Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hive ODBC kerberos SASL(-1): generic failure _ GSSAPI Error

SOLVED Go to solution

Hive ODBC kerberos SASL(-1): generic failure _ GSSAPI Error

Explorer

Hi,

 

We have Kerborised Cluster.

 

I'm able to use the Impala ODBC Driver on a Windows Machine, authenticate with a USERNAME  and PASSWORD using SASL.

 

When I try to connect to the Hive ODBC authenticate with Kerberos. I get the following error message:

 

FAILED!

[Microsoft][Hardy] (34) Error from server: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database).

 KDC ODBC Driver Cloudera.PNG

Tried:

KRB5_CONFIG = C:\Program Files\MIT\Kerberos5\krb5.ini

KRB5CCNAME =C:\temp\krb5cache

 

C:\Program Files\MIT\Kerberos5\venkata.keytab

C:\Program Files\MIT\Kerberos5>krb5.ini(config)

[libdefaults]
default_realm = MYKDC.YSTAT.COM
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts aes128-cts
default_tkt_enctypes = aes256-cts aes128-cts
permitted_enctypes = aes256-cts aes128-cts
udp_preference_limit = 1
kdc_timeout = 3000
max_life = 1d
max_renewable_life = 7d
kdc_tcp_ports = 88
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
MYKDC.YSTAT.COM= {
kdc = dc1.MYKDC.YSTAT.COM
admin_server = dc1.MYKDC.YSTAT.COM
max_renewable_life = 7d 0h 0m 0s
default_principal_flags = +renewable
}

 

kdc ticket cloudera.PNG

 

Tried by using different drivers(Simba, Microsoft, Cloudera)Created new users and new keytabs.

 

 

Any ideas on this error?

 

Thanks.

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Hive ODBC kerberos Centrify : GSSAPI Error and SSL_connect: unknown protocol

Explorer

It was a problem with KDC admin server has only Private IP.

 

Now I'm able to connect Hive ODBC by using DBeaver.

 

 

Thanks.

4 REPLIES 4

Re: Hive ODBC kerberos SASL(-1): generic failure _ GSSAPI Error

Guru
You can enable TRACE logging for ODBC driver via "Logging Options" menu, and then you can see what happened on the client side.

Please also check on HS2 log to see what message displays there.

Re: Hive ODBC kerberos Centrify : GSSAPI Error and SSL_connect: unknown protocol

Explorer

Thanks, @EricL. It was an FQDN issue.

 

And I've changed FQDN From _Host to HiveServer2.

 

Now I get the following error message:

 

FAILED!

[Microsoft][Hardy] (34) Error from server: SSL_connect: unknown protocol.

 

hive odbc issue 2nd rep.PNG

 

We are using Centrifydc and windows server on the same Network. 

 

Any ideas on this error?

 

Thanks again @EricL.

Re: Hive ODBC kerberos Centrify : GSSAPI Error and SSL_connect: unknown protocol

Explorer

It was a problem with KDC admin server has only Private IP.

 

Now I'm able to connect Hive ODBC by using DBeaver.

 

 

Thanks.

Highlighted

Re: Hive ODBC kerberos Centrify : GSSAPI Error and SSL_connect: unknown protocol

Guru
Glad that issue is now resolved!