Created 12-11-2018 12:14 PM
I have setup kerberos and enabled in Ambari successfully on one environment but while trying the same on another environment I am facing issue while enabling kerberos. I have tried to store credentials using keytool, Rest API, checked kerberos descriptors but no luck. what else is left to check?
PFA,
Created 12-21-2018 02:30 PM
All,
Thanks for your response. I found the root cause of the issue. Ambari was using its master's key in KDC admin credentials that is why it was giving "Missing KDC administrator credentials. Please enter admin principal and password". So I have removed that crendential file (PFA for this) and issue has been solved.
For others, you may need to keep ambari master key and KDC admin creds same, because that file is required at the time of ambari-server restart (if you have configured jceks).
PFA,
Created 12-17-2018 05:38 PM
Find attached the tokenized version of my files.
Created 12-18-2018 04:10 AM
Ok.
You can check files which I have already attached in above comments. Absolute path of files are /etc/hosts, /etc/krb5.conf, /etc/krbkdc/kadm5.acl, /etc/krb5kdc/kdc.conf
PFA,
Created 12-18-2018 09:56 AM
The values look correct, I guess you are running ubuntu that's why the path differs a bit from my centos ! Can you start the equivalent of these services and retry
service krb5kdc start service kadmin start
Can you share the screenshot of the parameters you are using in the Enabling kerberos wizard ?
Created 12-20-2018 04:39 AM
Created 12-20-2018 07:33 PM
Now can you proceed with the kerberization check the 2 screenshots attached ensure your input values are correct.
Please revert
Created 12-21-2018 07:09 AM
All,
Thanks for your response. I found the root cause of this issue in my case, Ambari was using Ambari master key for KDC admin credentials which was present at /var/lib/ambari-server/keys/credentials.jceks. I have taken backup of it and was able to work on 'Enable kerberos through Ambari UI'.
But that previous file is required at the time of ambari-server restart. So need to keep ambari-master key same as KDC admin key (password).
PFA,
Created 12-21-2018 02:30 PM
All,
Thanks for your response. I found the root cause of the issue. Ambari was using its master's key in KDC admin credentials that is why it was giving "Missing KDC administrator credentials. Please enter admin principal and password". So I have removed that crendential file (PFA for this) and issue has been solved.
For others, you may need to keep ambari master key and KDC admin creds same, because that file is required at the time of ambari-server restart (if you have configured jceks).
PFA,