Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Kerberos setup Ambari 2.4 and HDP 2.5 fails (simple bind failure) but KDC test passes.

avatar
Contributor

Hello, I'm receiving this error:

Failed to connect to KDC - Failed to communicate with the Active Directory at LDAP://hq.domain.com/OU=Production,OU=domain,DC=hq,DC=domain,DC=com: simple bind failed: hq.domain.com:389
Update the KDC settings in krb5-conf and kerberos-env configurations to correct this issue.

I've been following this guide: https://www.ibm.com/support/knowledgecenter/SSPT3X_4.2.0/com.ibm.swg.im.infosphere.biginsights.admin... as well as the HDP documentation on this. I'm doing the automated kerberos wizard.

JCE has been distributed to all of the nodes, I'm using Oracle JDK 1.8.

Attached is the full stack trace: kerberos-stack.txt

The KDC Test Connection passes just fine, I can see expected network traffic between my domain controller and the Ambari server. The only main difference is that I'm not using SSL on AD. I figure this should be fine and Ambari can just use the plaintext 389 port. I realize this is a security concern but I have no way around this right now. I don't have control over this area of our domain setup. Could this be my issue?

Any help appreciated. Thanks. EDIT: I was able to successfully parse AD using the ldapsearch tool using the same DN and LDAP url that I'm specifying. Also with the same admin user.

1 ACCEPTED SOLUTION

avatar
Contributor

I suffered the exact same issue of:

Caused by: java.net.SocketException: Connection reset

Logs giving nothing away, just constant refusal to connect to ldap://ad.mydomain.com:389 despite confirming LDAP was working on the same host using ldapsearch.

Anyway, I decided to test with LDAPS (following https://community.hortonworks.com/articles/60186/hdf-20-use-ambari-to-enable-kerberos-for-hdf-clust-..., and using exactly the same values for my config it worked.

View solution in original post

12 REPLIES 12

avatar
Contributor

do you alternate material available since following https://community.hortonworks.com/articles/60186/hdf-20-use-ambari-to-enable-kerberos-for-hdf-clust-...is unavailable?

avatar
Contributor

I also facing the same issue as started in the above blog; can someone pls advise me urgently

thank you support:)

avatar
Master Mentor

@Rakesh Kumar

The thread you are referring too was closed. I doubt whether members attend to old threads I advise you to open a new thread and possibly attach the logs at times errors differ.

Please do that !!