I have a cluster with 2 nodes, installed HDF and use Ranger for security policies. I just installed kerberos on my cluster using an existing AD.
I am now trying to connect to NiFi UI but I have insufficient privileges (login/password is ok).
I created a policy READ/WRITE for my user raphael.mary (existing in AD) on /* like following :
When I try to connect to NiFi I have insufficient privileges and I get this in Ranger Audt :
The user trying to connect is raph.mary@ZZZZ.COM
1. Is that normal that the user name is with the realm name in the audit log?
2. When I try to connect I use raphael.mary as login, do I need to specify another user name?
Thank you for your help.
nifi.security.identity.mapping.pattern.kerb = ^(.*?)@(.*?)$
nifi.security.identity.mapping.value.kerb = $1
The policy is now working but I get the following error : Untrusted proxy corenifi01-vm.zzzzz.com
Do I have to add the nodes of my cluster in Active Directory as well or do I have to add the nodes of my cluster in Ranger (principal is : corenifi01-vm.zzzzz.com@ZZZZZ.COM) ? I added them at the beginning but with this name : corenifi01-vm.zzzzz.com@AA.ZZZZ.COM