Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Impala after Kerberos hybrid AD/IPA

Labels:
Vinn
Explorer

Created on ‎12-19-2019 07:26 AM - last edited on ‎12-19-2019 08:08 AM by Community Manager Community Manager

Hi everyone,

 

I've a cluster with a FreeIPA as Idm server in trust relation with AD.

 

For policy we have to create the service principals in a AD OU, so i've initialized kerberos in AD scenario.

 

Everithing works but not Impala.

 

More in deep, i've got problem with the statestore, it seems to reverse principals name to AD sAMAccountName.

....

3:02:35.618 PM INFO cc:113 TAcceptQueueServer: Caught TException: SASL(-13): authentication failure: Unable to find a callback: 32775

3:02:38.629 PM INFO cc:420 Kerberos principal should be of the form: <service>/<hostname>@<realm> - got: hsoCjEqvNJ@REALM.MASK

....

there is a way to force impala to not canonicalize the principals ?

 

CDH 5.16.1

CM 6.13.1

 

Thanks in advance,

Ivan

400 Views
0 Kudos
Tags (2)
1 REPLY 1

Vinn
Explorer

Created ‎12-20-2019 04:02 AM

Hi,

 

Adding new informations,

 

On impala deamons logs  i can see that impala is using sAMAccountName as short username:

 

3:03:00.473 PM INFO cc:362 Logged in from keytab as impala/MASK_HOSTNAME@RELAM.MASK(short username hsoCjEqvNJ@realm.mask)

3:03:00.474 PM INFO cc:866 Kerberos ticket granted to impala/MASK_HOSTNAME@RELAM.MASK
3:03:00.474 PM INFO cc:730 Using external kerberos principal "impala/MASK_HOSTNAME@RELAM.MASK"

 

375 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Community Announcements
March 2023 Community Highlights
What's New @ Cloudera
Cloudera DataFlow Designer for self-service data flow development is now generally available to all CDP Public Cloud customers
What's New @ Cloudera
Cloudera Operational Database (COD) UI provides the JWT configuration details to connect to your HBase client
What's New @ Cloudera
Cloudera Operational Database (COD) UI allows storage type selection when creating an operational database
What's New @ Cloudera
Release of Cloudera Streaming Analytics (CSA) 1.9.0 for CDP 7.1.7 SP2 & CDP 7.1.8
View More Announcements