Hi,
I'm not sure if this is in the correct Board/Topic....but I wasn't sure which board to post into.
We have setup a Kerberized CDH cluster (CDH 5.9.0) via the CM Security -> Kerberos Wizard and have the cluster communicating with an MS Active Directory pair for LDAP/Kerberos etc
No issues there.
I have setup a client node that has the following services installed:
- HDFS HttpFS
- Hive Gateway
- HiveServer2
- Hive WebHCat Server
- Hue Server
- Hue Kerberos Ticket Renewer
- Oozie Server
- Spark Gateway
- Sqoop 2 Server
- YARN (MR2 Included) Gateway
When I try and access HDFS after generating a kerberos TGT for my principal "dreeves", it works, but I cannot then use HDFS...
Please see below.
Any advice and assistance anyone could provide would be great !
[root@{obfuscated-machinename}-ecli001~]# su - dreeves@{obfuscated-domain}.COM.AU
Last login: Thu Jan 26 06:04:01 AEDT 2017 on pts/1
id: cannot find name for group ID 33600512
Kerberos kinit seems OK:
[dreeves@{obfuscated-domain}@{obfuscated-machinename}]$ kinit dreeves@{obfuscated-domain}.COM.AU
Password for dreeves@{obfuscated-domain}.COM.AU: {obfuscated-password}
Kerberos klist seems OK:
[dreeves@{obfuscated-domain}@{obfuscated-machinename}]$ klist
Ticket cache: FILE:/tmp/krb5cc_33601114
Default principal: dreeves@{obfuscated-realm}.COM.AU
Valid starting Expires Service principal
01/27/2017 08:27:18 01/27/2017 18:27:18 krbtgt/{obfuscated-domain}.COM.AU@{obfuscated-realm}.COM.AU
renew until 02/03/2017 08:27:07
But HDFS commands have issues:
[dreeves@{obfuscated-domain}@{obfuscated-machinename}]$ hdfs dfs -ls /
Thanks,
Damion.
