Reply
New Contributor
Posts: 4
Registered: ‎12-02-2016
Accepted Solution

Generate keytabs after change LDAP BIND USER password in LDAP

[ Edited ]

Hi,

 

We changed the password in the domain, and then in the cloudera manager.

But after restart, regenerate keytabs doesn't run. We have the next error:

---------------------------------------------------------------------------
Generate Missing Credentials

/usr/share/cmf/bin/gen_credentials_ad.sh failed with exit code 1 and output of <<
+ export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ KEYTAB_OUT=/var/run/cloudera-scm-server/cmf6374473708191204515.keytab
+ PRINC=hbase/server0004.company.corp@.COMPANY.CORP
+ USER=edh_zyUDoxOiFI
+ PASSWD=REDACTED
+ DELETE_ON_REGENERATE=false
+ SET_ENCRYPTION_TYPES=false
+ ENC_TYPES_MASK=4
+ USERACCOUNTCONTROL=66048
+ ACCOUNTEXPIRES=0
+ OBJECTCLASSES='objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
'
+ DIST_NAME=CN=edh_zyUDoxOiFI,OU=services,OU=users,OU=edh,OU=hadoop,DC=company,DC=corp
+ '[' -z /etc/krb5.conf ']'
+ echo 'Using custom config path '\''/etc/krb5.conf'\'', contents below:'
+ cat /etc/krb5.conf
+ SIMPLE_PWD_STR=
+ '[' '' = '' ']'
+ kinit -k -t /var/run/cloudera-scm-server/cmf1000316718995056834.keytab U12345@COMPANY.CORP
kinit: Preauthentication failed while getting initial credentials

>>

---------------------------------------------------------------------------

 

please, could you help us?

 

Highlighted
New Contributor
Posts: 4
Registered: ‎12-02-2016

Re: Generate keytabs after change LDAP BIND USER password in LDAP

Hi, we could solve it. We only had to "Import Kerberos Account Manager Credentials".

 

Thanks.