Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

No rules applied to rangerlookup@EXAMPLE.COM on RANGER ADMIN Service Manager

No rules applied to rangerlookup@EXAMPLE.COM on RANGER ADMIN Service Manager

New Contributor

I'm trying to configure the service repository for HDFS, using the user rangerlookup created on AD, but I'm getting an error on xa_portal.log

2016-06-28 17:58:48,676 [timed-executor-pool-0] ERROR apache.ranger.services.hdfs.client.HdfsResourceMgr (HdfsResourceMgr.java:48) - <== HdfsResourceMgr.testConnection Error: java.lang.IllegalArgumentException: Illegal principal name rangerlookup@EXAMPLE.COM: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to rangerlookup@EXAMPLE.COM
2016-06-28 17:58:48,676 [timed-executor-pool-0] ERROR org.apache.ranger.services.hdfs.RangerServiceHdfs (RangerServiceHdfs.java:59) - <== RangerServiceHdfs.validateConfig Error:java.lang.IllegalArgumentException: Illegal principal name rangerlookup@EXAMPLE.COM: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to rangerlookup@EXAMPLE.COM
2016-06-28 17:58:48,676 [timed-executor-pool-0] ERROR org.apache.ranger.biz.ServiceMgr$TimedCallable (ServiceMgr.java:434) - TimedCallable.call: Error:java.lang.IllegalArgumentException: Illegal principal name rangerlookup@EXAMPLE.COM: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to rangerlookup@EXAMPLE.COM
2016-06-28 17:58:48,676 [http-bio-6182-exec-8] ERROR org.apache.ranger.biz.ServiceMgr (ServiceMgr.java:120) - ==> ServiceMgr.validateConfig Error:java.util.concurrent.ExecutionException: java.lang.IllegalArgumentException: Illegal principal name rangerlookup@EXAMPLE.COM: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to rangerlookup@EXAMPLE.COM

My service configuration the following:

Username = rangerlookup@EXAMPLE.COM
Password = *****
Namenode URL = hdfs://<clusterservicename>
Authorization Enabled = Yes
Authentication Type = Kerberos
hadoop.security.auth_to_local = <core-site.xml auth_to_local parameter>
dfs.datanode.kerberos.principal = dn/_HOST@EXAMPLE.COM
dfs.namenode.kerberos.principal = nn/_HOST@EXAMPLE.COM
dfs.secondary.namenode.kerberos.principal = nn/_HOST@EXAMPLE.COM
RPC ProtectioN Type = Authentication
Common Name for Certificate = ranger

Does anyone know this error?

3 REPLIES 3
Highlighted

Re: No rules applied to rangerlookup@EXAMPLE.COM on RANGER ADMIN Service Manager

can you please add a rule RULE:[2:$1@$0](rangerlookup@EXAMPLE.COM)s/.*/rangerlookup/ and restart and retry once

Highlighted

Re: No rules applied to rangerlookup@EXAMPLE.COM on RANGER ADMIN Service Manager

New Contributor

I've fixed the same problem as @Leonardo Dias. Just by lookup the doc(https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_Security_Guide/content/hdfs_plugin_kerberos.html)

Here are my steps:

1. Add the "rangerhdfslookup" user to the os and "rangerhdfslookup@realm" to my kdc

2. Update properties of ranger hdfs plugins via ambari

3. restart HDFS & Ranger service

Highlighted

Re: No rules applied to rangerlookup@EXAMPLE.COM on RANGER ADMIN Service Manager

Explorer

seems like it was a simple useradd command without a -g or -G option for groups on the operating system yes?

Don't have an account?
Coming from Hortonworks? Activate your account here