Support Questions
Find answers, ask questions, and share your expertise

Kerberos users not showing up in Ranger policy creation UI

Solved Go to solution

Kerberos users not showing up in Ranger policy creation UI

Explorer

I have installed the HDP sandbox HDP-3.0.1.0 (3.0.1.0-187) using Docker and Kerberized the cluster.

 

This works, i can kinit myuser and make an API request to Atlas:

 

 

curl --negotiate -u : sandbox-hdp.hortonworks.com:21000/api/atlas/admin/version

 

 

 

Now I would like to create a Ranger policy that includes my Kerberos user, however the autocomplete for users does not show any of my Kerberos users... I did read this post (https://community.cloudera.com/t5/Support-Questions/Autocompletion-of-names-not-working-in-Ranger/td...), however this problem seems to be slightly different.

 

What do I need to do to make Kerberos users show up in the Ranger policy creation UI?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Kerberos users not showing up in Ranger policy creation UI

Mentor

@RobertCare 

 

You will need to run the Ranger AD user sync  see good  document here https://community.cloudera.com/t5/Community-Articles/Configuring-Ranger-Usersync-with-AD-LDAP-for-a-...

 

To test-run loading User and Group data into Ranger before committing to the changes:

  1. Set ranger.usersync.policymanager.mockrun=true. This parameter can be found in Ambari> Ranger> Configs> Advanced> Advanced ranger-ugsync-site.

  2. View the Users and Groups that will be loaded into Ranger: tail -f /var/log/ranger/usersync/usersync.log.

  3. After confirming that the users and groups are retrieved as intended, set ranger.usersync.policymanager.mockrun=false and restart Ranger Usersync.

    This will sync the users shown in the usersync log to the Ranger database.

HTH 

View solution in original post

2 REPLIES 2

Re: Kerberos users not showing up in Ranger policy creation UI

Mentor

@RobertCare 

 

You will need to run the Ranger AD user sync  see good  document here https://community.cloudera.com/t5/Community-Articles/Configuring-Ranger-Usersync-with-AD-LDAP-for-a-...

 

To test-run loading User and Group data into Ranger before committing to the changes:

  1. Set ranger.usersync.policymanager.mockrun=true. This parameter can be found in Ambari> Ranger> Configs> Advanced> Advanced ranger-ugsync-site.

  2. View the Users and Groups that will be loaded into Ranger: tail -f /var/log/ranger/usersync/usersync.log.

  3. After confirming that the users and groups are retrieved as intended, set ranger.usersync.policymanager.mockrun=false and restart Ranger Usersync.

    This will sync the users shown in the usersync log to the Ranger database.

HTH 

View solution in original post

Re: Kerberos users not showing up in Ranger policy creation UI

Explorer

For some reason I thought that it wasn't necessary to have LDAP in addition to Kerberos. 

 

I went on setting up an LDAP environment and was able to sync users to Ranger. Thanks!