Created 08-08-2020 10:23 AM
/usr/share/cmf/bin/import_credentials.sh failed with exit code 1 and output of <<
+ export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ KEYTAB_OUT=/var/run/cloudera-scm-server/cmf7282863856941320449.keytab
+ USER=cm@HADOOPSECURITY.LOCAL
+ PASSWD=REDACTED
+ KVNO=1
+ SLEEP=0
+ RHEL_FILE=/etc/redhat-release
+ '[' -f /etc/redhat-release ']'
+ set +e
+ grep Tikanga /etc/redhat-release
+ '[' 1 -eq 0 ']'
+ '[' 0 -eq 0 ']'
+ grep 'CentOS release 5' /etc/redhat-release
+ '[' 1 -eq 0 ']'
+ '[' 0 -eq 0 ']'
+ grep 'Scientific Linux release 5' /etc/redhat-release
+ '[' 1 -eq 0 ']'
+ set -e
+ '[' -z /etc/krb5.conf ']'
+ echo 'Using custom config path '\''/etc/krb5.conf'\'', contents below:'
+ cat /etc/krb5.conf
+ IFS=' '
+ read -a ENC_ARR
+ for ENC in '"${ENC_ARR[@]}"'
+ ktutil
+ echo 'addent -password -p cm@HADOOPSECURITY.LOCAL -k 1 -e rc4-hmac'
+ '[' 0 -eq 1 ']'
+ echo REDACTED
+ for ENC in '"${ENC_ARR[@]}"'
+ echo 'addent -password -p cm@HADOOPSECURITY.LOCAL -k 1 -e aes128-cts-hmac-sha1-96'
+ '[' 0 -eq 1 ']'
+ echo REDACTED
+ for ENC in '"${ENC_ARR[@]}"'
+ echo 'addent -password -p cm@HADOOPSECURITY.LOCAL -k 1 -e aes256-cts-hmac-sha1-96'
+ '[' 0 -eq 1 ']'
+ echo REDACTED
+ for ENC in '"${ENC_ARR[@]}"'
+ echo 'addent -password -p cm@HADOOPSECURITY.LOCAL -k 1 -e arcfour-hmac-md5'
+ '[' 0 -eq 1 ']'
+ echo REDACTED
+ echo 'wkt /var/run/cloudera-scm-server/cmf7282863856941320449.keytab'
+ chmod 600 /var/run/cloudera-scm-server/cmf7282863856941320449.keytab
+ kinit -k -t /var/run/cloudera-scm-server/cmf7282863856941320449.keytab cm@HADOOPSECURITY.LOCAL
+ '[' true '!=' true ']'
++ mktemp /tmp/cm_ldap.XXXXXXXX
+ LDAP_CONF=/tmp/cm_ldap.0sQi4sKr
+ echo 'TLS_REQCERT never'
+ echo 'sasl_secprops minssf=0,maxssf=0'
+ export LDAPCONF=/tmp/cm_ldap.0sQi4sKr
+ LDAPCONF=/tmp/cm_ldap.0sQi4sKr
+ set +e
+ ldapsearch -LLL -H ldaps://hadoop-ad.hadoopsecurity.local:636 -b ou=hadoop-ad,DC=hadoopsecurity,DC=local userPrincipalName=cm@HADOOPSECURITY.LOCAL
SASL/GSSAPI authentication started
SASL username: cm@HADOOPSECURITY.LOCAL
SASL SSF: 0
No such object (32)
Matched DN: DC=hadoopsecurity,DC=local
Additional information: 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=hadoopsecurity,DC=local'
+ '[' 32 -ne 0 ']'
+ echo 'ldapsearch did not work with SASL authentication. Trying with simple authentication'
+ ldapsearch -LLL -H ldaps://hadoop-ad.hadoopsecurity.local:636 -b ou=hadoop-ad,DC=hadoopsecurity,DC=local -x -D cm@HADOOPSECURITY.LOCAL -w REDACTED userPrincipalName=cm@HADOOPSECURITY.LOCAL
No such object (32)
Matched DN: DC=hadoopsecurity,DC=local
Additional information: 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=hadoopsecurity,DC=local'
+ '[' 32 -ne 0 ']'
+ echo 'Failed to do ldapsearch.'
+ echo 'Please make sure Active Directory configuration is correctly specified and LDAP over SSL is enabled.'
+ exit 1
>>
Created 08-10-2020 02:06 AM
@Shri23 Error 32 usually means, the referenced object does not exist. I.e. You entered a bad DN value for something that needed a correct DN value.
Please look at your AD and confirm that the user exist in the path:
ou=hadoop-ad,DC=hadoopsecurity,DC=local userPrincipalName=cm@HADOOPSECURITY.LOCAL
Also as a side note the service account should have create, modify and delete access in AD as well.
Created 08-12-2020 12:07 AM
Hi...!!
Thanks, but user exist in the path and also given all the access.
Created 08-13-2020 02:48 AM
@Shri23 can you please show the acess of this svc account?