Support Questions

Find answers, ask questions, and share your expertise

Authentication Failure on Apache Ranger

avatar
Explorer

I have configured Ranger with Ranger-admin and Hadoop , HDFS  plugins. 

 

I can access the basic url,
curl -u rangeradmin:rangeradmin -i -X GET http://127.0.0.1:6080
HTTP/1.1 302 Found
Set-Cookie: RANGERADMINSESSIONID=6A1E7311C911AE876D02359679222E24; Path=/; HttpOnly
X-Frame-Options: DENY
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';font-src 'self'
Location: http://127.0.0.1:6080/login.jsp
Content-Length: 0
Date: Thu, 05 Sep 2019 09:02:16 GMT
Server: Apache Ranger

 

but on accessing other urls it fails:

 

 

curl -u rangeradmin:rangeradmin -i -X GET http://127.0.0.1:6080/service/plugins/policies/service/1
HTTP/1.1 401 Unauthorized
Set-Cookie: RANGERADMINSESSIONID=96A517FCD3CDC23354BFDFE3D22E6FE4; Path=/; HttpOnly
X-Frame-Options: DENY
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';font-src 'self'
Content-Length: 52
Date: Thu, 05 Sep 2019 08:37:47 GMT
Server: Apache Ranger

{"statusCode":401,"msgDesc":"Authentication Failed"}

1 ACCEPTED SOLUTION

avatar
Master Mentor

@ranger 

As we see "Authentication Failed" hence most possible cause may be the incorrect ranger admin credentials supplied to the curl command.

 

1. Are you sure that you are able to Login to Ranger UI using Web Browser with the same credentials Username: "rangeradmin" Password: "rangeradmin"?

 

 

http://$RANGER_HOSTNAME:6080

 

 

If not then please check what is the Username& Password you have entered here

 

 

Ambari UI --> Ranger --> Configs --> Advanced --> "Advanced ranger-env" --> "Ranger Admin username" AND "Ranger Admin user's password"

 

 


2. Please tail the "xa_portal.log" log and see if you are getting any of the following message when you are attempting to login to Ranger UI using the same credentials? Or while making the API call?

 

 

# tail -f /var/log/ranger/admin/xa_portal.log
# grep 'Login Unsuccessful' /var/log/ranger/admin/xa_portal.log
# grep 'Authentication with' /var/log/ranger/admin/xa_portal.log
# grep 'Bad Credentials' /var/log/ranger/admin/xa_portal.log

 

 

.

 



 

View solution in original post

5 REPLIES 5

avatar
Master Mentor

@ranger 

As we see "Authentication Failed" hence most possible cause may be the incorrect ranger admin credentials supplied to the curl command.

 

1. Are you sure that you are able to Login to Ranger UI using Web Browser with the same credentials Username: "rangeradmin" Password: "rangeradmin"?

 

 

http://$RANGER_HOSTNAME:6080

 

 

If not then please check what is the Username& Password you have entered here

 

 

Ambari UI --> Ranger --> Configs --> Advanced --> "Advanced ranger-env" --> "Ranger Admin username" AND "Ranger Admin user's password"

 

 


2. Please tail the "xa_portal.log" log and see if you are getting any of the following message when you are attempting to login to Ranger UI using the same credentials? Or while making the API call?

 

 

# tail -f /var/log/ranger/admin/xa_portal.log
# grep 'Login Unsuccessful' /var/log/ranger/admin/xa_portal.log
# grep 'Authentication with' /var/log/ranger/admin/xa_portal.log
# grep 'Bad Credentials' /var/log/ranger/admin/xa_portal.log

 

 

.

 



 

avatar
Explorer

I have not used Ambari  UI, instead built ranger from sources and installed the hadoop , ranger-admin and HDFS plugins , Is there any way to check Ranger's REST apis with Ambari

 

This is my configuration inside install.properties of ranger-2.1.0-SNAPSHOT-admin , after which I installed ranger-admin plugin

 

policymgr_external_url=http://localhost:6080
policymgr_http_enabled=true
policymgr_https_keystore_file=
policymgr_https_keystore_keyalias=rangeradmin
policymgr_https_keystore_password=rangeradmin

 

With this user name and password, I get the following response:

 

curl -u rangeradmin:rangeradmin -i -X GET http://127.0.0.1:6080/login.jsp
HTTP/1.1 200 OK
Set-Cookie: RANGERADMINSESSIONID=A748FB6091DA17AEFACC6E3552723593; Path=/; HttpOnly
X-Frame-Options: DENY
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 3629
Date: Thu, 05 Sep 2019 09:53:52 GMT
Server: Apache Ranger

 

 

avatar
Master Mentor

@ranger 

Even if you have build ranger from source... before making the API call you should validate the following:

 

Are you really sure that the credentials that you are entering is correct?

 

1. Are you able to login to Ranger UI with that credential?  (this is the verify if your credentials are correct or not) ?    

 

2. Do you see "Bad Credentials" message inside the "xa_portal.log" ?  Can you share the log?

 

 

avatar
Explorer

Thanks for your guidance, Now when I try to login with rangeradmin:rangeradmin credentials ,

 

The username or password you entered is incorrect.

avatar
Explorer

Though I have put rangeradmin as username and password inside ranger-admin/install,properties, it is not taking that,, Instead its taking admin:admin as credentials what I have setuo in Ambari server..

 

This I dont understand because ambari server I installed separately and never used Ambari to install Ranger, instead compiled Ranger from scratch.