We are having issues to setup Site-2-Site connectivity between our local windows instance and remote Linux instance. The local one is setup to use SSL,LDAP authentication where as the remote HDF is using SSL,Kerberos authentication.
after spending a lot of time we couldn't connect those 2 systems using S2S and HW confirmed we need to go Kerberos on the window server also to be able to connect using S2S and suggested PostHTTP --> ListenHTTP to achieve similar functionality.
has anyone done this? if so can you please send a template or an example..
NiFi Site-To-SIte (S2S) only uses TLS/SSL authentication when communicating between NiFi instances.
What errors are you seeing on your nifi-app.log?
The TLS handshake that occurs during S2S requires two-way authentication. This means the certificates issued to the NiFi instances (PrivateKeyEntry in the configured keystore in nifi.properties) must be configured with an extended keys usage that allows that certificate to be used for both ClientAuth and ServerAuth.
Do you have same issue using either "RAW" or "HTTP" transfer methods in the RPG?
Thanks for your reply. that's what I thought. but for reason I was told that we cant connect with our existing set up of Windows,SSL,LDAP to Linux,SSL,Kerberos, Ranger plugin enabled.
I am not an expert in certificates and am looking for help and looking solve this for a long time.
since I cannot get this to work I am using SFTP to remote site and then consuming from there.
would you be able to help if I open another case.?
and also at one point we were able to access it thru "anonymous" user when I created that user in ranger and granted access to all NiFi resources. but when I remove "anonymous" user we were getting "Unauthorized" errors.
You can open a case, but I am stretched very thin on time. Support should be able to assist you here with coming to a solution that works.
Is your target NiFi able to use a RPG to redistribute data to itself successfully with proper authorization?
Yes , I am able to use RPG and use S2S on my target.
I will open another ticket , just hoping it gets to the people who dealt with these kinds earlier. last time I was told since we are using ranger plugin and it cant find the incoming user from local NiFi we are getting unauthorized errors.