Support Questions

gharpure_amol1 · ‎07-27-2018

Hi ,

I am currently facing this issue when I'm trying to execute the acceptSecContext() method.

Is this because RC4 with HMAC has been depreciated?

Shelton · ‎07-27-2018

Can you share your krb5.conf?

Is your domain configured and nslookup <hostname> is working verify that your /etc/resolv.conf is well configured?

Ensure JCE is installed on the Ambari Server.

gharpure_amol1 · ‎08-02-2018

Hi , I have added the krb5.conf file

gharpure_amol1 · ‎07-30-2018

krb5.conf looks like this

[libdefaults]

ticket_lifetime = 10

default_realm = TEST.GLOBAL.AD

default_keytab_name = file:///C:/Windows/myKeytab.kettab

dns_lookup_realm = false

dns_lookup_kdc = true

default_tkt_enctypes = rc4-hmac

default_tgs_enctypes = rc4-hmac

permitted_enctypes = rc4-hmac

udp_perference_limit = 0

default_principal_flags = +renewable

[realms]

MISYS.GLOBAL.AD = { kdc = (AD IP) }

[appdefaults]

autologin = true

forward = true

forwardable = true

encrypt = true

benhadoop · ‎07-31-2018

Did you authenticate using Keytabs or using a password-based kinit?

Could you please send the result of "klist" and "klist -kte <keytab-file>"

gharpure_amol1 · ‎07-31-2018

password-based kinit is used.

The output of the klist -kte mykey.keytab :-

Key tab: myKey.keytab, 1 entry found.

[1] Service principal: HTTP/xyz@myCom.global.ad

KVNO: 4

rlevas · ‎07-31-2018

myCom.global.ad is an invalid realm. The realm needs to be all uppercase characters, like MYCOM.GLOBAL.AD

gharpure_amol1 · ‎08-02-2018

yes that was by mistake. The Realm name is as per you mentioned. But still i am facing this issue. Is this a configuration error or something else ?

GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)