Support Questions

cjervis · ‎07-15-2015

Hello !

After some work I finished setting up Cloudera + MIT Kerberos + Windows AD.

from linux machine, I'm able to run "kinit ben@WIN-REALM" and then access hadoop or visit namenode webadmin. Of course I did configure SPNEGO on the web browser.

However, after logging in to my windows machine, which authenticate through windows AD, I can't access namenode webadmin which is at http://namenode:50070.

I tried running kinit from CMD but nothing changes.

this is what i get when i visit namenode webadmin.

HTTP ERROR 403

Problem accessing /index.html. Reason:

    GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

what extra configuration do i need to do on windows to access hadoop webadmin page?

thank you!

Ben

Powered by Jetty://

ben123 · ‎09-22-2015

to answer my own question

I need to run this on windows cmd

ksetup /addkdc <REALM> <KDC hostname>
ksetup /addhosttorealmmap <httpFS hostname> <REALM>

and set SPNEGO settings on browser

View solution in original post

ben123 · ‎09-22-2015

to answer my own question

I need to run this on windows cmd

ksetup /addkdc <REALM> <KDC hostname>
ksetup /addhosttorealmmap <httpFS hostname> <REALM>

and set SPNEGO settings on browser

Tomas79 · ‎04-26-2016

I tried the same, run the ksetup but didnt helped.
My computer is not in the AD, the KDC is dedicated to the Hadoop cluster and I try to log into the Solr Web UI.. Using curl from ANY node of the Hadoop cluster works fine, if the user has a ticket. But usiung Chrome or IE fails on Defective tokend detected.

ben123 · ‎04-26-2016

what's the error msg after "Defective tokend detected"?

also make sure all of your Cloudera server has correct /etc/krb5.conf file defined.

zhuw.bigdata · ‎01-05-2017

Same thing happened to me. Used curl on edge node without any issue.

sparamas · ‎06-05-2018

Hi Ben,

I too have similar error from Error 403. So when i tried to add kdc using ksetup from command prompt from my windows machine. Am getting this error

Failed to create Kerberos key: 5 (0x5)
Failed to open Kerberos Key: 0x5
Failed /AddKdc : 0xc0000001

Thanks

sparamas · ‎06-08-2018

Now i could add the KDC to windows. It worked for me.

Thanks

csguna · ‎06-08-2018

You should have MIT client to be installed in the windows

sparamas · ‎07-17-2018

No not required, I didn't install MIT client to my widows machine. It worked for me by adding kerberos realm name and hostname parameteres in the CMD prompt.

sparamas · ‎07-17-2018

By just doing the below has resolved my issue.

I need to run this on windows cmd

ksetup /addkdc <REALM> <KDC hostname>
ksetup /addhosttorealmmap <httpFS hostname> <REALM>

and set SPNEGO settings on browser

Cloudera Community

Support Questions

Kerberos authentication from windows machine?