Support Questions

Find answers, ask questions, and share your expertise

Failed to connect to KDC - Failed to communicate the Active Directory at ldaps://[KDChost]: simple bind failed: [KDChost]:636 Make sure the server's SSL certificate or CA certificates have been imported into Ambari's truststore.

avatar
Contributor

I am trying to enabling Kerberos via Ambari. I entered KDC configuration and tested the KDC connection which confirmed OK. Then I entered kadmin creds. I installed kerberos client and but while testing kerberos client it gives this error:

Failed to connect to KDC - Failed to communicate the Active Directory at ldaps://[KDChost]: simple bind failed: [KDChost]:636 Make sure the server's SSL certificate or CA certificates have been imported into Ambari's truststore.

While configuring active directory on KDC server, I created CA certificate and update the CA trust with my host machine where ambari-server is running and imported the certificate to JAVA. I also setup Ambari truststores and import CA certificate for active directory, following this link -> https://www.ibm.com/support/knowledgecenter/en/SSPT3X_4.2.0/com.ibm.swg.im.infosphere.biginsights.ad...

Can you help me with this error or direct me to the location of detailed logs for this error?

EDIT: I am able to do this successfully 'telnet KDC_host 636'

12 REPLIES 12

avatar
Master Mentor

@Neha G

Here you go !


general.jpg

avatar
Explorer

I am also stuck at this point "Update the KDC settings in krb5-conf and kerberos-env configurations to correct this issue."

Any solution? @Geoffrey Shelton Okot @GN_Exp

avatar
Explorer

This was fixed for me by updating fqdn name to point to domain name by updating /etc/hosts and resolv.conf.