Support Questions

sba · ‎04-06-2018

I need to script the HDP cluster kerberization aginst a remote Active Directory. Can anybody tell me how Ambari can create SPNs and Accounts on a remote Active Directory? Where can I find this class/script/code?

There is also something with SPN creation I can't do manually on AD, but Ambari can do it. A valid SPN format is something like SERVICE/FQDN@REALM (Ex: HTTP/server1.com@MYAD.COM, ...). But for Ambari QA SPN for instance does not have the "SERVICE/" (Ex: ambari-qa@MYCOM.FR) part on the SPN. When I try to attach similar SPNs manually on AD, WINDOWS will complain about this format!

Thanks for pointing me where I can look for these details and how Ambari could do it.

james_jones · ‎04-06-2018

The code for creating principals in AD is here:

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java

View solution in original post

james_jones · ‎04-06-2018

The code for creating principals in AD is here:

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java

Cloudera Community

Support Questions

Ambari SPN creation on remote AD