Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Not able to logon to Ranger UI with synchronised AD user

Highlighted

Not able to logon to Ranger UI with synchronised AD user

Expert Contributor

Hi @Kent Brodie @Jon Morisi

I have seen your submission (1 2) on this issue and taken cues from how you have resolved it. However, i am still not able to log into Ranger UI with my AD user that was synced as it gives the error message below; I use HDP 2.4.3 and the Ranger version is 0.5. Is there any thing i am missing?

2017-07-26 17:00:47,880 [http-bio-6080-exec-29] INFO  org.apache.ranger.security.listener.SpringEventListener (SpringEventListener.java:87) - Login Unsuccessful:userid | Ip Address:IP_Address | Bad Credentials

2 REPLIES 2

Re: Not able to logon to Ranger UI with synchronised AD user

New Contributor

All I had to do was configure ranger.truststore.file and ranger.https.attrib.keystore.file to point to a cacerts file (which had my AD cert previously imported). Did you import your AD cert into the cacerts file you referenced?

Re: Not able to logon to Ranger UI with synchronised AD user

Contributor

$^(*!$!^&(!/. I had a huge response all typed up and this forum blew up the answer. Lost my submittion.

I will summarize:

ENABLE DEBUGGING. It was not until I enabled debugging for ranger that, when I got an error similar to yours, I uncovered that I needed to get my AD certificate into the truststore

Note, ranger has TWO truststores. One for the user sync, the other for ranger itself logging in the UI.......................

check these, and that your AD certificate is in the keystore mentioned:
ranger.usersync.truststore.file
ranger.https.attrib.keystore.file