Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Configuring Ambari and Hadoop for Kerberos using AD as the KDC - Video

avatar
author-rank mthiele1
Contributor

Created on ‎02-09-2017 07:19 PM

https://youtu.be/-HMyEpDJeGg

Configuring Ambari 2.4.2 and HDP 2.5 for Kerberos using AD as the KDC

Add bonus coverage of adding a new datanode to a HDP cluster that is secured.

There are empty OUs created in AD to store hadoop principals/hadoop nodes (HadoopServices)

Hadoopadmin user has administrative credentials with delegated control of "Create, delete, and manage user accounts" on above OU

Delegate OU permissions to hadoopadmin for OU=HadoopServices. In 'Active Directory Users and Computers' app:

right click HadoopServices

Delegate Control

Next

Add

hadoopadmin

checknames

OK

Select "Create, delete, and manage user accounts"

OK

KDC:

KDC host: ad01.prod.hortonworks.net

Realm name: PROD.HORTONWORKS.NET

LDAP url: ldaps://ad01.prod.hortonworks.net

Container DN: OU=HadoopServices,DC=prod,DC=hortonworks,DC=net

Domains: prod.hortonworks.net

Kadmin:

Kadmin host: ad01.prod.hortonworks.net

Admin principal: hadoopadmin@PROD.HORTONWORKS.NET

Admin password: xxxxxx

6,473 Views
Comments

Re: Configuring Ambari and Hadoop for Kerberos using AD as the KDC - Video

avatar
author-rank rlevas
Guru

Created on ‎02-09-2017 07:46 PM

@mthiele Your video is great. I really like the way we can see what is going on in with Ambari, the hosts, and the Active Directory. This is a great addition to the documentation.

Re: Configuring Ambari and Hadoop for Kerberos using AD as the KDC - Video

avatar
author-rank Manjunath
Explorer

Created on ‎02-28-2019 05:05 AM

Hi @mthiele,

One quick question: Does ambari server and all other datanodes will have krb5.conf file by default? or it will be available under /etc folder only after we enabling kerberos via ambari?

Because when I see in our prod env. krb5.file is available even though we did not enable.

If yes, after Configuring KDC in Ambari does it change the conf for all nodes?

Regards,

Manjunath P N

Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements
Version history
Last update:
‎02-09-2017 07:19 PM
Updated by:
Contributor
Contributors