I see that you use Active DIrecyory
Did you use the below property?
2016-02-10 14:38:33,237 ERROR [HiveServer2-Handler-Pool: Thread-51]: transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error validating LDAP user [Caused by javax.naming.Authe nticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1^@]]]
The error means that hive on startup tried to authenticate with a user but it's credentials are not correct. My guess is that the hive which is running on local user "hive" is trying to authenticate using this user (hive) and it doesn't exist on LDAP.
Theoretically if i will create "hive" user in my LDAP i guess it will work. The problem is that i'm not sure what it's password is....
I created "hive" user in LDAP with the same password as in my linux machine that runs hive. Still problem remains. Every minute repeatedly the hiveserver2.log shows: LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, There must be someone out there who managed to get hive authentication with Active Directory...
Hi @Adija1 .
Have you hever managed to find out where to indicate username and password for hiveserver2 to be able to auth against Ad LDAP ?
I currently have this error:
As described in the docs:
If you're using AD you should also define a custom hive-site property hive.server2.authentication.ldap.Domain
If you're using OpenLDAP you should also define a custom hive-site property hive.server2.authentication.ldap.baseDN
Also make sure to force HiveServer2 to restart in Ambari. Go to the host(s) running HS2, and use the drop-down next to HiveServer2 to 'Restart' which will push the new configs. There was an Ambari bug that would mark all other Hive components for restart, but NOT HS2, even when it's required, and the "Restart All Affected" will NOT push new HS2 configs in that case.
@Alex Miller Hi Alex and thank you for your reply. I did add the hive.server2.authentication.ldap.Domain property with my domain name, and i'm configuring everything while HIVE is completely shutdown - so it's definitely not a restart problem. What i don't understand is where do i setup the user that is in charge of authentication against AD ? Where is the manager dn value located ? Maybe it's also a custom value ?