Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Invalid KDC administrator credentials

Labels:
avatar
author-rank naveensangam
Contributor

Created on ‎07-13-2017 08:39 PM - last edited on ‎10-25-2019 09:22 AM by Community Manager Community Manager

Hi ,

I am trying to setup Kerberos on HA enabled cluster , using Ambari GUI

GUI keep on saying : "Invalid KDC administrator credentials. Please enter admin principal and password."

ambari-server.log , show below error message

Jul 2017 19:43:25,469 ERROR [ambari-client-thread-34] KerberosHelperImpl:1861 - Cannot validate credentials: org.apache.ambari.server.serveraction.kerberos.KerberosAdminAuthenticationException: Invalid KDC administrator credentials. The KDC administrator credentials must be set as a persisted or temporary credential resource.This may be done by issuing a POST (or PUT for updating) to the /api/v1/clusters/:clusterName/credentials/kdc.admin.credential API entry point with the following payload: { "Credential" : { "principal" : "(PRINCIPAL)", "key" : "(PASSWORD)", "type" : "(persisted|temporary)"} } } 13 Jul 2017 19:43:25,469 ERROR [ambari-client-thread-34] BaseManagementHandler:67 - Bad request received: Invalid KDC administrator credentials. The KDC administrator credentials must be set as a persisted or temporary credential resource.This may be done by issuing a POST (or PUT for updating) to the /api/v1/clusters/:clusterName/credentials/kdc.admin.credential API entry point with the following payload: { "Credential" : { "principal" : "(PRINCIPAL)", "key" : "(PASSWORD)", "type" : "(persisted|temporary)"} } }

AS per the : https://community.hortonworks.com/articles/42927/adding-kdc-administrator-credentials-to-the-ambari.... , I successfully implemented belwo steps.

1) ambari-server setup-security

2) curl -H "X-Requested-By:ambari" -u admin:admin -X POST -d '{ "Credential" : { "principal" : "kadmin", "key" : "kadmin", "type" : "persisted" } }' http://ambari01.dev.dataquest.com:8080/api/v1/clusters/dev_cluster/credentials/kdc.admin.credential

3) curl -H "X-Requested-By:ambari" -u admin:admin -X GET http://ambari01.dev.dataquest.com:8080/api/v1/clusters/dev_cluster/credentials/kdc.admin.credential

Still having the problem

Below are my input in Ambari / Kerberos GUI setup

KDC HOST : kdc.dev.dataquest.com

Realm Name : DEV.DATAQUEST.COM

LDAP URL : ldaps://dev.dataquest.com:636

Container DN : OU=service-accounts,OU=core,dc=dev,dc=dataquest,dc=com

Domains: dev.dataquest.com,.dev.dataquest.com

Kadmin Host : kdc.dev.dataquest.com

Admin principal: kadmin

Admin password : kadmin

***********

I also tried with Admin principle as kadmin@DEV.DATAQUEST.COM . Still no luck.

ldapsearch : command wokrs fine

Can you please suggest the resolution

Thanks

Naveen

11,628 Views
0 Kudos
0
10 REPLIES 10

avatar
author-rank bkandalkar
Contributor

Created ‎11-28-2018 07:06 AM

@naveen sangam, I am also facing same issue. Have you resolved it?

Please suggest.

3,483 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements