Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Configuring Ambari and Hadoop for Kerberos using AD as the KDC - Video

avatar
author-rank mthiele1
Contributor

Created on ‎02-09-2017 07:19 PM

https://youtu.be/-HMyEpDJeGg

Configuring Ambari 2.4.2 and HDP 2.5 for Kerberos using AD as the KDC

Add bonus coverage of adding a new datanode to a HDP cluster that is secured.

There are empty OUs created in AD to store hadoop principals/hadoop nodes (HadoopServices)

Hadoopadmin user has administrative credentials with delegated control of "Create, delete, and manage user accounts" on above OU

Delegate OU permissions to hadoopadmin for OU=HadoopServices. In 'Active Directory Users and Computers' app:

right click HadoopServices

Delegate Control

Next

Add

hadoopadmin

checknames

OK

Select "Create, delete, and manage user accounts"

OK

KDC:

KDC host: ad01.prod.hortonworks.net

Realm name: PROD.HORTONWORKS.NET

LDAP url: ldaps://ad01.prod.hortonworks.net

Container DN: OU=HadoopServices,DC=prod,DC=hortonworks,DC=net

Domains: prod.hortonworks.net

Kadmin:

Kadmin host: ad01.prod.hortonworks.net

Admin principal: hadoopadmin@PROD.HORTONWORKS.NET

Admin password: xxxxxx

6,616 Views
Comments

Re: Configuring Ambari and Hadoop for Kerberos using AD as the KDC - Video

avatar
author-rank rlevas
Guru

Created on ‎02-09-2017 07:46 PM

@mthiele Your video is great. I really like the way we can see what is going on in with Ambari, the hosts, and the Active Directory. This is a great addition to the documentation.

Re: Configuring Ambari and Hadoop for Kerberos using AD as the KDC - Video

avatar
author-rank Manjunath
Explorer

Created on ‎02-28-2019 05:05 AM

Hi @mthiele,

One quick question: Does ambari server and all other datanodes will have krb5.conf file by default? or it will be available under /etc folder only after we enabling kerberos via ambari?

Because when I see in our prod env. krb5.file is available even though we did not enable.

If yes, after Configuring KDC in Ambari does it change the conf for all nodes?

Regards,

Manjunath P N

Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements
Version history
Last update:
‎02-09-2017 07:19 PM
Updated by:
Contributor
Contributors