Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Http Error 500 KerberosName$NoMatchingRule

avatar
author-rank julian_blin
Explorer

Created ‎01-22-2018 02:55 PM

Hi,

Since I kerberized my cluster I'm unable to access Solr UI.

When I go to Solr UI I get a "HTTP ERROR 500"

(For confidentiality reason I replaced username / DOMAIN / COM but imagine it exactly as joe@EXAMPLE.COM)

Problem accessing /solr/. Reason : Server Error
	Caused by: 
	org.apache.solr.common.SolrException: Error during request authentication
	[...]
	Caused by
	org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to <username>@<DOMAIN>.<COM>

Any hint ?

Thanks.

10,727 Views
0 Kudos
13 REPLIES 13

avatar
author-rank julian_blin
Explorer

Created ‎02-06-2018 09:53 AM

Hi @Robert Levas
We added the rule :

RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//

And now I am able to successfully work on the terminal :

$ hadoop org.apache.hadoop.security.HadoopKerberosName user@EXAMPLE.COM 

Name: user@EXAMPLE.COM to user

But I still can't access my Solr UI.

When I go to the UI, I get a pop-up asking me for authentication, I type my username and password and I still get :

HTTP ERROR 500
Problem accessing /solr/. Reason:
    Server Error
Caused by:
org.apache.solr.common.SolrException: Error during request authentication, 
	at org.apache.solr.servlet.SolrDispatchFilter.authenticateRequest(SolrDispatchFilter.java:319)
	at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:222)
	at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:208)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
	at org.eclipse.jetty.server.Server.handle(Server.java:499)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
	at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to user@EXAMPLE.COM
	at org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:389)
	at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:378)
	at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:348)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:348)
	at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:507)
	at org.apache.solr.security.KerberosFilter.doFilter(KerberosFilter.java:46)
	at org.apache.solr.security.KerberosPlugin.doAuthenticate(KerberosPlugin.java:144)
	at org.apache.solr.servlet.SolrDispatchFilter.authenticateRequest(SolrDispatchFilter.java:311)
	... 22 more
Caused by:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to user@EXAMPLE.COM
4,735 Views
0 Kudos

avatar
author-rank rlevas
Guru

Created ‎02-06-2018 03:20 PM

@Julian Blin I am not familiar with Solr's configuration options. Where did you set this rule?

Maybe @Olivér Szabó, can chime in on helping to configure.

4,735 Views
0 Kudos

avatar
author-rank rlevas
Guru

Created ‎02-06-2018 03:25 PM

There looks to be a property for Solr that can be used for this. See https://lucene.apache.org/solr/guide/6_6/kerberos-authentication-plugin.html.

solr.kerberos.name.rules

Used to map Kerberos principals to short names. Default value is DEFAULT. Example of a name rule: RULE:[1:$1@$0](.*EXAMPLE.COM)s/@.*//
4,735 Views
0 Kudos

avatar
author-rank oszabo author-rank
Contributor

Created ‎02-06-2018 03:33 PM

@Julian Blin , I think you need to set 'infra-solr-env/infra_solr_kerberos_name_rules' property for using the rules for Solr,

4,735 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements