Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

AD Trust with multiple domains

AD Trust with multiple domains

Expert Contributor



We have two AD domains for users and a new domain for each cluster( we have 21 clusters) as below.


dev: dev.SUK.PRE.CORP

pre: pre.SUK.PRE.CORP

prod: SUK.CORP


test: prepuk.puk.pre.corp


As of now, we created trust between all cluster domains individually at the AD. Now we want to change this to parent level. I have configured my krb5 as belo to work with my test parent domain so that we can switch to actual domain if successful. But it always fails with no service credential. I have created krbtgt and the AD has created the trust as well. Am i missing anything??


default_realm = DEV.SUK.PRE.CORP
dns_lookup_kdc = true
dns_lookup_realm = true
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts aes128-cts aes256-cts-hmac-sha1-96
default_tkt_enctypes = aes256-cts aes128-cts aes256-cts-hmac-sha1-96
permitted_enctypes = aes256-cts aes128-cts aes256-cts-hmac-sha1-96
udp_preference_limit = 1
kdc_timeout = 2000


kdc =
kdc =
kdc =
admin_server =
default_domain = prepuk.puk.pre.corp



.prepuk.puk.pre.corp = DEV.SUK.PRE.CORP
prepuk.puk.pre.corp = DEV.SUK.PRE.CORP



Re: AD Trust with multiple domains

Expert Contributor
Ofcourse i did add the kdc of prepuk.puk.pre.corp in conf file. Its not pasted here for security reasons.
Don't have an account?
Coming from Hortonworks? Activate your account here