PRE><P>&nbsp;</P><P>&nbsp;</P><P>Curiously I had rc4-hmac in my /etc/krb5.conf and also on the KDC server but for whatever reason it didn't seem to be working. Switching to the above encryption type solved my issue with the wizard.</P> Wed, 14 Dec 2016 18:28:19 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Import-KDC-Account-Manager-Credentials-Command-failed/m-p/48541#M48807 slmingol 2016-12-14T18:28:19Z