Support Questions

aliyesami · ‎11-29-2016

config-kerb.jpg kdc-error.txt ambari-error.jpg

I have installed the the KDC server and created principals . The configure Kerberos part goes fine from the ambari console and so does the install client Kerberos part , but the test client part is failing with some internal exception , please see the upload ambari log file and and the screen shots for the configuration screen .

rlevas · ‎11-30-2016

@Sami Ahmad

Looking at the error:

29 Nov 2016 15:49:43,526  WARN [ambari-client-thread-1242] MITKerberosOperationHandler:459 - Failed to execute kadmin:
        Command: [/usr/bin/kadmin, -s, hadoop1.tolls.dot.state.fl.us, -p, K/M@TOLLS.DOT.STATE.FL.US, -r, TOLLS.DOT.STATE.FL.US, -q, get_principal K/M@TOLLS.DOT.STATE.FL.US]
        ExitCode: 1
        STDOUT: Authenticating as principal K/M@TOLLS.DOT.STATE.FL.US with password.
        STDERR: kadmin: Clients credentials have been revoked while initializing kadmin interface

It appears that the admin account you are using has been locked out. See http://web.mit.edu/Kerberos/krb5-1.13/doc/admin/lockout.html for more information on this.

View solution in original post

aliyesami · ‎11-30-2016

changed that , still same , kdc cant find the master key

aliyesami · ‎11-30-2016

even the service wont start now

[root@hadoop1 etc]#  service krb5kdc start
Starting Kerberos 5 KDC: krb5kdc: cannot initialize realm TOLLS.DOT.SATE.FL.US - see log file for details
                                                          [FAILED]
tail -100f /var/log/krb5kdc.log
Nov 30 10:50:36 hadoop1 krb5kdc[18920](info): closing down fd 9
Nov 30 10:50:36 hadoop1 krb5kdc[18920](info): closing down fd 7
Nov 30 10:50:36 hadoop1 krb5kdc[18920](info): shutting down
krb5kdc: Can not fetch master key (error: No such file or directory). - while fetching master key K/M for realm TOLLS.DOT.SATE.FL.US

e

rlevas · ‎11-30-2016

@Sami Ahmad

It seems like your KDC installation is all messed up. Can you remove the client and server packages as well as the /var/kerberos directory and its contents? Then try to reinstall it.

Here is a script that I use for Centos6. If you have a different OS, let me know and I might have a script for that. In any case the script creates a KDC with the realm of EXAMPLE.COM. You can edit the script to change this. It also creates an administrator principal - admin/admin@EXAMPLE.COM (password: admin).

install-kdcsh.txt

aliyesami · ‎11-30-2016

ah there was a typo in the krb5.conf file . I typed "SATE" instead of "STATE" . so I can login into kadmin now and will try to re-install via ambari and report.

aliyesami · ‎11-30-2016

thanks all for your help I could install Kerberos

tauqeerkhan · ‎01-23-2017

Hello Sami,

Can You please share the solution, am also facing the same issue.

Cloudera Community

Support Questions

CONFIGURE KDC CLIENT FAILING