Support Questions

Find answers, ask questions, and share your expertise

Hive ODBC kerberos SASL(-1): generic failure _ GSSAPI Error

avatar
Contributor

Hi,

 

We have Kerborised Cluster.

 

I'm able to use the Impala ODBC Driver on a Windows Machine, authenticate with a USERNAME  and PASSWORD using SASL.

 

When I try to connect to the Hive ODBC authenticate with Kerberos. I get the following error message:

 

FAILED!

[Microsoft][Hardy] (34) Error from server: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database).

 KDC ODBC Driver Cloudera.PNG

Tried:

KRB5_CONFIG = C:\Program Files\MIT\Kerberos5\krb5.ini

KRB5CCNAME =C:\temp\krb5cache

 

C:\Program Files\MIT\Kerberos5\venkata.keytab

C:\Program Files\MIT\Kerberos5>krb5.ini(config)

[libdefaults]
default_realm = MYKDC.YSTAT.COM
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts aes128-cts
default_tkt_enctypes = aes256-cts aes128-cts
permitted_enctypes = aes256-cts aes128-cts
udp_preference_limit = 1
kdc_timeout = 3000
max_life = 1d
max_renewable_life = 7d
kdc_tcp_ports = 88
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
MYKDC.YSTAT.COM= {
kdc = dc1.MYKDC.YSTAT.COM
admin_server = dc1.MYKDC.YSTAT.COM
max_renewable_life = 7d 0h 0m 0s
default_principal_flags = +renewable
}

 

kdc ticket cloudera.PNG

 

Tried by using different drivers(Simba, Microsoft, Cloudera)Created new users and new keytabs.

 

 

Any ideas on this error?

 

Thanks.

 

 

1 ACCEPTED SOLUTION

avatar
Contributor

It was a problem with KDC admin server has only Private IP.

 

Now I'm able to connect Hive ODBC by using DBeaver.

 

 

Thanks.

View solution in original post

7 REPLIES 7

avatar
Super Guru
You can enable TRACE logging for ODBC driver via "Logging Options" menu, and then you can see what happened on the client side.

Please also check on HS2 log to see what message displays there.

avatar
Contributor

Thanks, @EricL. It was an FQDN issue.

 

And I've changed FQDN From _Host to HiveServer2.

 

Now I get the following error message:

 

FAILED!

[Microsoft][Hardy] (34) Error from server: SSL_connect: unknown protocol.

 

hive odbc issue 2nd rep.PNG

 

We are using Centrifydc and windows server on the same Network. 

 

Any ideas on this error?

 

Thanks again @EricL.

avatar
Contributor

It was a problem with KDC admin server has only Private IP.

 

Now I'm able to connect Hive ODBC by using DBeaver.

 

 

Thanks.

avatar
Super Guru
Glad that issue is now resolved!

avatar
New Contributor

where do we find KDC admin server?How do we find it?

avatar
Community Manager

@cloudd As this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post. Thanks.


Regards,

Diana Torres,
Community Moderator


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:

avatar
New Contributor

You can try by destroying and then cache the kerberos ticket.