Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search

NameNode and Yarn and Storm and HBase UI Cannot Accessed.

Highlighted

Re: NameNode and Yarn and Storm and HBase UI Cannot Accessed.

jsensharma
Super Mentor

Created ‎01-05-2017 07:53 AM

@Zhao Chaofeng

Looks like your Browser side kerberos configuration is not done properly. Like setting "network.negotiate-auth.trusted-uris" in Firefox? And Enabled firefox to use native gsslib for authentication.

- Just to validate the same, can you try the same from Non Browser environment (Terminal) to see if it works. 

klist -kt /etc/security/keytabs/spnego.service.keytab
kinit -kt /etc/security/keytabs/spnego.service.keytab <Principal> 
klist 
curl --negotiate -u:<anyuser> "http://$<Host_Name>:$<Port>/webhdfs/v1/user/?op=LISTSTATUS"

.

Reply
302 Views
0 Kudos
Highlighted

Re: NameNode and Yarn and Storm and HBase UI Cannot Accessed.

amazon20062007
Contributor

Created ‎01-05-2017 08:05 AM

root@bigdata013 ~]# klist -kt /etc/security/keytabs/spnego.service.keytab Keytab name: FILE:/etc/security/keytabs/spnego.service.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 1 2017-01-05T15:38:34 HTTP/bigdata013.example.com@EXAMPLE.COM 1 2017-01-05T15:38:34 HTTP/bigdata013.example.com@EXAMPLE.COM 1 2017-01-05T15:38:34 HTTP/bigdata013.example.com@EXAMPLE.COM 1 2017-01-05T15:38:34 HTTP/bigdata013.example.com@EXAMPLE.COM 1 2017-01-05T15:38:34 HTTP/bigdata013.example.com@EXAMPLE.COM [root@bigdata013 ~]# kinit -kt /etc/security/keytabs/spnego.service.keytab admin/admin@EXAMPLE.COM kinit: Keytab contains no suitable keys for admin/admin@EXAMPLE.COM while getting initial credentials [root@bigdata013 ~]# kinit -kt /etc/security/keytabs/spnego.service.keytab HTTP/bigdata013.example.com@EXAMPLE.COM [root@bigdata013 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: HTTP/bigdata013.example.com@EXAMPLE.COM Valid starting Expires Service principal 2017-01-05T15:58:59 2017-01-06T15:58:59 krbtgt/EXAMPLE.COM@EXAMPLE.COM [root@bigdata013 ~]# curl --negotiate -u:<anyuser> "http://bigdata013.example.com:50070/webhdfs/v1/user/?op=LISTSTATUS"" > ^C [root@bigdata013 ~]# curl --negotiate -u:<anyuser> "http://bigdata013.example.com:50070/webhdfs/v1/user/?op=LISTSTATUS" -bash: anyuser: No such file or directory [root@bigdata013 ~]# curl --negotiate -u:hdfs "http://bigdata013.example.com:50070/webhdfs/v1/user/?op=LISTSTATUS" {"FileStatuses":{"FileStatus":[ {"accessTime":0,"blockSize":0,"childrenNum":0,"fileId":16388,"group":"hdfs","length":0,"modificationTime":1483600754705,"owner":"ambari-qa","pathSuffix":"ambari-qa","permission":"770","replication":0,"storagePolicy":0,"type":"DIRECTORY"} ]}}

Hi, above is the result.

Reply
302 Views
0 Kudos
Highlighted

Re: NameNode and Yarn and Storm and HBase UI Cannot Accessed.

jsensharma
Super Mentor

Created ‎01-05-2017 08:58 AM

@Zhao Chaofeng

As through command line using the "--negotiate" option you are able to access the same "webhdfs", So this is god enough to isolate the issue. Your browser needs to be setup with the negotiation as mentioned earlier Like setting "network.negotiate-auth.trusted-uris" in Firefox?

Reply
302 Views
0 Kudos
Highlighted

Re: NameNode and Yarn and Storm and HBase UI Cannot Accessed.

amazon20062007
Contributor

Created ‎01-05-2017 09:04 AM

Yes, I configure it in firefox, but it response:

HTTP ERROR 403
Problem accessing /index.html. Reason: 
    GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
Powered by Jetty://
Reply
302 Views
0 Kudos
Highlighted

Re: NameNode and Yarn and Storm and HBase UI Cannot Accessed.

jsensharma
Super Mentor

Created ‎01-05-2017 09:18 AM

@Zhao Chaofeng

1. In your Browser (firefox) config "about:config" seacch for the property "network.auth.use-sspi" and change the property to "false".

2. Also please check if network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris set to correct domain.

.

Reply
302 Views
0 Kudos
Highlighted

Re: NameNode and Yarn and Storm and HBase UI Cannot Accessed.

amazon20062007
Contributor

Created ‎01-05-2017 09:52 AM

My operation system is Ubuntu. I follow your step, but my firefox return resutl is

HTTP ERROR 401

Problem accessing /index.html. Reason:

    Authentication required

Powered by Jetty://

Reply
302 Views
0 Kudos

Re: NameNode and Yarn and Storm and HBase UI Cannot Accessed.

roy_cse
New Contributor

Created ‎05-11-2018 05:42 PM

@Zhao Chaofeng

Were you able to solve this. I am facing the same problem in firefox.

Reply
302 Views
0 Kudos
Don't have an account?
Register
Announcements
Product Announcements
[ANNOUNCE] New Cloudera Machine Learning Runtimes are available on CML and CDSW 1.9
Product Announcements
[ANNOUNCE] New Cloudera JDBC 2.6.23 Driver for Apache Impala Released
Product Announcements
[ANNOUNCE] New Cloudera ODBC 2.6.13 Driver for Apache Impala Released
Product Announcements
[ANNOUNCE] CDP Public Cloud Data Hub is now available on Google Cloud
Support Announcements
Validations - Cloudera Support's Predictive Alerting
View More Announcements