Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

External authentication with AD and Cloudera Manager 5

avatar
author-rank petibonvm
Explorer

Created on ‎08-15-2014 10:44 AM - edited ‎09-16-2022 02:05 AM

Hi,

 

I tried to configure external authentication with AD on CDM5 but it' failed, i've the following errors into cloudera-scm-server.log file :

 

2014-08-15 19:26:43,229  INFO [1244120161@scm-web-5:ad.ActiveDirectoryLdapAuthenticationProvider@183] Active Directory authentication failed: Supplied password was invalid
2014-08-15 19:26:43,232  INFO [1244120161@scm-web-5:cmf.CmfLdapAuthenticationProvider@107] LDAP/AD authentication failure for administrateur@dg.local
2014-08-15 19:26:43,243  INFO [1244120161@scm-web-5:cmf.AuthenticationFailureEventListener@19] Authentication failure for user: administrateur@dg.local

 

Here is my configuration :

 

ad_error.jpg

 

I've sucessfully configured kerberos AD authentication for all hadoop services but just for cdm not !

 

Could you please help me ?

 

regards.

 

9,347 Views
0 Kudos
2
1 ACCEPTED SOLUTION

avatar
author-rank Grizzly author-rank
Master Collaborator

Created on ‎12-24-2014 08:59 AM - edited ‎12-24-2014 09:00 AM

Here is a screenshot of a working configuration.

 

undefined

View solution in original post

8,980 Views
0
7 REPLIES 7

avatar
author-rank Goodmorning
New Contributor

Created ‎11-13-2014 08:31 PM

 

documentaion : http://www.cloudera.com/content/cloudera/en/documentation/core/latest/topics/cm_sg_external_auth.htm...

 

Configuring Authentication Using Active Directory

 

 

undefined

 

 

 

 

 

 

undefined

 

I'm also have this problem. 

Problem was solved? 

9,029 Views
0 Kudos

avatar
author-rank petibonvm
Explorer

Created ‎12-24-2014 04:35 AM

yes thank you for your reply.

8,983 Views
0 Kudos

avatar
author-rank Grizzly author-rank
Master Collaborator

Created on ‎12-24-2014 08:59 AM - edited ‎12-24-2014 09:00 AM

Here is a screenshot of a working configuration.

 

undefined

8,981 Views
0

avatar
author-rank nkumari
Contributor

Created ‎09-09-2015 03:33 PM

Used Grizzly's screenshot as reference and was able to set External authentication with Active directory.

But running into this error for ONLY ONE user. Any ideas on how to troubleshoot this?

Created new post as I was not sure if this was still active.

Thanks!

8,643 Views
0 Kudos

avatar
author-rank Fawze
Master Collaborator

Created ‎02-23-2017 08:18 PM

Hi,

 

Is it planned to add this ability to the express cloudera manager version? is there any similar thing i can do woth the express version?

7,512 Views
0 Kudos

avatar
author-rank bgooley author-rank
Master Guru

Created ‎02-25-2017 08:24 AM

@Fawze,

 

Currently, LDAP authentication for Cloudera Manager is only available in Cloudera Enterprise as outlined here:

 

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_ig_feature_differences.html

 

If you wish to discuss licensing options with Sales, the following form can be used:

 

https://www.cloudera.com/contact-sales.html

 

Ben

 

 

7,455 Views
0 Kudos

avatar
author-rank bgooley author-rank
Master Guru

Created ‎02-25-2017 08:16 AM

@nkumari,

 

For the one user, what message are you seeing, exactly, in the UI when they try to log in?

Since Active Directory authentication will concatenate the username provided in the UI with an '@' character and then the domain you specified to form a userPrincipalName.

 

For example, if you login with 'myname' and your "Active Directory NT Domain" configuration in Cloudera Manager is "example.com" then the userPrincipalName used to authenticate to AD is:

 

myname@example.com

 

This works most of the time, but it will fail if the login string used does not match the left part of the user's userPrincipalName attribute in Active Directory.  Sometimes the userPrincipalName shortname (left of the '@' sign) does not match the sAMAccountName that users often use as their login.

 

I'd check to the value the user who can't login is using as their username and see if the userPrincipalName that it generates in for authentication matches the userPrincipalName that exists for that user in their AD object.

 

The problem could be something else, but the issue I described is something we have see from time to time.

 

The remedy, then would be to use LDAP as the external authenitication method.

 

 

7,457 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements