Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Admin session expiration error Invalid KDC administrator credentials

Admin session expiration error Invalid KDC administrator credentials

New Contributor

Hi,

I'm trying to kerberos HDP3, installed on CentOS 7, in the "Enable Kerberos" wizard, I got a repetitive dialogue box asking for re-entring the KDC admin credentials with the following message:

"Invalid KDC administrator credentials. Please enter admin principal and password."

Appreciate your support

@GEOFFREY SHELTON OKOT

10 REPLIES 10

Re: Admin session expiration error Invalid KDC administrator credentials

Super Mentor

@Mahmoud Sabri

Which version of Ambari Server are you using?

Can you please share the ambari-server.log when you noticed the error?

Also please make sure that you have the following kind of Principal Created on the KDC side:

# kadmin.local -q "addprinc kadmin/<KADMIN_FQDN>@<REALM.COM>

.

For more information on the above principal addition please refer to: https://community.hortonworks.com/content/supportkb/230921/error-bad-request-received-invalid-kdc-ad...

Re: Admin session expiration error Invalid KDC administrator credentials

New Contributor

Hi @Jay Kumar SenSharma,

Thanks for your response. I've Ambari 2.7.0.0ambari-server.zip

I've noticed this issue once I've started in kerberizing the cluster using Ambari Kerberos wizard.

I've attached the "ambari-server.log" since the issue started.

I ran the principal create command that you mentioned as well.

Re: Admin session expiration error Invalid KDC administrator credentials

Super Mentor
@Mahmoud Sabri

While running the command have you replaced the "KADMIN_FQDN" and REALM.COM values according to your cluster.

Example:

# kadmin.local -q "addprinc kadmin/kadminhost.example.com@EXAMPLE.COM

.

Also can you please share the output of the "listprinc" command to verify if you have the kadmin principal created properly.

# kadmin.local: listprincs

.

Highlighted

Re: Admin session expiration error Invalid KDC administrator credentials

New Contributor

I've made slight changes on names for privacy reason:

the output for the "listprincs" is:

kadmin.local: listprincs

K/M@myDN

admin/myFQDN@myDN

admin/admin@myDN

kadmin/myFQDN@myDN

kadmin/admin@myDN

kadmin/changepw@myDN

kadmin/myFQDN@myDN

kiprop/myFQDN@myDN

krbtgt/myDN@myDN

root/myFQDN@myDN

root/admin@myDN

Re: Admin session expiration error Invalid KDC administrator credentials

Super Mentor

@Mahmoud Sabri


From Ambari Server host can you please try checking if you are able to run the kinit command something like following with the "kadmin/FQDN/REALM" principal?

# kinit -S kadmin/KADMIN_FQDN admin/admin@EXAMPLE.COM


Please replace the "KADMIN_FQDN" with your kadmin fqdn and the "EXAMPLE.COM" with your realm name in Upper case.

Re: Admin session expiration error Invalid KDC administrator credentials

New Contributor

it went without errors:

# kinit -S admin/myFQDN admin/admin@myDN

Password for admin/admin@myDN:

Re: Admin session expiration error Invalid KDC administrator credentials

Super Mentor

@Mahmoud Sabri

with flag "-S" please use the "kadmin" principal instead of "admin/myFQDN" principal.

# kinit -S kadmin/myFQDN admin/admin@myDN

Re: Admin session expiration error Invalid KDC administrator credentials

New Contributor

went OK as well.

Re: Admin session expiration error Invalid KDC administrator credentials

New Contributor

I've made slight changes on names for privacy reason:

the output for the "listprincs" is:

kadmin.local: listprincs

K/M@myDN

admin/myFQDN@myDN

admin/admin@myDN

kadmin/myFQDN@myDN

kadmin/admin@myDN

kadmin/changepw@myDN

kadmin/myFQDN@myDN

kiprop/myFQDN@myDN

krbtgt/myDN@myDN

root/myFQDN@myDN

root/admin@myDN

Don't have an account?
Coming from Hortonworks? Activate your account here