Created 08-03-2018 09:34 AM
I'm trying to add some advanced kerberos options within cloudbreak and am stuck on the format of the kerberos-env json descriptor. I have tried a few things and keep getting "The descriptor must be a valid JSON with the required fields"
Can anyone advise of the format that should be used?
Created 08-03-2018 10:18 AM
There is an example here, near the bottom of the page;
If that doesn't help you, can you share what you've used that is giving you an error?
Created 08-03-2018 10:18 AM
There is an example here, near the bottom of the page;
If that doesn't help you, can you share what you've used that is giving you an error?
Created 08-03-2018 10:33 AM
Thanks for sharing your JSON. It looks good but the error also complains about the required fields. I don't see some fields; realm / kdc_type / kdc_host / admin_server_host etc as you can see on the example in the link I previously sent. Can you try to include those values, and see if that makes any improvement?
Created 08-03-2018 10:28 AM
I have tried the following in a few different ways. Removing the kerberos-env and just using properties. I have also tried getting the kerberos-descriptor from the api and using that. I get the message "The descriptor must be a valid JSON with the required fields Kerberos configuration contains inconsistent parameters" with the below code.
{ "kerberos-env":{ "properties" : { "password_min_uppercase_letters" : "1", "password_min_whitespace" : "0", "password_min_punctuation" : "1", "manage_auth_to_local" : "true", "password_min_digits" : "1", "set_password_expiry" : "false", "encryption_types" : "aes des3-cbc-sha1 rc4 des-cbc-md5", "kdc_create_attributes" : "", "create_ambari_principal" : "true", "password_min_lowercase_letters" : "1", "password_length" : "20", "case_insensitive_username_rules" : "true", "manage_identities" : "true", "password_chat_timeout" : "5", "ad_create_attributes_template" : "\n{\n \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n \"cn\": \"$principal_digest_256\",\n #if( $is_service )\n \"servicePrincipalName\": \"$principal_name\",\n #end\n \"userPrincipalName\": \"$normalized_principal\",\n \"unicodePwd\": \"$password\",\n \"accountExpires\": \"0\",\n \"userAccountControl\": \"66048\"\n}", "preconfigure_services" : "DEFAULT", "install_packages" : "true", "ldap_url" : "ldaps://system.example.com:636", "executable_search_paths" : "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin", "group" : "ambari-managed-principals", "kdc_type": "active-directory" } } }
Created 08-03-2018 10:38 AM
Just added those and getting "Kerberos configuration contains inconsistent parameters"
Created 08-03-2018 10:46 AM
Just figured it out. I had previously filled in the basic section and it seems to conflict if you dont clear it when moving to the advanced configuration. I have cleared basic and the configuration has started.
Thank you for your help and very prompt responses 🙂
Created 08-03-2018 10:48 AM
Awesome, glad you got it working now and thanks for clarifying how you got it up! 🙂