https://community.cloudera.com/t5/Archives-of-Support-Questions/AD-Users-Stop-Working-After-Kerberos-and-SSSD-Setup/m-p/96182#M9603 <P>I was finally able to resolve it. Somehow the DN for the LDAP Manager changed. </P><P>Was:</P><PRE>CN=adadmin,OU=MyUsers,DC=AD-HDP,DC=COM </PRE><P>Now:</P><PRE>CN=adadmin,DC=AD-HDP,DC=COM </PRE><P>Appreciate the hint their Paul. </P> Thu, 29 Oct 2015 10:19:19 GMT rgarcia 2015-10-29T10:19:19Z https://community.cloudera.com/t5/Archives-of-Support-Questions/AD-Users-Stop-Working-After-Kerberos-and-SSSD-Setup/m-p/96179#M9600 <P>I have configured Ambari to integrate with AD and all users was able to login to Ambari UI. After kerberizing the cluster and adding SSSD setup with AD, setting up SPNEGO, the AD Users no longer can login to Ambari UI. </P><P>Here's the error I'm getting /var/log/ambari-server/ambari-server.log:</P><PRE>28 Oct 2015 22:51:17,655 INFO [qtp-client-24] FilterBasedLdapUserSearch:89 - SearchBase not set. Searches will be performed from the root: ou=Rommel_Garcia_Accounts,dc=AD-HDP,dc=COM 28 Oct 2015 22:51:17,660 WARN [qtp-client-24] AmbariLdapAuthenticationProvider:71 - Looks like LDAP manager credentials (that are used for connecting to LDAP server) are invalid. org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580^@]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580^@ ............. Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580^@]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580^@] </PRE> Thu, 29 Oct 2015 09:57:45 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/AD-Users-Stop-Working-After-Kerberos-and-SSSD-Setup/m-p/96179#M9600 rgarcia 2015-10-29T09:57:45Z https://community.cloudera.com/t5/Archives-of-Support-Questions/AD-Users-Stop-Working-After-Kerberos-and-SSSD-Setup/m-p/96180#M9601 <P>@rgarcia@hortonworks.com</P><P>Could you check this?</P><P><STRONG>Looks like LDAP manager credentials (that are used for connecting to LDAP server) are invalid.</STRONG></P> Thu, 29 Oct 2015 10:05:15 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/AD-Users-Stop-Working-After-Kerberos-and-SSSD-Setup/m-p/96180#M9601 nsabharwal 2015-10-29T10:05:15Z https://community.cloudera.com/t5/Archives-of-Support-Questions/AD-Users-Stop-Working-After-Kerberos-and-SSSD-Setup/m-p/96181#M9602 <P><A rel="user" href="https://community.cloudera.com/users/112/rgarcia.html" nodeid="112">@rgarcia@hortonworks.com</A> - that error code and 52e indicate that the bind credentials that you have given Ambari are no longer valid. We're trying to authenticate ourselves to AD to do a search, and we use the Manager DN and password for that authentication. I would re-check those credentials and if necessary update the Ambari Server with the credentials by editing the configuration, or re-running ambari-server setup-ldap with the updated credentials.</P> Thu, 29 Oct 2015 10:08:11 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/AD-Users-Stop-Working-After-Kerberos-and-SSSD-Setup/m-p/96181#M9602 pcodding 2015-10-29T10:08:11Z https://community.cloudera.com/t5/Archives-of-Support-Questions/AD-Users-Stop-Working-After-Kerberos-and-SSSD-Setup/m-p/96182#M9603 <P>I was finally able to resolve it. Somehow the DN for the LDAP Manager changed. </P><P>Was:</P><PRE>CN=adadmin,OU=MyUsers,DC=AD-HDP,DC=COM </PRE><P>Now:</P><PRE>CN=adadmin,DC=AD-HDP,DC=COM </PRE><P>Appreciate the hint their Paul. </P> Thu, 29 Oct 2015 10:19:19 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/AD-Users-Stop-Working-After-Kerberos-and-SSSD-Setup/m-p/96182#M9603 rgarcia 2015-10-29T10:19:19Z