Created on 10-14-2015 03:24 PM - edited 09-16-2022 02:44 AM
Before a production installation, we are testing the Kerberos install from the Sandbox to the client's Test Active Directory as a dry run. The entries in the KDC portion of the UI allow the "Test KDC Connection" to be successful. But the Kerberos install fails after the "Next" button and a prompt appears asking for the correct Admin name/password combination.
The same connection info, when tried through Apache Directory Studio, gives a "Unable to obtain Principal Name for authentication" error.
The entries being used on the Kerberos setup page.
Created 10-14-2015 03:36 PM
This appears to look correct.
Are we sure the realm name is correct and it is not something like "TCORP.COM"? Realm names are case-sensitive, so make sure the realm name in AD is all uppercase characters. I don't believe that the admin principal or password is trimmed, so make sure no (extra) spaces exist before or after them.
Also, does the admin user have delegated control over the specified LDAP container?
Can you take a look at the Ambari server log to see if any errors are posted there?
Created 10-14-2015 03:36 PM
This appears to look correct.
Are we sure the realm name is correct and it is not something like "TCORP.COM"? Realm names are case-sensitive, so make sure the realm name in AD is all uppercase characters. I don't believe that the admin principal or password is trimmed, so make sure no (extra) spaces exist before or after them.
Also, does the admin user have delegated control over the specified LDAP container?
Can you take a look at the Ambari server log to see if any errors are posted there?
Created 10-15-2015 03:27 PM
We are able to authenticate with the settings from above. We dug further and see an error with creating the principals on the AD side. It looks like the full control over the OU is not in place.