Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Ambari AD Sync Not Working

avatar
Contributor

Hi All,

While trying to sync users in Ambari with AD getting following exception:

[root@ip-172-10-31-216 keytabs]# ambari-server setup-ldap

Using python  /usr/bin/python

Setting up LDAP properties...

Primary URL* {host:port} (172.10.138.164:389):

Secondary URL {host:port} :

Use SSL* [true/false] (false):

User object class* (person):

User name attribute* (sAMAccountName):

Group object class* (group):

Group name attribute* (cn):

Group member attribute* (member):

Distinguished name attribute* (distinguishedName):

Base DN* (ou=usercn,dc=testad,dc=com):

Referral method [follow/ignore] :

Bind anonymously* [true/false] (false):

Handling behavior for username collisions [convert/skip] for LDAP sync* (convert):

Manager DN* (cn=testhdp,ou=admincn,ou=testad,dc=com):

Enter Manager Password* :

Re-enter password:

====================


Review Settings

====================

authentication.ldap.managerDn: cn=testhdp,ou=admincn,ou=testad,dc=com

authentication.ldap.managerPassword: *****

Save settings [y/n] (y)? y

Saving...done

Ambari Server 'setup-ldap' completed successfully.




[root@ip-172-10-31-216 keytabs]# service ambari-server restart

Using python  /usr/bin/python

Restarting ambari-server

Waiting for server stop...

Ambari Server stopped

Ambari Server running with administrator privileges.

Organizing resource files at /var/lib/ambari-server/resources...

Ambari database consistency check started...

Server PID at: /var/run/ambari-server/ambari-server.pid

Server out at: /var/log/ambari-server/ambari-server.out

Server log at: /var/log/ambari-server/ambari-server.log

Waiting for server start................

Server started listening on 8080

DB configs consistency check: no errors and warnings were found.




[root@ip-172-10-31-216 keytabs]# ambari-server sync-ldap --all

Using python  /usr/bin/python

Syncing with LDAP...

Enter Ambari Admin login: admin

Enter Ambari Admin password:

Syncing all...ERROR: Exiting with exit code 1.

REASON: Caught exception running LDAP sync. [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]

[root@ip-172-10-31-216 keytabs]#

How to resolve it?

Attached AD scrreshots ad1.png ad2.png

Please suggest.

Thanks,

Bhushan

1 ACCEPTED SOLUTION

avatar

@Bhushan Kandalkar

AcceptSecurityContext error, data 52e, v2580

52e means invalid credentials.
This is most likely down to a bad pass for the bind dn account, or perhaps the bind account you're using is locked.

View solution in original post

5 REPLIES 5

avatar

@Bhushan Kandalkar

AcceptSecurityContext error, data 52e, v2580

52e means invalid credentials.
This is most likely down to a bad pass for the bind dn account, or perhaps the bind account you're using is locked.

avatar
Contributor

@Jonathan Sneep

I think my bind dn is correct. Could you please let me know whats correct dn value?

Attached screenshot. How to check whether bind account is locked or not?

avatar

You should be able to run from cli "dsquery user -name testhdp" to verify that you definitely have the right dn.
52e definitely points to the credentials, make sure you get the dn right, check that the account is not locked by opening its properties in AD and ensure you got the password for the account right when running setup-ldap initially.

avatar
Contributor

Thanks @Jonathan Sneep.

avatar
Rising Star

I've had success in the past by first using all the ambari required details to run an ldapsearch query in terminal, do this from the host where you are configuring ambari, if there are any issues with the credentials or any of the configuration parameters, the ldapsearch query should highlight these (openldap utilities need to be installed to access ldapsearch)

Here's some ldapsearch examples:

ldapsearch