Support Questions
Find answers, ask questions, and share your expertise

LDAP: error code 49 when setting LDAP auth for HiveServer2

Solved Go to solution
Highlighted

Re: LDAP: error code 49 when setting LDAP auth for HiveServer2

Expert Contributor

@Neeraj Sabharwal Disregard the HUE error. It is probably because of old version of HUE that doesn't support LDAP. But still beeline doesn't work and i get the same error you get...

Re: LDAP: error code 49 when setting LDAP auth for HiveServer2

Rising Star

I see that you use Active DIrecyory

 

Did you use the below property?

 

+++

<property>

<name>hive.server2.authentication.ldap.Domain</name>

<value>AD_Domain</value>

</property>

+++

Highlighted

Re: LDAP: error code 49 when setting LDAP auth for HiveServer2

Expert Contributor
@Neeraj Sabharwal

Not exactly.

2016-02-10 14:38:33,237 ERROR [HiveServer2-Handler-Pool: Thread-51]: transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error validating LDAP user [Caused by javax.naming.Authe nticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1^@]]]

Highlighted

Re: LDAP: error code 49 when setting LDAP auth for HiveServer2

Expert Contributor

@Neeraj Sabharwal

The error means that hive on startup tried to authenticate with a user but it's credentials are not correct. My guess is that the hive which is running on local user "hive" is trying to authenticate using this user (hive) and it doesn't exist on LDAP.

Theoretically if i will create "hive" user in my LDAP i guess it will work. The problem is that i'm not sure what it's password is....

Highlighted

Re: LDAP: error code 49 when setting LDAP auth for HiveServer2

@Adi Jabkowsky I though so because I am using openladap

49, 52e = invalid cred

Highlighted

Re: LDAP: error code 49 when setting LDAP auth for HiveServer2

Expert Contributor

@Neeraj Sabharwal I will reset it's password and create this user in my LDAP. Will update on the result.

Highlighted

Re: LDAP: error code 49 when setting LDAP auth for HiveServer2

Expert Contributor

@Neeraj Sabharwal

I created "hive" user in LDAP with the same password as in my linux machine that runs hive. Still problem remains. Every minute repeatedly the hiveserver2.log shows: LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, There must be someone out there who managed to get hive authentication with Active Directory...

Highlighted

Re: LDAP: error code 49 when setting LDAP auth for HiveServer2

New Contributor

Hi  @Adija1 .

 

Have you hever managed to find out where to indicate username and password for hiveserver2 to be able to auth against Ad LDAP ?

 

I currently have this error:

 

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580]
 
But I have nowhere in Hive config (Ambari 3.1) to say what user and password to use, and even though this question has been asked at least twice on this post, no one answered...

View solution in original post

Highlighted

Re: LDAP: error code 49 when setting LDAP auth for HiveServer2

As described in the docs:

If you're using AD you should also define a custom hive-site property hive.server2.authentication.ldap.Domain

If you're using OpenLDAP you should also define a custom hive-site property hive.server2.authentication.ldap.baseDN

Also make sure to force HiveServer2 to restart in Ambari. Go to the host(s) running HS2, and use the drop-down next to HiveServer2 to 'Restart' which will push the new configs. There was an Ambari bug that would mark all other Hive components for restart, but NOT HS2, even when it's required, and the "Restart All Affected" will NOT push new HS2 configs in that case.

Highlighted

Re: LDAP: error code 49 when setting LDAP auth for HiveServer2

Expert Contributor

@Alex Miller Hi Alex and thank you for your reply. I did add the hive.server2.authentication.ldap.Domain property with my domain name, and i'm configuring everything while HIVE is completely shutdown - so it's definitely not a restart problem. What i don't understand is where do i setup the user that is in charge of authentication against AD ? Where is the manager dn value located ? Maybe it's also a custom value ?

Don't have an account?