Support Questions

Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

Ambari SPN creation on remote AD

Explorer

I need to script the HDP cluster kerberization aginst a remote Active Directory. Can anybody tell me how Ambari can create SPNs and Accounts on a remote Active Directory? Where can I find this class/script/code?

There is also something with SPN creation I can't do manually on AD, but Ambari can do it. A valid SPN format is something like SERVICE/FQDN@REALM (Ex: HTTP/server1.com@MYAD.COM, ...). But for Ambari QA SPN for instance does not have the "SERVICE/" (Ex: ambari-qa@MYCOM.FR) part on the SPN. When I try to attach similar SPNs manually on AD, WINDOWS will complain about this format!

Thanks for pointing me where I can look for these details and how Ambari could do it.

1 ACCEPTED SOLUTION

Super Collaborator

The code for creating principals in AD is here:

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java

View solution in original post

1 REPLY 1

Super Collaborator

The code for creating principals in AD is here:

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.