Failed to connect to KDC - Failed to communicate with the Active Directory at LDAP://hq.domain.com/OU=Production,OU=domain,DC=hq,DC=domain,DC=com: simple bind failed: hq.domain.com:389
Update the KDC settings in krb5-conf and kerberos-env configurations to correct this issue.
The KDC Test Connection passes just fine, I can see expected network traffic between my domain controller and the Ambari server. The only main difference is that I'm not using SSL on AD. I figure this should be fine and Ambari can just use the plaintext 389 port. I realize this is a security concern but I have no way around this right now. I don't have control over this area of our domain setup. Could this be my issue?
Any help appreciated. Thanks.
EDIT: I was able to successfully parse AD using the ldapsearch tool using the same DN and LDAP url that I'm specifying. Also with the same admin user.
Hi @rguruvannagari thanks for the reply.
I just confirmed with my AD guy that our AD is not set up for SSL at all. I was able to parse AD using the ldapsearch tool using the same DN and ldap url I'm specifying. I'll keep trying different DN's
@lraheja I did not go through the ambari-server setup-ldap steps, I must've gone past this some how. After configuring this and restarting Ambari the LDAP tests seem to be getting further but are now just timing out.
My krb5.conf is not configured at all, it's the default conf file. I assumed Ambari was going to configure this through the wizard, is that not the case?
In addition to this, when enabling Kerberos against an Active Directory, LDAPS must be used rather than LDAP since Active Directory requires a secure connection to set or update account password - and Ambari needs to set or update the passwords for the Kerberos identity accounts it manages.