Support Questions

Find answers, ask questions, and share your expertise

Failed to enable Kerberos using Direct Active Directory using CDH 5.9.0

avatar
Expert Contributor

Reference:

 
My question is how to configure AD OU admin user. This user has to have permissions to modify LDAP also. I just can't find anything on this. I got permission denied on ldapadd when generating the keytabs. Could someone help me on how to set this user up in both AD domain  and AD LDAP?
1 ACCEPTED SOLUTION

avatar
Expert Contributor

Found this useful link:

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s3_cm_principal.html

 

If you are using Active Directory:

  1. Create an Organizational Unit (OU) in your AD setup where all the principals used by your CDH cluster will reside.
  2. Add a new user account to Active Directory, for example, <username>@YOUR-REALM.COM. The password for this user should be set to never expire.
  3. Use AD's Delegate Control wizard to allow this new user to Create, Delete and Manage User Accounts.

View solution in original post

1 REPLY 1

avatar
Expert Contributor

Found this useful link:

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s3_cm_principal.html

 

If you are using Active Directory:

  1. Create an Organizational Unit (OU) in your AD setup where all the principals used by your CDH cluster will reside.
  2. Add a new user account to Active Directory, for example, <username>@YOUR-REALM.COM. The password for this user should be set to never expire.
  3. Use AD's Delegate Control wizard to allow this new user to Create, Delete and Manage User Accounts.