Support Questions

joshua_adeleke · ‎07-26-2017

I have seen your submission (1 2) on this issue and taken cues from how you have resolved it. However, i am still not able to log into Ranger UI with my AD user that was synced as it gives the error message below; I use HDP 2.4.3 and the Ranger version is 0.5. Is there any thing i am missing?

2017-07-26 17:00:47,880 [http-bio-6080-exec-29] INFO  org.apache.ranger.security.listener.SpringEventListener (SpringEventListener.java:87) - Login Unsuccessful:userid | Ip Address:IP_Address | Bad Credentials

Jon_Morisi · ‎07-26-2017

All I had to do was configure ranger.truststore.file and ranger.https.attrib.keystore.file to point to a cacerts file (which had my AD cert previously imported). Did you import your AD cert into the cacerts file you referenced?

kbrodie · ‎08-04-2017

$^(*!$!^&(!/. I had a huge response all typed up and this forum blew up the answer. Lost my submittion.

I will summarize:

ENABLE DEBUGGING. It was not until I enabled debugging for ranger that, when I got an error similar to yours, I uncovered that I needed to get my AD certificate into the truststore

Note, ranger has TWO truststores. One for the user sync, the other for ranger itself logging in the UI.......................

check these, and that your AD certificate is in the keystore mentioned:
ranger.usersync.truststore.file
ranger.https.attrib.keystore.file

Support Questions

Not able to logon to Ranger UI with synchronised AD user