Hi ,
I am trying to setup Kerberos on HA enabled cluster , using Ambari GUI
GUI keep on saying : "Invalid KDC administrator credentials. Please enter admin principal and password."
ambari-server.log , show below error message
Jul 2017 19:43:25,469 ERROR [ambari-client-thread-34] KerberosHelperImpl:1861 - Cannot validate credentials: org.apache.ambari.server.serveraction.kerberos.KerberosAdminAuthenticationException: Invalid KDC administrator credentials. The KDC administrator credentials must be set as a persisted or temporary credential resource.This may be done by issuing a POST (or PUT for updating) to the /api/v1/clusters/:clusterName/credentials/kdc.admin.credential API entry point with the following payload: { "Credential" : { "principal" : "(PRINCIPAL)", "key" : "(PASSWORD)", "type" : "(persisted|temporary)"} } } 13 Jul 2017 19:43:25,469 ERROR [ambari-client-thread-34] BaseManagementHandler:67 - Bad request received: Invalid KDC administrator credentials. The KDC administrator credentials must be set as a persisted or temporary credential resource.This may be done by issuing a POST (or PUT for updating) to the /api/v1/clusters/:clusterName/credentials/kdc.admin.credential API entry point with the following payload: { "Credential" : { "principal" : "(PRINCIPAL)", "key" : "(PASSWORD)", "type" : "(persisted|temporary)"} } }
AS per the : https://community.hortonworks.com/articles/42927/adding-kdc-administrator-credentials-to-the-ambari.... , I successfully implemented belwo steps.
1) ambari-server setup-security
2) curl -H "X-Requested-By:ambari" -u admin:admin -X POST -d '{ "Credential" : { "principal" : "kadmin", "key" : "kadmin", "type" : "persisted" } }' http://ambari01.dev.dataquest.com:8080/api/v1/clusters/dev_cluster/credentials/kdc.admin.credential
3) curl -H "X-Requested-By:ambari" -u admin:admin -X GET http://ambari01.dev.dataquest.com:8080/api/v1/clusters/dev_cluster/credentials/kdc.admin.credential
Still having the problem
Below are my input in Ambari / Kerberos GUI setup
KDC HOST : kdc.dev.dataquest.com
Realm Name : DEV.DATAQUEST.COM
LDAP URL : ldaps://dev.dataquest.com:636
Container DN : OU=service-accounts,OU=core,dc=dev,dc=dataquest,dc=com
Domains: dev.dataquest.com,.dev.dataquest.com
Kadmin Host : kdc.dev.dataquest.com
Admin principal: kadmin
Admin password : kadmin
***********
I also tried with Admin principle as kadmin@DEV.DATAQUEST.COM . Still no luck.
ldapsearch : command wokrs fine
Can you please suggest the resolution
Thanks
Naveen