Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Ambari AD Sync Not Working

Labels:
avatar
author-rank bkandalkar
Contributor

Created ‎08-16-2018 01:48 PM

Hi All,

While trying to sync users in Ambari with AD getting following exception:

[root@ip-172-10-31-216 keytabs]# ambari-server setup-ldap

Using python  /usr/bin/python

Setting up LDAP properties...

Primary URL* {host:port} (172.10.138.164:389):

Secondary URL {host:port} :

Use SSL* [true/false] (false):

User object class* (person):

User name attribute* (sAMAccountName):

Group object class* (group):

Group name attribute* (cn):

Group member attribute* (member):

Distinguished name attribute* (distinguishedName):

Base DN* (ou=usercn,dc=testad,dc=com):

Referral method [follow/ignore] :

Bind anonymously* [true/false] (false):

Handling behavior for username collisions [convert/skip] for LDAP sync* (convert):

Manager DN* (cn=testhdp,ou=admincn,ou=testad,dc=com):

Enter Manager Password* :

Re-enter password:

====================


Review Settings

====================

authentication.ldap.managerDn: cn=testhdp,ou=admincn,ou=testad,dc=com

authentication.ldap.managerPassword: *****

Save settings [y/n] (y)? y

Saving...done

Ambari Server 'setup-ldap' completed successfully.




[root@ip-172-10-31-216 keytabs]# service ambari-server restart

Using python  /usr/bin/python

Restarting ambari-server

Waiting for server stop...

Ambari Server stopped

Ambari Server running with administrator privileges.

Organizing resource files at /var/lib/ambari-server/resources...

Ambari database consistency check started...

Server PID at: /var/run/ambari-server/ambari-server.pid

Server out at: /var/log/ambari-server/ambari-server.out

Server log at: /var/log/ambari-server/ambari-server.log

Waiting for server start................

Server started listening on 8080

DB configs consistency check: no errors and warnings were found.




[root@ip-172-10-31-216 keytabs]# ambari-server sync-ldap --all

Using python  /usr/bin/python

Syncing with LDAP...

Enter Ambari Admin login: admin

Enter Ambari Admin password:

Syncing all...ERROR: Exiting with exit code 1.

REASON: Caught exception running LDAP sync. [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]

[root@ip-172-10-31-216 keytabs]#

How to resolve it?

Attached AD scrreshots ad1.png ad2.png

Please suggest.

Thanks,

Bhushan

2,617 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank JonathanSneep
Guru

Created ‎08-16-2018 01:59 PM

@Bhushan Kandalkar 

AcceptSecurityContext error, data 52e, v2580

52e means invalid credentials.
This is most likely down to a bad pass for the bind dn account, or perhaps the bind account you're using is locked.

View solution in original post

2,427 Views
0 Kudos
5 REPLIES 5

avatar
author-rank JonathanSneep
Guru

Created ‎08-16-2018 01:59 PM

@Bhushan Kandalkar 

AcceptSecurityContext error, data 52e, v2580

52e means invalid credentials.
This is most likely down to a bad pass for the bind dn account, or perhaps the bind account you're using is locked.

2,428 Views
0 Kudos

avatar
author-rank bkandalkar
Contributor

Created ‎08-16-2018 02:02 PM

@Jonathan Sneep

I think my bind dn is correct. Could you please let me know whats correct dn value?

Attached screenshot. How to check whether bind account is locked or not?

2,427 Views
0 Kudos

avatar
author-rank JonathanSneep
Guru

Created ‎08-16-2018 02:14 PM

You should be able to run from cli "dsquery user -name testhdp" to verify that you definitely have the right dn.
52e definitely points to the credentials, make sure you get the dn right, check that the account is not locked by opening its properties in AD and ensure you got the password for the account right when running setup-ldap initially.

2,427 Views
0 Kudos

avatar
author-rank bkandalkar
Contributor

Created ‎08-17-2018 01:01 PM

Thanks @Jonathan Sneep.

2,427 Views
0 Kudos

avatar
author-rank rtheron author-rank
Rising Star

Created ‎08-17-2018 05:35 PM

I've had success in the past by first using all the ambari required details to run an ldapsearch query in terminal, do this from the host where you are configuring ambari, if there are any issues with the credentials or any of the configuration parameters, the ldapsearch query should highlight these (openldap utilities need to be installed to access ldapsearch)

Here's some ldapsearch examples:

ldapsearch

2,427 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements