Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Isilon User Mapping Rules with CDP / Kerberos

avatar
author-rank larsfrancke
Explorer

Created ‎03-13-2023 01:25 AM

We're trying to install CDP 7.1.7 on Isilon with OneFS 8.2.2

 

We found several documents that we tried to follow:

 

- https://infohub.delltechnologies.com/section-assets/h18730-dell-emc-powerscale-onefs-cdp-private-bas...

- https://dl.dell.com/content/docu92689_PowerScale_OneFS_HDFS_Reference_Guide.pdf?language=en_US&sourc...

- https://infohub.delltechnologies.com/l/powerscale-onefs-user-mapping-mapping-identities-across-authe...

 

And more....

We also used the isilon hadoop tools and found a few bugs which we provided Pull Requests for (https://github.com/Isilon/isilon_hadoop_tools/pull/105 & https://github.com/Isilon/isilon_hadoop_tools/pull/106 ) so it seems as if thas hasn't been used in a while.

 

We were able to finish the basic setup but we do have issues creating the proper User Mapping Rules.

The docs say:

"You cannot use a user principal name in a user mapping rule. A user principal name (UPN) is an Active Directory domain and username that are combined into an Internet-style name with an @ sign, like an email address: jane@example.com.

If you include a UPN in a rule, the mapping service ignores it and might return an error."

 

Unfortunately, something doesn't quite work.

Cloudera Manager automatically created all users in Active Directory for us which means that an impala user could end up having the name "cloudera_xnTfsrendtr" in Active Directory. It does have the correct UPN set ("impala@...") but the UPN can't be used in a mapping.

 

This means for us that we have to create User Mapping Rules for all users manually which "join" the identities and maps one of those auto-generated users to real ones "cloudera_xnTfsrendtr" -> impala.

 

That is very cumbersome and the CDP / Isilon install docs don't mention this at all.

Are there updated docs anywhere/does anyone have notes on this/done this recently?

657 Views
0 Kudos
2 REPLIES 2

avatar
author-rank steven-matison author-rank
Guru

Created ‎03-13-2023 07:18 AM

@larsfrancke Unfortunately I do not have the exact solution or information you need.  However,  I do have multiple customers whom have gotten their CDP on Isilon kerberized and in production.   There were some tickets on our support side leading through the kerberos setup, but the specific technical solution came from Dell's side since this is supported solution for Isilon.  My recommendation is to work with Cloudera Support to see if they have suggestions, and then work with Dell Support coming out of that.   Your Cloudera account team and Dell Partner should have access to deeper resources if both support's cannot resolve.

623 Views
0 Kudos

avatar
author-rank larsfrancke
Explorer

Created ‎03-13-2023 08:10 AM

Thank you!

We've engaged Dell but it's been .... slow 🙂

I'll ask my customer to reach out to Cloudera Support as well, that's a good idea.

620 Views
0 Kudos
webinar banner
Announcements
Community Announcements
April 2024 Community Highlights
Community Announcements
January 2024 Community Highlights
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
View More Announcements
meetups banner