Created 03-03-2022 02:55 AM
F0303 09:59:04.650674 32117 catalogd-main.cc:87] Couldn't open transport for hostname:11423 (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database))
I have used a customized service name for impala, can we do that? if not how can we achieve it?
principal - impala_<some text>@hostname@Domain
Created 03-21-2022 11:43 PM
Have you updated the properties below for *all* the Impala service roles (ID, catalog and statestore)?
Cheers,
André
--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Created 03-21-2022 11:47 PM
Hi,
everything works fine for "impala" service name. but I will try and let you know. Thank you very much.
Thanks,
Panduka.
Created 03-21-2022 08:32 PM
@araujo
i do not know where else to configure this customized service name for impala services.
Created 03-22-2022 10:34 AM
I have feeling that your kerberos principle doesn't exist on the KDC server. On the statestore server can you try running "kinit impala_test/<host_fqdn>@<REALM>". If you get prompt for password that indicate your principle is exist on KDC server. If you get error (not found in kerberos database) when you kinit, that indicate your principle doesn't exist on the KDC server.
If the kinit works from catalog server, then most likely on statestore you are using different KDC server. In this case may be you should check your /etc/krb5.conf to make sure there are match.
rgds,
Ram.
Created 03-23-2022 03:31 AM
Hi Ram,
kinit works fine in both of the servers as expected and no difference in krb5.conf files as well.
Thanks,
Panduka.
Created 03-23-2022 03:37 AM
Created 03-24-2022 05:17 PM
The KDC does not need to connect to Impala servers.
Do you happen to have multiple realms in your environment with cross-realm trust configured between them?
Could you please run the below commands and share the output?
kinit <your_user>
kvno impala/<host_fqdn>@<REALM>
kvno impala_test/<host_fqdn>@<REALM>
Cheers,
André
--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Created 03-25-2022 04:18 AM
OMG!!
kinit <user> - works fine
kvno impala/<host fqdn> - works fine
but,
kvno impala_test/<host fqdn> - not working !!!
kvno: Server not found in Kerberos database while getting credentials for impala_test/<host fqdn>@domain
Created 03-25-2022 04:20 AM
and additionally ,
what does this kvno command do?
when i kinit relavant keytab for impala_test/<host fqdn>@domain. it works fine. but kvno command does not.
Created 03-25-2022 05:43 AM
Please check the servicePrincipalName (SPN) property of the AD user. It should be impala_test/<host>@realm.
André