Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Kinit :Cannot find KDC for realm "EXAMPLE.COM"

avatar
author-rank jimfrank324
Explorer

Created on ‎03-21-2017 07:02 AM - edited ‎09-16-2022 04:17 AM

First time i use EXAMPLE.COM as default KDC princple;

Install and Test Kerberos Client in

Enable Kerberos Wizard is ok

when i change it to MY.COM,it goes wrong at "

Test Kerberos Client", the fllowing is error details

stderr: /var/lib/ambari-agent/data/errors-2221.txt

Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py", line 81, in <module>
    KerberosServiceCheck().execute()
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 280, in execute
    method(env)
  File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py", line 64, in service_check
    user=params.smoke_user
  File "/usr/lib/python2.6/site-packages/resource_management/core/base.py", line 155, in __init__
    self.env.run()
  File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 160, in run
    self.run_action(resource, action)
  File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 124, in run_action
    provider_action()
  File "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py", line 273, in action_run
    tries=self.resource.tries, try_sleep=self.resource.try_sleep)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 70, in inner
    result = function(command, **kwargs)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 92, in checked_call
    tries=tries, try_sleep=try_sleep)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 140, in _call_wrapper
    result = _call(command, **kwargs_copy)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 293, in _call
    raise ExecutionFailed(err_msg, code, out, err)
resource_management.core.exceptions.ExecutionFailed: Execution of '/usr/bin/kinit -c /var/lib/ambari-agent/tmp/kerberos_service_check_cc_7189cb12a737530410cb3eaec88c4e01 -kt /etc/security/keytabs/kerberos.service_check.032117.keytab hadoop-032117@EXAMPLE.COM' returned 1. kinit: Cannot find KDC for realm "EXAMPLE.COM" while getting initial credentials

stdout: /var/lib/ambari-agent/data/output-2221.txt

Performing kinit using hadoop-032117@EXAMPLE.COM
2017-03-21 14:56:15,166 - Execute['/usr/bin/kinit -c /var/lib/ambari-agent/tmp/kerberos_service_check_cc_7189cb12a737530410cb3eaec88c4e01 -kt /etc/security/keytabs/kerberos.service_check.032117.keytab hadoop-032117@EXAMPLE.COM'] {'user': 'ambari-qa'}
2017-03-21 14:56:15,231 - File['/var/lib/ambari-agent/tmp/kerberos_service_check_cc_7189cb12a737530410cb3eaec88c4e01'] {'action': ['delete']}

Command failed after 1 tries

34,480 Views
0 Kudos
5 REPLIES 5

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎03-21-2017 08:03 AM

@Elvis Zhang

Please check your "krb5.conf" file if it is pointing the correct KDC host & Realm? The default on you can find in "/etc/krb5.conf" on the hosts.

Also as you mentioned that you changed the realm name , so after that did you regenerate the keytabs?

Ambari UI --> Admin (Tab) --> Kerberos --> "Regenerate Keytabs"

Else the existing keytabs might be having old references. Still if it does not work then "Disable and then Enable" Kerberos should take care of this. But i guess regenerating keytabs should be ok.

21,416 Views
0 Kudos

avatar
author-rank jimfrank324
Explorer

Created ‎03-21-2017 09:31 AM

Kerberos didn't sucess, there no "Regenerate Keytabs". i don't know how to regenrate hte keytabs?

21,416 Views
0 Kudos

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎03-21-2017 09:38 AM

@Elvis Zhang

If it is fresh cluster then "Disable Kerberos" and "Enable Kerberos" should be of. Do you see those buttons present ? If those are also not present then it means that the kerberos installation is not yes completed to finalize stage. In that case you can close the current kerberos wizard (if it is already opened and then try enabling kerberos freshly)

21,416 Views
0 Kudos

avatar
author-rank jimfrank324
Explorer

Created ‎03-21-2017 09:52 AM

yes i checked "/etc/krb5.conf", again ,nothing wrong ,from error text ,it means "*.keytabs" file used old "EXAMPLE.COM", I don't know how to update or rebuild the keytabs?

21,416 Views
0 Kudos

avatar
author-rank jimfrank324
Explorer

Created ‎03-21-2017 09:35 AM

when i delete file 

/etc/security/keytabs/kerberos.service_check.032117.keytab

another error occured like this:

stderr: /var/lib/ambari-agent/data/errors-2362.txt

Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py", line 81, in <module>
    KerberosServiceCheck().execute()
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 280, in execute
    method(env)
  File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py", line 72, in service_check
    raise Fail(err_msg)
resource_management.core.exceptions.Fail: Failed to execute kinit test due to principal or keytab not found or available

stdout: /var/lib/ambari-agent/data/output-2362.txt

Command failed after 1 tries
21,416 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements