Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

HDP Kerberos enable through Ambari

avatar
author-rank sunilreddykallu
Contributor

Created ‎08-24-2017 10:47 PM

Hi I have 6 node cluster setup as HDP 2.5 and ambari 2.4

Need to enable Kerberos Security:

Steps Did In ambari server :

1.

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.1/bk_security/content/_enabling_kerberos_secu...

2. Yum install Kerberos and clients in all nodes

3. check /etc/krb.conf and checked on all nodes same files and realms

4. checked acl.file and edited and saved and restarted Kdc again

5. Enabling kerberos in ambari it was throwing error in Test Clients:

Error message: An internal system exception occurred: The 'krb5-conf' configuration is not available

500 status codereceived on POST method for API: /api/v1/clusters/Cluster/requests

10,285 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Shelton
Master Mentor

Created ‎08-24-2017 11:53 PM

hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
7,765 Views
0 Kudos
19 REPLIES 19

avatar
author-rank Shelton
Master Mentor

Created ‎08-24-2017 11:11 PM

@Sam Red

Did you create an admin principal? Are the krb5.conf file in /etc/krb5.conf? I just did kerberize a HDP 2.6 an hour ago without any issue what is the OS?

We can quickly resolve that !

6,848 Views
0 Kudos

avatar
author-rank sunilreddykallu
Contributor

Created ‎08-24-2017 11:15 PM

@Geoffrey Shelton Okot Yes I did created principal as admin/admin@host.com and OS is centos 7

6,848 Views
0 Kudos

avatar
author-rank sunilreddykallu
Contributor

Created ‎08-24-2017 11:21 PM

@Geoffrey Shelton Okot If you can share step by step that much heplful to get done.

6,848 Views
0 Kudos

avatar
author-rank Shelton
Master Mentor

Created ‎08-24-2017 11:53 PM

hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
7,766 Views
0 Kudos

avatar
author-rank sunilreddykallu
Contributor

Created ‎08-25-2017 04:58 PM

@Geoffrey Shelton Okot followed all these steps when i am starting Krb5kdc and kadmin I am Getting error like these.

Job for krb5kdc.service failed because the control process exited with error code. See "systemctl status krb5kdc.service" and "journalctl -xe" for details.

6,848 Views
0 Kudos

avatar
author-rank Shelton
Master Mentor

Created ‎08-24-2017 11:54 PM

@Sam Red

There you go !

6,848 Views
0 Kudos

avatar
author-rank sunilreddykallu
Contributor

Created ‎08-25-2017 04:10 PM

Thank You.

6,848 Views
0 Kudos

avatar
author-rank Shelton
Master Mentor

Created ‎08-25-2017 05:38 PM

@Sam Red

if you are root the remove the sudo !

What is the output of

# systemctl status krb5kdc.service

The result should be

# systemctl status krb5kdc.service
● krb5kdc.service - Kerberos 5 KDC
   Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2017-08-24 15:30:12 CEST; 1 day 4h ago
 Main PID: 23781 (krb5kdc)
   CGroup: /system.slice/krb5kdc.service
           └─23781 /usr/sbin/krb5kdc -P /var/run/krb5kdc.pid
Aug 24 15:30:12 bombay.test.com systemd[1]: Starting Kerberos 5 KDC...
Aug 24 15:30:12 bombay.test.com systemd[1]: Started Kerberos 5 KDC

Please let me know

6,848 Views
0 Kudos

avatar
author-rank sunilreddykallu
Contributor

Created ‎08-25-2017 05:56 PM

@Geoffrey Shelton Okot Thank you so much for your help. These are the configs i specified On ambari server

Configs here :

kdc.conf

[kdcdefaults]

kdc_ports = 88

kdc_tcp_ports = 88 [realms]

RELAY.COM = { #master_key_type = aes256-cts

acl_file = /var/kerberos/krb5kdc/kadm5.acl

dict_file = /usr/share/dict/words

admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab


cat kadm5.acl

* /admin@RELAY.COM *


[libdefaults]

renew_lifetime = 7d

forwardable = true default_realm = RELAY.COM

ticket_lifetime = 24h

dns_lookup_realm = false

dns_lookup_kdc = false

default_ccache_name = /tmp/krb5cc_%{uid}

#default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5

#default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5

[logging] default = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log

kdc = FILE:/var/log/krb5kdc.log

[realms]

RELAY.COM =

{ admin_server = RELAY.COM

kdc = IP

kdc = IP

kdc = IP

kdc = IP

kdc = IP

kdc = IP

}

krb5kdc.service - Kerberos 5 KDC

Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; enabled; vendor preset: disabled)

Active: failed (Result: exit-code) since Fri 2017-08-25 10:53:48 PDT; 3s ago

Process: 22602 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid $KRB5KDC_ARGS (code=exited, status=1/FAILURE)

Main PID: 1911 (code=exited, status=0/SUCCESS)

Aug 25 10:53:48 systemd[1]: Starting Kerberos 5 KDC...

Aug 25 10:53:48 krb5kdc[22602]: krb5kdc: cannot initialize realm RELAY.COM - see log file for details

Aug 25 10:53:48 : krb5kdc.service: control process exited, code=exited status=1

Aug 25 10:53:48: Failed to start Kerberos 5 KDC.

Aug 25 10:53:48 Unit krb5kdc.service entered failed state.

Aug 25 10:53:48 krb5kdc.service failed.

6,848 Views
0 Kudos
webinar banner
Announcements
Community Announcements
CommunityOverCode Asia 2024 will be held in Hangzhou from Ju...
What's New @ Cloudera
Apache Flink is Now Generally Available in the Cloudera Stre...
Product Announcements
[ANNOUNCE] Cloudera Data Services 1.5.4 on Private Cloud Rel...
What's New @ Cloudera
Run your Apache NiFi and Apache Kafka workloads on Kubernete...
What's New @ Cloudera
Cloudera DataFlow now powers GenAI pipelines and supports ch...
View More Announcements
meetups banner