Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Kerberos authentication from windows machine?

Solved Go to solution

Kerberos authentication from windows machine?

Contributor

Hello !

 

After some work I finished setting up Cloudera + MIT Kerberos + Windows AD.

 

from linux machine, I'm able to run "kinit ben@WIN-REALM" and then access hadoop or visit namenode webadmin. Of course I did configure SPNEGO on the web browser.

 

However, after logging in to my windows machine, which authenticate through windows AD, I can't access namenode webadmin which is at http://namenode:50070.

I tried running kinit from CMD but nothing changes.

this is what i get when i visit namenode webadmin.

 

HTTP ERROR 403

Problem accessing /index.html. Reason:

    GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

 

what extra configuration do i need to do on windows to access hadoop webadmin page?

 

thank you!

Ben


Powered by Jetty://

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Kerberos authentication from windows machine?

Contributor

to answer my own question

 

I need to run this on windows cmd

 

ksetup /addkdc <REALM> <KDC hostname>
ksetup /addhosttorealmmap <httpFS hostname> <REALM>

 

and set SPNEGO settings on browser

9 REPLIES 9

Re: Kerberos authentication from windows machine?

Contributor

to answer my own question

 

I need to run this on windows cmd

 

ksetup /addkdc <REALM> <KDC hostname>
ksetup /addhosttorealmmap <httpFS hostname> <REALM>

 

and set SPNEGO settings on browser

Highlighted

Re: Kerberos authentication from windows machine?

Master Collaborator

I tried the same, run the ksetup but didnt helped.
My computer is not in the AD, the KDC is dedicated to the Hadoop cluster and I try to log into the Solr Web UI.. Using curl from ANY node of the Hadoop cluster works fine, if the user has a ticket. But usiung Chrome or IE fails on Defective tokend detected.

Re: Kerberos authentication from windows machine?

Contributor

what's the error msg after "Defective tokend detected"?

 

also make sure all of your Cloudera server has correct /etc/krb5.conf file defined.

Re: Kerberos authentication from windows machine?

Expert Contributor

Same thing happened to me. Used curl on edge node without any issue.

Re: Kerberos authentication from windows machine?

Explorer

Hi Ben,

 

I too have similar error from Error 403. So when i tried to add kdc using ksetup from command prompt from my windows machine. Am getting this error 

 

Failed to create Kerberos key: 5 (0x5)
Failed to open Kerberos Key: 0x5
Failed /AddKdc : 0xc0000001

 

Thanks

 

 

Re: Kerberos authentication from windows machine?

Explorer

Now i could add the KDC to windows. It worked for me. 

 

Thanks

Re: Kerberos authentication from windows machine?

Champion

You should have MIT client to be installed in the windows 

Re: Kerberos authentication from windows machine?

Explorer

No not required, I didn't install MIT client to my widows machine.  It worked for me by adding kerberos realm name and hostname parameteres in the CMD prompt.

Re: Kerberos authentication from windows machine?

Explorer

By just doing the below has resolved my issue.

 

I need to run this on windows cmd

 

ksetup /addkdc <REALM> <KDC hostname>
ksetup /addhosttorealmmap <httpFS hostname> <REALM>

 

and set SPNEGO settings on browser

Don't have an account?
Coming from Hortonworks? Activate your account here