Created on 10-20-2016 12:45 PM - edited 09-16-2022 03:45 AM
I need to use a different AD domain for my Cloudera Managed Hadoop cluster.
Unfortunately I can't get the administrators to give my Hadoop connect user (the one you use when you click on the "Import Kerberos Account Manager Credentials" button) the permissions to create users.
Are there any instructions anywhere on creating those manually and then configuring the cluster to use them?
Thanks.
Created 10-26-2016 06:03 PM
I was able to get my Domain admin to grant delegation on my Hadoop OU, so I didn' thave to do in manually thank goodness.
Created 10-21-2016 04:24 PM
Hi Joe,
Cloudera Manager does support the use case where you generate your own keytabs. Please see:
http://www.cloudera.com/documentation/enterprise/latest/topics/sg_keytab_retrieval_script.html
Essentially:
- AD admins create all the keytabs and they are placed in a location on the Cloudera Manager host
- When Cloudera Manager needs one of the keytabs, the custom retrieval script will locate the keytab, copy it to a temporary location, then import into Cloudera Manager for storage in the Cloudera Manager database.
I hope that helps.
-Ben
Created 10-26-2016 06:03 PM
I was able to get my Domain admin to grant delegation on my Hadoop OU, so I didn' thave to do in manually thank goodness.