Support Questions

Find answers, ask questions, and share your expertise
Celebrating as our community reaches 100,000 members! Thank you!

Knox SSO - Shiro unable to login

New Contributor

I am trying to configure Knox 0.12 on HDP 2.6.1 for Active Directory authentication, based on Hortonworks documentation and community forum reference


On advance admin topology, configured necessary parameters based on above document and when i execute curl statement, getting "HTTP/1.1 403 Forbidden" error. When i checked the gateway.log, Computed userDn and Computed roles/groups are proper and matches with my LDAP setup. But then it is errors out and couldn't find where it fails.


On KnoxSSO topology, i am using userDnTemplate where sAMAccountName is referred (sAMAccountName={0},ou=Accounts,...)

This fails with error

2018-05-25 10:09:30,022 INFO hadoop.gateway ( - Could not login: org.apache.shiro.authc.UsernamePasswordToken - <sAMAccountName>

2018-05-25 10:09:30,023 ERROR hadoop.gateway ( - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]

Appreciate the community help for the steps to fix the issue



I am having the same error. Any help will be appreciated.

Rising Star

it might be too late but I'll give a shoot 

in "userDnTemplate where sAMAccountName is referred (sAMAccountName={0},ou=Accounts,...)" 

if you on AD check if your users DN start with "CN" not sAMAccount, as sAMAccount is just the login name.