Support Questions

mazen_elshayeb · ‎05-13-2019

Hello

I receive an error while enabling kerberos on ambari as below;

i have installed krb5-kdc krb5-admin-server and config krb5.conf, kdc.conf and kadm5.acl then created new principle (as attached)

Note when i wrote the realm name in the kdc file in uppercase letter i got an error while using kadmin.local master key cannot be fetch, it only works in lowercase letter

Also when i try to restart the krb5 services, it said service can't be found although it is running so i restart the server instead

Last thing when i installed krb5-kdc krb5-admin-server the /var/kerberos folder didn't create automatically and i had to create it manually.

Please help me solve this issue, thank you in advanced.

KADM5.acl.txt

KDC.conf.txt

KRB5.conf.txt

rlevas · ‎05-13-2019

It seems like the user that runs the kadmin process does not have access to write to the backing database... or the backing data is locked by some other process. Take a look at the permission on the database file and make sure the permissions are set properly.

mazen_elshayeb · ‎05-13-2019

hello robert, thank you so much for your reply, im new in working on this so can you please let me know the steps to do for checking if the permissions are set properly or not on the database

mazen_elshayeb · ‎05-14-2019

Hello Geoffrey Shelton, thank you so much for your reply, i will follow your steps and if there any issue will refer back to you.

Shelton · ‎05-14-2019

@Mazen Elshayeb

Any updates?

mazen_elshayeb · ‎05-16-2019

Hello Geoffrey Shelton Okot

I followed all the steps that you sent to me and entered same ambari wizard configuration as you said but now the ambari wizard keeps asking for the admin principal and password, i have not created any principal manually as you mentioned in your reply.

i couldn't open the attached pdf files you sent to me access forbidden.

Note: I'm working on VM and my hostname -f is ubuntu, is this will make any changes on the domain_realm or it will be as it is

.hadoop.com = HADOOP.COM

hadoop.com =HADOOP.COM

attached is my new /etc/krb5kdc/krb5.conf kdc.conf and kadm5.acl

KADM5.acl.txt

KDC.conf.txt

KRB5.conf.txt

Shelton · ‎05-16-2019

@Mazen Elshayeb

That's good news the principal admin should be admin/admin@HADOOP.COM and the password is the magic password you used when creating the Kerberos database. You must have gotten a warning saying keep the password safely 🙂

Please proceed and revert!

mazen_elshayeb · ‎05-16-2019

@Geoffrey Shelton Okot

Yes im using admin/admin@HADOOP.COM as my principal admin and the password i have created but it still keep asking me for principal admin and password

Shelton · ‎05-16-2019

@Mazen Elshayeb

Can you capture and share your screenshot?

Firstly can you ensure your kdc and kadmin are started?

Did you run this step? If not please do that while logged in as root, the output should look like below

# kadmin.local -q "addprinc admin/admin"

Desired output

Authenticating as principal root/admin@HADOOP.COM with password.
WARNING: no policy specified for admin/admin@HADOOP.COM; defaulting to no policy
Enter password for principal "admin/admin@HADOOP.COM":   {password_used_during_creation}
Re-enter password for principal "admin/admin@HADOOP.COM": {password_used_during_creation}
Principal "admin/admin@HADOOP.COM" created.

Restart kdc

(Centos please adapt accordingly)

# /etc/rc.d/init.d/krb5kdc start

Desired output

Starting Kerberos 5 KDC:                                   [  OK  ]

Restart kadmin

# /etc/rc.d/init.d/kadmin start

Desired output

Starting Kerberos 5 Admin Server:                          [  OK  ]

Now continue with Ambari kerberization wizard using the admin/admin@HADOOP.COM with password earlier set

That should work

Cloudera Community

Support Questions

Error while enabling kerberos on ambari

This problem has been solved!

This problem has been solved!