Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Enable Kerberos via Cloudera Manager wizard failed

Enable Kerberos via Cloudera Manager wizard failed

Explorer

Hi All,

 

Could someone please help me with the issue below. This happened when I am trying to enable kerberos using wizrd from CM

 



/opt/cloudera/cm/bin/import_credentials.sh failed with exit code 1 and output of << + export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin + PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin + KEYTAB_OUT=/var/run/cloudera-scm-server/cmf8855603408704216973.keytab + USER=USERNAME-REDACTED + passwd=BUNDLE-REDACTED KVNO=1 + SLEEP=0 + RHEL_FILE=/etc/redhat-release + '[' -f /etc/redhat-release ']' + set +e + grep Tikanga /etc/redhat-release + '[' 1 -eq 0 ']' + '[' 0 -eq 0 ']' + grep 'CentOS release 5' /etc/redhat-release + '[' 1 -eq 0 ']' + '[' 0 -eq 0 ']' + grep 'Scientific Linux release 5' /etc/redhat-release + '[' 1 -eq 0 ']' + set -e + '[' -z /var/run/cloudera-scm-server/krb57376075517873221004.conf ']' + echo 'Using custom config path '\''/var/run/cloudera-scm-server/krb57376075517873221004.conf'\'', contents below:' + cat /var/run/cloudera-scm-server/krb57376075517873221004.conf + IFS=' ' + read -a ENC_ARR + for ENC in '"${ENC_ARR[@]}"' + echo 'addent -password -p USERNAME-REDACTED -k 1 -e rc4-hmac' + ktutil + '[' 0 -eq 1 ']' + echo PASSWORD-REDACTED + echo 'wkt /var/run/cloudera-scm-server/cmf8855603408704216973.keytab' + chmod 600 /var/run/cloudera-scm-server/cmf8855603408704216973.keytab + kinit -k -t /var/run/cloudera-scm-server/cmf8855603408704216973.keytab USERNAME-REDACTED kinit: Client 'USERNAME-REDACTED' not found in Kerberos database while getting initial credentials >>
2 REPLIES 2
Highlighted

Re: Enable Kerberos via Cloudera Manager wizard failed

Explorer

Hi,

 

   Please show your Kerberos parameters in Cloudera Manager because it is hard to investigate something without that.

 

Regards

Re: Enable Kerberos via Cloudera Manager wizard failed

Super Guru

This post is pretty old, but we can say the following in case it helps others:

 

In the import_credentials.sh script output, we see the following error:

 

kinit: Client 'USERNAME-REDACTED' not found in Kerberos database while getting initial credentials

 

This is coming from the MIT Kerberos client, "kinit"

It means that the user principal provided does not exist in the KDC

 

Possible causes:

 

- The Admin user specified in the Kerberos wizard does not exist

- The wrong KDC is being used (check the krb5.conf)