Created on 05-13-2019 08:48 AM - edited 08-17-2019 03:28 PM
Hello
I receive an error while enabling kerberos on ambari as below;
i have installed krb5-kdc krb5-admin-server and config krb5.conf, kdc.conf and kadm5.acl then created new principle (as attached)
Note when i wrote the realm name in the kdc file in uppercase letter i got an error while using kadmin.local
master key cannot be fetch, it only works in lowercase letter
Also when i try to restart the krb5 services, it said service can't be found although it is running so i restart the server instead
Last thing when i installed krb5-kdc krb5-admin-server the /var/kerberos folder didn't create automatically and i had to create it manually.
Please help me solve this issue, thank you in advanced.
Created 05-13-2019 07:04 PM
Want to get a detailed solution you have to login/registered on the community
Register/LoginCreated 05-13-2019 12:21 PM
It seems like the user that runs the kadmin process does not have access to write to the backing database... or the backing data is locked by some other process. Take a look at the permission on the database file and make sure the permissions are set properly.
Created 05-13-2019 12:44 PM
hello robert, thank you so much for your reply, im new in working on this so can you please let me know the steps to do for checking if the permissions are set properly or not on the database
Created 05-13-2019 07:04 PM
Want to get a detailed solution you have to login/registered on the community
Register/LoginCreated 05-14-2019 03:15 AM
Hello Geoffrey Shelton, thank you so much for your reply, i will follow your steps and if there any issue will refer back to you.
Created 05-14-2019 08:53 PM
Created on 05-16-2019 05:49 AM - edited 08-17-2019 03:28 PM
Hello Geoffrey Shelton Okot
I followed all the steps that you sent to me and entered same ambari wizard configuration as you said but now the ambari wizard keeps asking for the admin principal and password, i have not created any principal manually as you mentioned in your reply.
i couldn't open the attached pdf files you sent to me access forbidden.
Note: I'm working on VM and my hostname -f is ubuntu, is this will make any changes on the domain_realm or it will be as it is
.hadoop.com = HADOOP.COM
hadoop.com =HADOOP.COM
attached is my new /etc/krb5kdc/krb5.conf kdc.conf and kadm5.acl
Created 05-16-2019 06:20 AM
That's good news the principal admin should be admin/admin@HADOOP.COM and the password is the magic password you used when creating the Kerberos database. You must have gotten a warning saying keep the password safely 🙂
Please proceed and revert!
Created 05-16-2019 07:57 AM
Yes im using admin/admin@HADOOP.COM as my principal admin and the password i have created but it still keep asking me for principal admin and password
Created 05-16-2019 09:12 AM
Can you capture and share your screenshot?
Firstly can you ensure your kdc and kadmin are started?
Did you run this step? If not please do that while logged in as root, the output should look like below
# kadmin.local -q "addprinc admin/admin"
Desired output
Authenticating as principal root/admin@HADOOP.COM with password. WARNING: no policy specified for admin/admin@HADOOP.COM; defaulting to no policy Enter password for principal "admin/admin@HADOOP.COM": {password_used_during_creation} Re-enter password for principal "admin/admin@HADOOP.COM": {password_used_during_creation} Principal "admin/admin@HADOOP.COM" created.
Restart kdc
(Centos please adapt accordingly)
# /etc/rc.d/init.d/krb5kdc start
Desired output
Starting Kerberos 5 KDC: [ OK ]
Restart kadmin
# /etc/rc.d/init.d/kadmin start
Desired output
Starting Kerberos 5 Admin Server: [ OK ]
Now continue with Ambari kerberization wizard using the admin/admin@HADOOP.COM with password earlier set
That should work