Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Generate keytabs after change LDAP BIND USER password in LDAP

Solved Go to solution

Generate keytabs after change LDAP BIND USER password in LDAP

New Contributor

Hi,

 

We changed the password in the domain, and then in the cloudera manager.

But after restart, regenerate keytabs doesn't run. We have the next error:

---------------------------------------------------------------------------
Generate Missing Credentials

/usr/share/cmf/bin/gen_credentials_ad.sh failed with exit code 1 and output of <<
+ export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ KEYTAB_OUT=/var/run/cloudera-scm-server/cmf6374473708191204515.keytab
+ PRINC=hbase/server0004.company.corp@.COMPANY.CORP
+ USER=edh_zyUDoxOiFI
+ PASSWD=REDACTED
+ DELETE_ON_REGENERATE=false
+ SET_ENCRYPTION_TYPES=false
+ ENC_TYPES_MASK=4
+ USERACCOUNTCONTROL=66048
+ ACCOUNTEXPIRES=0
+ OBJECTCLASSES='objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
'
+ DIST_NAME=CN=edh_zyUDoxOiFI,OU=services,OU=users,OU=edh,OU=hadoop,DC=company,DC=corp
+ '[' -z /etc/krb5.conf ']'
+ echo 'Using custom config path '\''/etc/krb5.conf'\'', contents below:'
+ cat /etc/krb5.conf
+ SIMPLE_PWD_STR=
+ '[' '' = '' ']'
+ kinit -k -t /var/run/cloudera-scm-server/cmf1000316718995056834.keytab U12345@COMPANY.CORP
kinit: Preauthentication failed while getting initial credentials

>>

---------------------------------------------------------------------------

 

please, could you help us?

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Generate keytabs after change LDAP BIND USER password in LDAP

New Contributor

Hi, we could solve it. We only had to "Import Kerberos Account Manager Credentials".

 

Thanks.

1 REPLY 1
Highlighted

Re: Generate keytabs after change LDAP BIND USER password in LDAP

New Contributor

Hi, we could solve it. We only had to "Import Kerberos Account Manager Credentials".

 

Thanks.

Don't have an account?
Coming from Hortonworks? Activate your account here