Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Ambari server start failed due to Error Ambari Server Kerberos credentials check failed

Labels:
cloudklm
New Contributor

Created ‎10-20-2017 04:36 PM

Hi All,

I am receiving error "Ambari Server Kerberos credentials check failed" when I try to start Ambari server. My settings are good in the file/etc/ambari-server/conf/krb5JAASLogin.conf. when I am trying to kinit it is giving error" kinit: Preauthentication failed while getting initial credentials".

Please be informed that we are using Active directory for authentication.

Please let me know what to do.

Thanks

1,057 Views
0 Kudos
Tags (2)
6 REPLIES 6

rlevas
Guru

Created ‎10-20-2017 04:54 PM

Have you tried to manually kinit as the identity declared in the JAAS config file to make sure it works? It is possible that the keytab file is out of sync with the password on the Active Directory.

Another possibly for the preauthentication error is that the host's clock is more then 5 minutes different than the clock on the Active Directory server.

778 Views
0 Kudos

rlevas
Guru

Created ‎10-20-2017 04:54 PM

Have you tried to manually kinit as the identity declared in the JAAS config file to make sure it works? It is possible that the keytab file is out of sync with the password on the Active Directory.

Another possibly for the preauthentication error is that the host's clock is more then 5 minutes different than the clock on the Active Directory server.

778 Views
0 Kudos

cloudklm
New Contributor

Created ‎10-20-2017 06:11 PM

Hi Robert, Thanks for prompt reply.

yes I have tried KINIT manually but it is giving error "kinit: Preauthentication failed while getting initial credentials".

I have checked the time on AD and the ambari server and they are same.

How can I make keytab file to sync with the password on the active directory? Please advise

Thanks

778 Views
0 Kudos

rlevas
Guru

Created ‎10-20-2017 07:19 PM

So the keytab file is probably bad. How was it created? Did Ambari create it or was it created manually?

778 Views
0 Kudos

cloudklm
New Contributor

Created ‎10-20-2017 07:45 PM

Ambari created keytab.

778 Views
0 Kudos

rlevas
Guru

Created ‎10-20-2017 08:55 PM

What is the principal name? Does it contain the cluster name? If not, are there multiple clusters using the same AD? If this is the case, than it is likely another cluster update the password for the Ambari server principal, invalidating the keytab file. To solve this, you need to make sure the cluster name (or some other unique name) is added to the Ambari server principal and regenerate the keytab files. This should fix the issue.

778 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Community Announcements
March 2023 Community Highlights
What's New @ Cloudera
Cloudera DataFlow Designer for self-service data flow development is now generally available to all CDP Public Cloud customers
What's New @ Cloudera
Cloudera Operational Database (COD) UI provides the JWT configuration details to connect to your HBase client
What's New @ Cloudera
Cloudera Operational Database (COD) UI allows storage type selection when creating an operational database
What's New @ Cloudera
Release of Cloudera Streaming Analytics (CSA) 1.9.0 for CDP 7.1.7 SP2 & CDP 7.1.8
View More Announcements