Support Questions

Find answers, ask questions, and share your expertise

How to create AD principals manually

avatar
Contributor

I need to use a different AD domain for my Cloudera Managed Hadoop cluster.

 

Unfortunately I can't get the administrators to give my Hadoop connect user (the one you use when you click on the "Import Kerberos Account Manager Credentials" button) the permissions to create users.

 

Are there any instructions anywhere on creating those manually and then configuring the cluster to use them?

 

Thanks.

1 ACCEPTED SOLUTION

avatar
Contributor

I was able to get my Domain admin to grant delegation on my Hadoop OU, so I didn' thave to do in manually thank goodness.

View solution in original post

2 REPLIES 2

avatar
Master Guru

Hi Joe,

 

Cloudera Manager does support the use case where you generate your own keytabs.  Please see:

 

http://www.cloudera.com/documentation/enterprise/latest/topics/sg_keytab_retrieval_script.html

 

Essentially:

 

- AD admins create all the keytabs and they are placed in a location on the Cloudera Manager host

- When Cloudera Manager needs one of the keytabs, the custom retrieval script will locate the keytab, copy it to a temporary location, then import into Cloudera Manager for storage in the Cloudera Manager database.

 

 

I hope that helps.

 

-Ben

avatar
Contributor

I was able to get my Domain admin to grant delegation on my Hadoop OU, so I didn' thave to do in manually thank goodness.