Support Questions

Find answers, ask questions, and share your expertise

Enable Kerberos via Cloudera Manager wizard failed

avatar
Explorer

Hi All,

 

Could someone please help me with the issue below. This happened when I am trying to enable kerberos using wizrd from CM

 



/opt/cloudera/cm/bin/import_credentials.sh failed with exit code 1 and output of << + export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin + PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin + KEYTAB_OUT=/var/run/cloudera-scm-server/cmf8855603408704216973.keytab + USER=USERNAME-REDACTED + passwd=BUNDLE-REDACTED KVNO=1 + SLEEP=0 + RHEL_FILE=/etc/redhat-release + '[' -f /etc/redhat-release ']' + set +e + grep Tikanga /etc/redhat-release + '[' 1 -eq 0 ']' + '[' 0 -eq 0 ']' + grep 'CentOS release 5' /etc/redhat-release + '[' 1 -eq 0 ']' + '[' 0 -eq 0 ']' + grep 'Scientific Linux release 5' /etc/redhat-release + '[' 1 -eq 0 ']' + set -e + '[' -z /var/run/cloudera-scm-server/krb57376075517873221004.conf ']' + echo 'Using custom config path '\''/var/run/cloudera-scm-server/krb57376075517873221004.conf'\'', contents below:' + cat /var/run/cloudera-scm-server/krb57376075517873221004.conf + IFS=' ' + read -a ENC_ARR + for ENC in '"${ENC_ARR[@]}"' + echo 'addent -password -p USERNAME-REDACTED -k 1 -e rc4-hmac' + ktutil + '[' 0 -eq 1 ']' + echo PASSWORD-REDACTED + echo 'wkt /var/run/cloudera-scm-server/cmf8855603408704216973.keytab' + chmod 600 /var/run/cloudera-scm-server/cmf8855603408704216973.keytab + kinit -k -t /var/run/cloudera-scm-server/cmf8855603408704216973.keytab USERNAME-REDACTED kinit: Client 'USERNAME-REDACTED' not found in Kerberos database while getting initial credentials >>
1 REPLY 1

avatar
Master Guru

@sree3192 ,

 

Welcome to the Community.  I started a new thread since your output indicates a different issue than that older thread to which you originally replied.

 

Key information:

 

  • The problem occurs when importing credentials (import_credentials.sh)
  • The error is "kinit: Client 'USERNAME-REDACTED' not found in Kerberos database while getting initial credentials"

The error is coming from MIT Kerberos libraries and it means that the user (which is redacted in the output) cannot be found in the configured KDC.

 

Please make sure you have created the user principal you specified for Cloudera Manager to use in order to import the admin user's keytab.

 

For instance, if typed in my_cm_user/admin make sure that your KDC has a principal for that user