Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

rest api via knox only admin can access

Labels:
avatar
author-rank sen_ke
New Member

Created ‎10-13-2017 06:00 AM

Hi All:

when curl via knox i only can use admin (-u admin:admin-password) to access and can't use other account or will reply :

HTTP/1.1 401 Unauthorized Date: Fri, 13 Oct 2017 05:45:38 GMT Set-Cookie: rememberMe=deleteMe; Path=/gateway/default; Max-Age=0; Expires=Thu, 12-Oct-2017 05:45:38 GMT WWW-Authenticate: BASIC realm="application" Content-Length: 0 Server: Jetty(9.2.15.v20160210)

my command:

curl -i -k -u user1:Hadoop -X PUT 'https://knoxHost:8443/gateway/default/webhdfs/v1/user1/senfile1?op=CREATE'

folder permission:

drwxr-xr-x - user1 hdfs 0 2017-10-05 11:08 /user1

Knox users-ldif:

# entry for user1

dn: uid=user1,ou=people,dc=hadoop,dc=apache,dc=org objectclass:top objectclass:person objectclass:organizationalPerson objectclass:inetOrgPerson cn: user1 sn: user1 uid: user1 userPassword:Hadoop

Ranger (Sync Source is Unix) HDFS config: add user1 to default all-path policy

Ranger knox config: add user1 to default all-topology, service policy

if any wrong in my config?

3,272 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank sen_ke
New Member

Created ‎10-16-2017 02:00 AM

oh! i think i solved this problem,

after add user1, i restart knox all service, and start DEMO LDAP, and DEMO LDAP looks no restart,

so i stop DEMO LDAP then restart again, it's worked!

thanks @Aditya Sirna

View solution in original post

3,093 Views
3 REPLIES 3

avatar
author-rank asirna
Super Guru

Created ‎10-13-2017 12:29 PM

@Sen Ke,

Can you please attach the gateway.log (/var/log/knox/gateway.log)

3,093 Views
0 Kudos

avatar
author-rank sen_ke
New Member

Created ‎10-16-2017 01:44 AM

@Aditya Sirna

2017-10-16 09:40:15,499 INFO hadoop.gateway (KnoxLdapRealm.java:getUserDn(691)) - Computed userDn: uid=user1,ou=people,dc=hadoop,dc=apache,dc=org using dnTemplate for principal: user1

2017-10-16 09:40:15,509 INFO hadoop.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(203)) - Could not login: org.apache.shiro.authc.UsernamePasswordToken - user1, rememberMe=false (10.243.91.58)

2017-10-16 09:40:15,509 ERROR hadoop.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(205)) - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=user1,ou=people,dc=hadoop,dc=apache,dc=org]

3,093 Views
0 Kudos

avatar
author-rank sen_ke
New Member

Created ‎10-16-2017 02:00 AM

oh! i think i solved this problem,

after add user1, i restart knox all service, and start DEMO LDAP, and DEMO LDAP looks no restart,

so i stop DEMO LDAP then restart again, it's worked!

thanks @Aditya Sirna

3,094 Views
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements