Created on 08-11-2016 06:41 PM - edited 09-16-2022 03:34 AM
Hi,
I am trying to enable kerberos in CDH 5.8 with os of ubuntu 14.04
All are fine until I try to do the part of Generate Missing Credentials
Please find the error.
/usr/share/cmf/bin/gen_credentials.sh failed with exit code 127 and output of << + export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games + PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games + export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/sbin + PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/sbin + export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/sbin:/usr/sbin + PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/sbin:/usr/sbin + export KRB5_CONFIG=/var/krb5kdc/krb5.conf + KRB5_CONFIG=/var/krb5kdc/krb5.conf + export KRB5_KDC_PROFILE=/var/krb5kdc/kdc.conf + KRB5_KDC_PROFILE=/var/krb5kdc/kdc.conf + export DEFKTNAME=FILE:/etc/krb5.keytab + DEFKTNAME=FILE:/etc/krb5.keytab + CMF_REALM=ACME.COM + KEYTAB_OUT=/tmp/cmf6659933762842902135.keytab + PRINC=kafka/sb-node1.example.com@ACME.COM + MAX_RENEW_LIFE=432000 + KADMIN='kadmin -k -t /tmp/cmf622833402687775807.keytab -p cloudera-scm/admin@ACME.COM -r ACME.COM' + RENEW_ARG= + '[' 432000 -gt 0 ']' + RENEW_ARG='-maxrenewlife "432000 sec"' + '[' -z /var/krb5kdc/krb5.conf ']' + echo 'Using custom config path '\''/var/krb5kdc/krb5.conf'\'', contents below:' + cat /var/krb5kdc/krb5.conf + kadmin -k -t /tmp/cmf622833402687775807.keytab -p cloudera-scm/admin@ACME.COM -r ACME.COM -q 'addprinc -maxrenewlife "432000 sec" -randkey kafka/sb-node1.example.com@ACME.COM' kadmin: relocation error: /usr/lib/x86_64-linux-gnu/libkadm5clnt_mit.so.9: symbol k5_buf_len, version krb5support_0_MIT not defined in file libkrb5support.so.0 with link time reference
Created 08-16-2016 12:51 AM
Created 08-14-2016 03:58 PM
Created 08-14-2016 07:36 PM
Thanks for your reply. The version of krb5-kdc and krb5-admin-server is exactly "1.12+dfsg-2ubuntu5.2". Also, I guess that I didn't upgrade my any packages to other versions.
So I guess the repositories is somehow changed. And I restore the repositories with the steps with this link http://askubuntu.com/questions/124017/how-do-i-restore-the-default-repositories. However, I still got the same error while generating Missing Credentials.
Created 08-15-2016 12:33 AM
Created 08-15-2016 12:39 AM
dpkg -s libkrb5support0 | grep Version
Version: 1.12+dfsg-2ubuntu5.2
dpkg -s libc6 | grep Version
Version: 2.19-0ubuntu6.9
it seems that the version is ideal
Created 08-15-2016 01:29 AM
Thank you for checking and reporting back, it appears something is very strange about your Ubuntu environment.
In my test environment with a 14.04 VM install, these commands appear to work normally. Can you verify if they work the same in yours (below was executed on the KDC host, for my realm name of UBUNTU.VM):
~> kadmin.local
kadmin: addprinc test/admin
…
kadmin: xst -k test-admin.keytab -norandkey test/admin
kadmin: quit
~>
~> kadmin -k -t test-admin.keytab -p test/admin@UBUNTU.VM -r UBUNTU.VM
kadmin: listprincs
…
kadmin: quit
~>
I'm particularly interested to know if both kadmin.local and kadmin (with an admin keytab) commands work for you normally outside of Cloudera Manager which is merely also invoking a similar command via a shell script.
Created on 08-15-2016 02:09 AM - edited 08-15-2016 02:20 AM
Thank you for your reply.
Per your request, my environment works with no error with the test command you provided. It successfully adds the principle test/admin to keytab test-admin.keytab with kadmin.local.
Also, It works fine in part of authenticating as principal test/admin@MyRealmName with keytab test-admin.keytab.
Please let me know if you want to know what console log printed while running your test command
Created 08-15-2016 02:30 AM
Created 08-15-2016 06:33 PM
Thanks for your help. I have tried the full command of CM is trying to run and it perfectly generated the principle of kafka/sb-node1.example.com@ACME.COM.
Also, I have to tell you that I am setting all the kerberos environment as a root user. When I try to print out $USER in the gen_credentials.sh, it shows the User name of "cloudera-scm". I don't know whether it is the cause of the problem. Hope it helps.
Created 08-15-2016 10:59 PM