Support Questions

Find answers, ask questions, and share your expertise

Kerberos issue

avatar
Contributor

Hi ,

I am enabling kerberos in newly build cluster but getting below error while enabling kerberos. Please help. 

 /opt/cloudera/cm/bin/import_credentials.sh failed with exit code 1 and output of <<
+ export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
+ PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
+ KEYTAB_OUT=/var/run/cloudera-scm-server/cmf7540304403722920693.keytab
+ USER=USERNAME-REDACTED
+ passwd=BUNDLE-REDACTED KVNO=1
+ SLEEP=0
+ RHEL_FILE=/etc/redhat-release
+ '[' -f /etc/redhat-release ']'
+ set +e
+ grep Tikanga /etc/redhat-release
+ '[' 1 -eq 0 ']'
+ '[' 0 -eq 0 ']'
+ grep 'CentOS release 5' /etc/redhat-release
+ '[' 1 -eq 0 ']'
+ '[' 0 -eq 0 ']'
+ grep 'Scientific Linux release 5' /etc/redhat-release
+ '[' 1 -eq 0 ']'
+ set -e
+ '[' -z /var/run/cloudera-scm-server/krb55731547516040010178.conf ']'
+ echo 'Using custom config path '\''/var/run/cloudera-scm-server/krb55731547516040010178.conf'\'', contents below:'
+ cat /var/run/cloudera-scm-server/krb55731547516040010178.conf
+ IFS=' '
+ read -a ENC_ARR
+ for ENC in '"${ENC_ARR[@]}"'
+ ktutil
+ echo 'addent -password -p USERNAME-REDACTED -k 1 -e aes128-cts'
+ '[' 0 -eq 1 ']'
+ echo PASSWORD-REDACTED
+ echo 'wkt /var/run/cloudera-scm-server/cmf7540304403722920693.keytab'
+ chmod 600 /var/run/cloudera-scm-server/cmf7540304403722920693.keytab
+ kinit -k -t /var/run/cloudera-scm-server/cmf7540304403722920693.keytab USERNAME-REDACTED
+ '[' true '!=' true ']'
++ mktemp /tmp/cm_ldap.XXXXXXXX
+ LDAP_CONF=/tmp/cm_ldap.KGP7XTd0
+ echo 'TLS_REQCERT never'
+ echo 'sasl_secprops minssf=0,maxssf=0'
+ export LDAPCONF=/tmp/cm_ldap.KGP7XTd0
+ LDAPCONF=/tmp/cm_ldap.KGP7XTd0
+ set +e
+ ldapsearch -LLL -H ldaps://Hostname****.jan313.hs.com:636 -b CN=testpoc,OU=bigdata,DC=JAN313,DC=HS,DC=COM userPrincipalName=USERNAME-REDACTED
/opt/cloudera/cm/bin/import_credentials.sh: line 84: ldapsearch: command not found
+ '[' 127 -ne 0 ']'
+ echo 'ldapsearch did not work with SASL authentication. Trying with simple authentication'
+ ldapsearch -LLL -H ldaps://hostaname.jan313.hs.com:636 -b CN=testpoc,OU=bigdata,DC=JAN313,DC=HS,DC=COM -x -D USERNAME-REDACTED -w PASSWORD-REDACTED userPrincipalName=USERNAME-REDACTED
/opt/cloudera/cm/bin/import_credentials.sh: line 87: ldapsearch: command not found
+ '[' 127 -ne 0 ']'
+ echo 'Failed to do ldapsearch.'
+ echo 'Please make sure Active Directory configuration is correctly specified and LDAP over SSL is enabled.'
+ exit 1

2 REPLIES 2

avatar
Contributor

Hi,
Error is ldapsearch: command not found

Make sure ldapsearch command installed on your node. 

avatar
Explorer

You need to install openldap-clients Linux package, which includes ldapsearch tool.

 

yum install openldap-clients

 

You should also pay attention to this documentation while you are enabling the Kerberos.  

https://docs.cloudera.com/documentation/enterprise/6/6.3/topics/cm_sg_intro_kerb.html#xd_583c10bfdbd...