Community Articles

Find and share helpful community-sourced technical articles.
avatar
Contributor

https://youtu.be/-HMyEpDJeGg

Configuring Ambari 2.4.2 and HDP 2.5 for Kerberos using AD as the KDC

Add bonus coverage of adding a new datanode to a HDP cluster that is secured.

There are empty OUs created in AD to store hadoop principals/hadoop nodes (HadoopServices)

Hadoopadmin user has administrative credentials with delegated control of "Create, delete, and manage user accounts" on above OU

Delegate OU permissions to hadoopadmin for OU=HadoopServices. In 'Active Directory Users and Computers' app:

right click HadoopServices

Delegate Control

Next

Add

hadoopadmin

checknames

OK

Select "Create, delete, and manage user accounts"

OK

KDC:

KDC host: ad01.prod.hortonworks.net

Realm name: PROD.HORTONWORKS.NET

LDAP url: ldaps://ad01.prod.hortonworks.net

Container DN: OU=HadoopServices,DC=prod,DC=hortonworks,DC=net

Domains: prod.hortonworks.net

Kadmin:

Kadmin host: ad01.prod.hortonworks.net

Admin principal: hadoopadmin@PROD.HORTONWORKS.NET

Admin password: xxxxxx

6,476 Views
Comments

@mthiele Your video is great. I really like the way we can see what is going on in with Ambari, the hosts, and the Active Directory. This is a great addition to the documentation.

Hi @mthiele,

One quick question: Does ambari server and all other datanodes will have krb5.conf file by default? or it will be available under /etc folder only after we enabling kerberos via ambari?

Because when I see in our prod env. krb5.file is available even though we did not enable.

If yes, after Configuring KDC in Ambari does it change the conf for all nodes?

Regards,

Manjunath P N