Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
New Contributor

https://youtu.be/-HMyEpDJeGg

Configuring Ambari 2.4.2 and HDP 2.5 for Kerberos using AD as the KDC

Add bonus coverage of adding a new datanode to a HDP cluster that is secured.

There are empty OUs created in AD to store hadoop principals/hadoop nodes (HadoopServices)

Hadoopadmin user has administrative credentials with delegated control of "Create, delete, and manage user accounts" on above OU

Delegate OU permissions to hadoopadmin for OU=HadoopServices. In 'Active Directory Users and Computers' app:

right click HadoopServices

Delegate Control

Next

Add

hadoopadmin

checknames

OK

Select "Create, delete, and manage user accounts"

OK

KDC:

KDC host: ad01.prod.hortonworks.net

Realm name: PROD.HORTONWORKS.NET

LDAP url: ldaps://ad01.prod.hortonworks.net

Container DN: OU=HadoopServices,DC=prod,DC=hortonworks,DC=net

Domains: prod.hortonworks.net

Kadmin:

Kadmin host: ad01.prod.hortonworks.net

Admin principal: hadoopadmin@PROD.HORTONWORKS.NET

Admin password: xxxxxx

3,767 Views
Comments

@mthiele Your video is great. I really like the way we can see what is going on in with Ambari, the hosts, and the Active Directory. This is a great addition to the documentation.

Explorer

Hi @mthiele,

One quick question: Does ambari server and all other datanodes will have krb5.conf file by default? or it will be available under /etc folder only after we enabling kerberos via ambari?

Because when I see in our prod env. krb5.file is available even though we did not enable.

If yes, after Configuring KDC in Ambari does it change the conf for all nodes?

Regards,

Manjunath P N

Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎02-09-2017 07:19 PM
Updated by:
 
Contributors
Top Kudoed Authors