Support Questions

Find answers, ask questions, and share your expertise

Invalid KDC administrator credentials

avatar
Contributor

Hi ,

I am trying to setup Kerberos on HA enabled cluster , using Ambari GUI

GUI keep on saying : "Invalid KDC administrator credentials. Please enter admin principal and password."

ambari-server.log , show below error message

Jul 2017 19:43:25,469 ERROR [ambari-client-thread-34] KerberosHelperImpl:1861 - Cannot validate credentials: org.apache.ambari.server.serveraction.kerberos.KerberosAdminAuthenticationException: Invalid KDC administrator credentials. The KDC administrator credentials must be set as a persisted or temporary credential resource.This may be done by issuing a POST (or PUT for updating) to the /api/v1/clusters/:clusterName/credentials/kdc.admin.credential API entry point with the following payload: { "Credential" : { "principal" : "(PRINCIPAL)", "key" : "(PASSWORD)", "type" : "(persisted|temporary)"} } } 13 Jul 2017 19:43:25,469 ERROR [ambari-client-thread-34] BaseManagementHandler:67 - Bad request received: Invalid KDC administrator credentials. The KDC administrator credentials must be set as a persisted or temporary credential resource.This may be done by issuing a POST (or PUT for updating) to the /api/v1/clusters/:clusterName/credentials/kdc.admin.credential API entry point with the following payload: { "Credential" : { "principal" : "(PRINCIPAL)", "key" : "(PASSWORD)", "type" : "(persisted|temporary)"} } }

AS per the : https://community.hortonworks.com/articles/42927/adding-kdc-administrator-credentials-to-the-ambari.... , I successfully implemented belwo steps.

1) ambari-server setup-security

2) curl -H "X-Requested-By:ambari" -u admin:admin -X POST -d '{ "Credential" : { "principal" : "kadmin", "key" : "kadmin", "type" : "persisted" } }' http://ambari01.dev.dataquest.com:8080/api/v1/clusters/dev_cluster/credentials/kdc.admin.credential

3) curl -H "X-Requested-By:ambari" -u admin:admin -X GET http://ambari01.dev.dataquest.com:8080/api/v1/clusters/dev_cluster/credentials/kdc.admin.credential

Still having the problem

Below are my input in Ambari / Kerberos GUI setup

KDC HOST : kdc.dev.dataquest.com

Realm Name : DEV.DATAQUEST.COM

LDAP URL : ldaps://dev.dataquest.com:636

Container DN : OU=service-accounts,OU=core,dc=dev,dc=dataquest,dc=com

Domains: dev.dataquest.com,.dev.dataquest.com

Kadmin Host : kdc.dev.dataquest.com

Admin principal: kadmin

Admin password : kadmin

***********

I also tried with Admin principle as kadmin@DEV.DATAQUEST.COM . Still no luck.

ldapsearch : command wokrs fine

Can you please suggest the resolution

Thanks

Naveen

10 REPLIES 10

avatar
Contributor

@naveen sangam, I am also facing same issue. Have you resolved it?

Please suggest.