Support Questions

james_bashforth · ‎08-03-2018

I'm trying to add some advanced kerberos options within cloudbreak and am stuck on the format of the kerberos-env json descriptor. I have tried a few things and keep getting "The descriptor must be a valid JSON with the required fields"

Can anyone advise of the format that should be used?

JonathanSneep · ‎08-03-2018

There is an example here, near the bottom of the page;

https://docs.hortonworks.com/HDPDocuments/Cloudbreak/Cloudbreak-2.4.2/content/security-kerberos/inde...

If that doesn't help you, can you share what you've used that is giving you an error?

View solution in original post

JonathanSneep · ‎08-03-2018

There is an example here, near the bottom of the page;

https://docs.hortonworks.com/HDPDocuments/Cloudbreak/Cloudbreak-2.4.2/content/security-kerberos/inde...

If that doesn't help you, can you share what you've used that is giving you an error?

JonathanSneep · ‎08-03-2018

Thanks for sharing your JSON. It looks good but the error also complains about the required fields. I don't see some fields; realm / kdc_type / kdc_host / admin_server_host etc as you can see on the example in the link I previously sent. Can you try to include those values, and see if that makes any improvement?

james_bashforth · ‎08-03-2018

I have tried the following in a few different ways. Removing the kerberos-env and just using properties. I have also tried getting the kerberos-descriptor from the api and using that. I get the message "The descriptor must be a valid JSON with the required fields Kerberos configuration contains inconsistent parameters" with the below code.

{
"kerberos-env":{
    "properties" : {
        "password_min_uppercase_letters" : "1",
        "password_min_whitespace" : "0",
        "password_min_punctuation" : "1",
        "manage_auth_to_local" : "true",
        "password_min_digits" : "1",
        "set_password_expiry" : "false",
        "encryption_types" : "aes des3-cbc-sha1 rc4 des-cbc-md5",
        "kdc_create_attributes" : "",
        "create_ambari_principal" : "true",
        "password_min_lowercase_letters" : "1",
        "password_length" : "20",
        "case_insensitive_username_rules" : "true",
        "manage_identities" : "true",
        "password_chat_timeout" : "5",
        "ad_create_attributes_template" : "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n  \"cn\": \"$principal_digest_256\",\n  #if( $is_service )\n  \"servicePrincipalName\": \"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\": \"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}",
        "preconfigure_services" : "DEFAULT",
        "install_packages" : "true",
        "ldap_url" : "ldaps://system.example.com:636",
        "executable_search_paths" : "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin",
        "group" : "ambari-managed-principals",
        "kdc_type": "active-directory"
      }
    }
}

james_bashforth · ‎08-03-2018

Just added those and getting "Kerberos configuration contains inconsistent parameters"

james_bashforth · ‎08-03-2018

Just figured it out. I had previously filled in the basic section and it seems to conflict if you dont clear it when moving to the advanced configuration. I have cleared basic and the configuration has started.

Thank you for your help and very prompt responses 🙂

JonathanSneep · ‎08-03-2018

Awesome, glad you got it working now and thanks for clarifying how you got it up! 🙂

Cloudera Community

Support Questions

Cloudbreak - kerberos-env json descriptor format