Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

External authentication with AD and Cloudera Manager 5

avatar
author-rank petibonvm
Explorer

Created on ‎08-15-2014 10:44 AM - edited ‎09-16-2022 02:05 AM

Hi,

 

I tried to configure external authentication with AD on CDM5 but it' failed, i've the following errors into cloudera-scm-server.log file :

 

2014-08-15 19:26:43,229  INFO [1244120161@scm-web-5:ad.ActiveDirectoryLdapAuthenticationProvider@183] Active Directory authentication failed: Supplied password was invalid
2014-08-15 19:26:43,232  INFO [1244120161@scm-web-5:cmf.CmfLdapAuthenticationProvider@107] LDAP/AD authentication failure for administrateur@dg.local
2014-08-15 19:26:43,243  INFO [1244120161@scm-web-5:cmf.AuthenticationFailureEventListener@19] Authentication failure for user: administrateur@dg.local

 

Here is my configuration :

 

ad_error.jpg

 

I've sucessfully configured kerberos AD authentication for all hadoop services but just for cdm not !

 

Could you please help me ?

 

regards.

 

8,908 Views
0 Kudos
2
1 ACCEPTED SOLUTION

avatar
author-rank Grizzly author-rank
Master Collaborator

Created on ‎12-24-2014 08:59 AM - edited ‎12-24-2014 09:00 AM

Here is a screenshot of a working configuration.

 

Settings_-_Cloudera_Manager.png

View solution in original post

8,562 Views
7 REPLIES 7

avatar
author-rank Goodmorning
New Contributor

Created ‎11-13-2014 08:31 PM

 

documentaion : http://www.cloudera.com/content/cloudera/en/documentation/core/latest/topics/cm_sg_external_auth.htm...

 

Configuring Authentication Using Active Directory

 

 

set.png

 

 

 

 

 

 

ploblem.png

 

I'm also have this problem. 

Problem was solved? 

8,611 Views
0 Kudos

avatar
author-rank petibonvm
Explorer

Created ‎12-24-2014 04:35 AM

yes thank you for your reply.

8,565 Views
0 Kudos

avatar
author-rank Grizzly author-rank
Master Collaborator

Created on ‎12-24-2014 08:59 AM - edited ‎12-24-2014 09:00 AM

Here is a screenshot of a working configuration.

 

Settings_-_Cloudera_Manager.png

8,563 Views

avatar
author-rank nkumari
Contributor

Created ‎09-09-2015 03:33 PM

Used Grizzly's screenshot as reference and was able to set External authentication with Active directory.

But running into this error for ONLY ONE user. Any ideas on how to troubleshoot this?

Created new post as I was not sure if this was still active.

Thanks!

8,225 Views
0 Kudos

avatar
author-rank Fawze
Master Collaborator

Created ‎02-23-2017 08:18 PM

Hi,

 

Is it planned to add this ability to the express cloudera manager version? is there any similar thing i can do woth the express version?

7,094 Views
0 Kudos

avatar
author-rank bgooley author-rank
Master Guru

Created ‎02-25-2017 08:24 AM

@Fawze,

 

Currently, LDAP authentication for Cloudera Manager is only available in Cloudera Enterprise as outlined here:

 

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_ig_feature_differences.html

 

If you wish to discuss licensing options with Sales, the following form can be used:

 

https://www.cloudera.com/contact-sales.html

 

Ben

 

 

7,037 Views
0 Kudos

avatar
author-rank bgooley author-rank
Master Guru

Created ‎02-25-2017 08:16 AM

@nkumari,

 

For the one user, what message are you seeing, exactly, in the UI when they try to log in?

Since Active Directory authentication will concatenate the username provided in the UI with an '@' character and then the domain you specified to form a userPrincipalName.

 

For example, if you login with 'myname' and your "Active Directory NT Domain" configuration in Cloudera Manager is "example.com" then the userPrincipalName used to authenticate to AD is:

 

myname@example.com

 

This works most of the time, but it will fail if the login string used does not match the left part of the user's userPrincipalName attribute in Active Directory.  Sometimes the userPrincipalName shortname (left of the '@' sign) does not match the sAMAccountName that users often use as their login.

 

I'd check to the value the user who can't login is using as their username and see if the userPrincipalName that it generates in for authentication matches the userPrincipalName that exists for that user in their AD object.

 

The problem could be something else, but the issue I described is something we have see from time to time.

 

The remedy, then would be to use LDAP as the external authenitication method.

 

 

7,039 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements