Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

​MIT Kerberos client Ticket initialization failing to get ticket from HDP 2.6.4/Ambari Kerberized

avatar
author-rank tuppu11
New Contributor

Created on ‎07-20-2018 04:28 AM - edited ‎09-16-2022 06:29 AM

Hi,

I have HDP 2.6.4 sandbox, most of the services like HDFS, HIVE etc kerberized and test connection on Ranger also works. But using MIT Kerberos client on my Windows, get ticket is failing with an error "Ticket initialization failed. Kerberos 5: Cannot contact any KDC for requested realm(error -1765328228)".

I have provided Principal as "hive/sandbox-hdp.hortonworks.com@HDFSCLUSTER.COM" Using putty and ssh port 2222, I can see "172.17.0.2 sandbox-hdp.hortonworks.com sandbox-hdp" in /etc/hosts file. But this host sandbox-hdp.hortonworks.com as well as the ip 172.17.0.2 is not pingable from my Windows:

C:\Windows\System32>ping 172.17.0.2 Pinging 172.17.0.2 with 32 bytes of data:

Reply from 122.181.1.205: Destination host unreachable.

Reply from 122.181.1.205: Destination host unreachable.

Reply from 122.181.1.205: Destination host unreachable.

Request timed out.

I think the hostname in the principal is not pingable and hence failing to get the ticket. I am trying to troubleshoot this problem for the past couple of days. I am not sure what I am missing, anyone please help me.

Thanks ,

Tulasi

3,327 Views
0 Kudos
3 REPLIES 3

avatar
author-rank JonathanSneep
Guru

Created ‎07-20-2018 07:39 AM

@Tulasi Uppu

Are you using the IP address that you've seen via docker inspect? Try the ip visible via docker-machine ls
And also be sure to check that windows firewall isn't preventing your access 🙂

Let me know if that solves your issue or if you have more questions! If this has helped, please take a moment to login and mark this answer as accepted!

2,841 Views
0 Kudos

avatar
author-rank tuppu11
New Contributor

Created ‎07-20-2018 09:38 AM

@Jonathan Sneep

Thanks for the comment.

When I login using putty ssh port:22 I get an IP (/etc/hosts) and I am able to ping this IP.

But if I login using ssh port:2222, I get an another IP (/etc/hosts) 172.17.0.2 and this is not pingable.

I am not sure how HDP sandbox giving two different IPs. I also tried by changing the IP 172.17.0.2 to the working one but when I restart the system, then HDP reverting back to 172.17.0.2.

Any thoughts please share.

Thanks,

Tulasi

2,841 Views
0 Kudos

avatar
author-rank JonathanSneep
Guru

Created ‎07-20-2018 09:56 AM

There are indeed 2 addresses, the sandbox is Centos which has an IP, and in centos there is a docker image running HDP which has another IP. From windows itself, ports on the docker image are forwarded and accessible via localhost. Ex when your sandox is up, you could access 127.0.0.1:8888 via a browser. Similarly port 2222 should also be forwarded to be accessible through localhost/127.0.0.1.

2,841 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements