Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Enable Cloudera Manager TLS when UI is not Available

Enable Cloudera Manager TLS when UI is not Available

Explorer

I have seen some other posts related to this but for previous versions. Those solutions included the passwd_hash/passwd_salt for the admin password. 

 

I turned off TLS to the console and now am unable to login using port 7180 (authentication error). I get the UI but cannot login. 

 

All of my certs are in place so I think if I can find a way to re-enable TLS that may solve my problem.

 

Unless the admin password is also now junk. 

 

So, I would like to try the following: 

 

1. Turn on TLS for CM via the database/config file 

2. Reset the admin password_hash/salt for CM v5.13

 

Are there any solutions available?

 

Thanks!

5 REPLIES 5
Highlighted

Re: Enable Cloudera Manager TLS when UI is not Available

Super Guru

@bridgor,

 

Turning TLS on or off for the admin console does not impact your user login.  If you can navigate to the CM login page, TLS in the CM admin console is not the cause of the login problem.

 

TLS on/off will not change your password either.

 

Before taking action, I recommend looking at the Cloudera Manager log to review what is printed when attempting to authenticate to CM.  If you are using LDAP or other methods to login perhaps that is involved.

 

If you are sure you need to reset, I think this one should would work to reset the password to "admin"

 

UPDATE users SET password_hash = '9f7e3270b1aaa4931d38845a0334e66b2dd93f916439006fac4e5e2535a444b3', password_salt = -5357030608435271136 WHERE user_name = 'admin';

 

NOTE:  if using mysql, the table name may be upper case (USERS)

NOTE2:  Change  the "user_name" to match the user you are reseting if it is not "admin"

Re: Enable Cloudera Manager TLS when UI is not Available

Explorer

Thanks @bgooley

 

Thanks for the reply!

 

Resetting the password hash/salt did not change the result. 

 

See this in the log: 

 

2019-01-31 13:25:38,988 INFO 2147430310@scm-web-3:com.cloudera.server.web.cmf.AuthenticationSuccessEventListener: Authentication success for user: 'admin' from'' <gateway_ip_address>

 

But the UI doesn't open ... ok, that's weird!

 

 

B

 

Re: Enable Cloudera Manager TLS when UI is not Available

Explorer

PS - So changing the hash/salt did change the entry in the log from failure to success but the result in the browser is the same. 

Re: Enable Cloudera Manager TLS when UI is not Available

Explorer

PPS - I used a different browser and that solved the issue. I'm in now so will work on the TLS piece again. 

 

Thanks!

Re: Enable Cloudera Manager TLS when UI is not Available

Super Guru

@bridgor,

 

If you log in and are redirected to another login screen where no error is displayed, that is a browser session cookie issue.  You can restart your browser or you can clear out cookies for the Cloudera Manager host to correct.

 

Glad you got by the issue!