Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Failed to connect to KDC - Failed to communicate with the Active Directory at ldaps

Highlighted

Failed to connect to KDC - Failed to communicate with the Active Directory at ldaps

Explorer

Hi All,


I am getting below error while enabling Kerberos using AD.

Error

400 status code received on POST method for API: /api/v1/clusters/gsp_abo_dev/requests


Error message: Failed to connect to KDC - Failed to communicate with the Active Directory at ldaps://exampleidn01.example.local:636: simple bind failed: exampleidn01.example.local:636

Update the KDC settings in krb5-conf and kerberos-env configurations to correct this issue.

I have followed the steps as per this video as reference: https://www.youtube.com/watch?v=PzRXF6qGrGQ

I did install the certificate in ambari server.

My AD Config:

Domain Name: example.local

OU created for storing keytabs: Service_Account_HDP

User: HDP_Service

Realm Name using in ambari: example.LOCAL

below is my krb5.conf file:

--------------------------------------------------------------------------------------------------

# Configuration snippets may be placed in this directory as well

includedir /etc/krb5.conf.d/


[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log


[libdefaults]

dns_lookup_realm = false

ticket_lifetime = 24h

renew_lifetime = 7d

forwardable = true

rdns = false

pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt

default_realm = EXAMPLEABO.COM

default_ccache_name = KEYRING:persistent:%{uid}


[realms]

EXAMPLEABO.COM = {

kdc = 10.32.83.36

admin_server = 10.32.83.36

}


[domain_realm]

.exampleabo.com = EXAMPLEABO.COM

exampleabo.com = EXAMPLEABO.COM

--------------------------------------------------------------------------------------------------

@Geoffrey Shelton Okot

Please guide me on this.