Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.
Solved Go to solution

Ambari Web ui Kerberos HTTP error

Labels:
sunilreddykallu
Explorer

Created ‎10-06-2017 03:12 PM

Hi

I am getting this error almost in all services installed can someone help us

Connection failed to http://hostname:50070 (Execution of '/usr/bin/kinit -c /var/lib/ambari-agent/tmp/curl_krb_cache/web_alert_ambari-qa_cc_196393db8ad8461dac739b8ea56294c7 -kt /etc/security/keytabs/spnego.service.keytab HTTP/hostname@RELAY.COM > /dev/null' returned 1. kinit: Keytab contains no suitable keys for HTTP/hostname@RELAY.COM while getting initial credentials)
1,691 Views
0 Kudos
1 ACCEPTED SOLUTION

Shelton
Mentor

Created ‎10-06-2017 05:20 PM

@Sam Red

There could be a couple of reasons here.

First make sure the KDC and Kadmin is running assuming you are on RHEL/Centos7

Check the current status these 2 deamons should be running

# systemctl status krb5kdc.service
# systemctl status kadmin.service

If they are not running please, enable them so at next reboot they autostart

# systemctl enable kadmin.service
# systemctl enable krb5kdc.service

Start the services

# systemctl start krb5kdc.service 
# systemctl start kadmin.service

As the root user check that the principals are in the KDC database

# kadmin.local 
Authenticating as principal root/admin@RELAY.COM with password. 
kadmin.local: listprincs


First forcefully expire the current kerberos credentials, log on as user hdfs or whatever 

# kdestroy

Validate that no credentials are cached 

# klist
klist: No credentials cache found (filename: /tmp/krb5cc_0)

To see what keytab entries in that keytab file, use klist 

# klist -kte  /etc/security/keytabs/spnego.service.keytab
Keytab name: FILE:/etc/security/keytabs/spnego.service.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (aes256-cts-hmac-sha1-96)
   1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (des-cbc-md5)
   1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (arcfour-hmac)
   1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (aes128-cts-hmac-sha1-96)
   1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (des3-cbc-sha1)

The grab a valid kerberos using the info above 

# kinit -kt /etc/security/keytabs/spnego.service.keytab  HTTP/hostname@RELAY.COM

Now retry

View solution in original post

1,373 Views
0 Kudos
3 REPLIES 3

rlevas
Guru

Created ‎10-06-2017 03:25 PM

is "hostname" in HTTP/hostname@RELAY.COM, literally "hostname" or did you replace that for the purposes of this query?

1,373 Views
0 Kudos

Shelton
Mentor

Created ‎10-06-2017 05:20 PM

@Sam Red

There could be a couple of reasons here.

First make sure the KDC and Kadmin is running assuming you are on RHEL/Centos7

Check the current status these 2 deamons should be running

# systemctl status krb5kdc.service
# systemctl status kadmin.service

If they are not running please, enable them so at next reboot they autostart

# systemctl enable kadmin.service
# systemctl enable krb5kdc.service

Start the services

# systemctl start krb5kdc.service 
# systemctl start kadmin.service

As the root user check that the principals are in the KDC database

# kadmin.local 
Authenticating as principal root/admin@RELAY.COM with password. 
kadmin.local: listprincs


First forcefully expire the current kerberos credentials, log on as user hdfs or whatever 

# kdestroy

Validate that no credentials are cached 

# klist
klist: No credentials cache found (filename: /tmp/krb5cc_0)

To see what keytab entries in that keytab file, use klist 

# klist -kte  /etc/security/keytabs/spnego.service.keytab
Keytab name: FILE:/etc/security/keytabs/spnego.service.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (aes256-cts-hmac-sha1-96)
   1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (des-cbc-md5)
   1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (arcfour-hmac)
   1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (aes128-cts-hmac-sha1-96)
   1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (des3-cbc-sha1)

The grab a valid kerberos using the info above 

# kinit -kt /etc/security/keytabs/spnego.service.keytab  HTTP/hostname@RELAY.COM

Now retry

1,374 Views
0 Kudos

sunilreddykallu
Explorer

Created ‎10-06-2017 06:22 PM

@Geoffrey Shelton Okot Thank you

1,373 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
CDP Public Cloud: May 2023 Release Summary
What's New @ Cloudera
Cloudera Operational Database (COD) provides enhancements to the --scale-type CDP CLI option
What's New @ Cloudera
Cloudera Operational Database (COD) UI supports creating a smaller cluster using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports scaling up the clusters vertically
Product Announcements
CDP Public Cloud: April 2023 Release Summary
View More Announcements