I've a cluster with a FreeIPA as Idm server in trust relation with AD.
For policy we have to create the service principals in a AD OU, so i've initialized kerberos in AD scenario.
Everithing works but not Impala.
More in deep, i've got problem with the statestore, it seems to reverse principals name to AD sAMAccountName.
3:02:35.618 PM INFO cc:113 TAcceptQueueServer: Caught TException: SASL(-13): authentication failure: Unable to find a callback: 32775
3:02:38.629 PM INFO cc:420 Kerberos principal should be of the form: <service>/<hostname>@<realm> - got: hsoCjEqvNJ@REALM.MASK
there is a way to force impala to not canonicalize the principals ?
Thanks in advance,
Adding new informations,
On impala deamons logs i can see that impala is using sAMAccountName as short username:
3:03:00.473 PM INFO cc:362 Logged in from keytab as impala/MASK_HOSTNAME@RELAM.MASK(short username hsoCjEqvNJ@realm.mask)