Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

Accessing HDP web UI from Windows PC causes "GSSHeader did not find the right tag" after enabling http authentication.

Labels:
sachinsga_com
Explorer

Created ‎09-05-2017 03:38 PM

Hadoop version: 2.7.3.2.5.3.0-37

ambari version: 2.5.0

The hadoop cluster is kerberized. I have enabled http authentication in HDFS service configuration using ambari using the below link

https://docs.hortonworks.com/HDPDocuments/Ambari-2.5.1.0/bk_ambari-security/content/configuring_http...

and now I am trying to access the resource manager using a windows machine. First it asks for username and password and when I give the yarn principal and password it throws below:

GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
3,120 Views
0 Kudos
4 REPLIES 4

jknulst
Super Collaborator

Created ‎09-06-2017 08:09 PM

Hi Sachin,

In order to make this work you need to do a few things:

1. Have a Kerberos Windows client and configure it on your Windows machine

Reference: http://hortonworks.com/wp-content/uploads/2014/05/Product-Guide-HDP-2.1-v1.01.pdf Appendix A.

2. Kinit with this local Windows Kerberos client

3. Setup your browser to forward the ticket through your browser to the Kerberos secured UI (this technique is called SPNEGO or NTLM for IExplorer)

Leads on how to set up your browser can be found here :

https://ping.force.com/Support/PingFederate/Integrations/How-to-configure-supported-browsers-for-Ker...

It is easiest in Firefox.

1,615 Views
0 Kudos

sachinsga_com
Explorer

Created ‎09-07-2017 06:18 AM

Hey @Jasper, I have tried all these solutions and enabled firefox as suggested in the blogs but none of these seems to be working for me. I keep on getting the same problem.

Can you please suggest me some other points which might work.

1,615 Views
0 Kudos

jknulst
Super Collaborator

Created ‎09-07-2017 06:49 AM

@sachin gupta

What you could try, just to eliminate possible causes, is to setup SSH (Putty) as a proxy to all webUI's within the Kerberized cluster, connect Putty, setup Firefox to use the proxy, kinit locally (Windows) and try again.

I can't help you much with the Windows Kerberos client cause I am on Mac. Check for ways to verify if the kinit was really successful.

You could also use curl on Windows ( curl --negotiate -u: "http://address:port") to do the ticket forwarding in stead of the browser.

1,615 Views
0 Kudos

Jon_Morisi
Explorer

Created ‎04-26-2018 05:08 PM

From here: https://community.hortonworks.com/questions/2580/accessing-hdp-web-ui-from-windows-pc-causes-gsshea....

This worked for me:

"...you need to pass your realm along with the username in username field like username@<REALM>"

1,615 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
CDP Public Cloud: May 2023 Release Summary
What's New @ Cloudera
Cloudera Operational Database (COD) provides enhancements to the --scale-type CDP CLI option
What's New @ Cloudera
Cloudera Operational Database (COD) UI supports creating a smaller cluster using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports scaling up the clusters vertically
Product Announcements
CDP Public Cloud: April 2023 Release Summary
View More Announcements