Support Questions

Find answers, ask questions, and share your expertise

Problems with Kerberos

avatar

good afternoon guys, I'm here again needing help from the community .... I'm trying to activate Kerberos in my hadoop environment with ambari. I've enabled SSL on my domain controllers so that the connections are accepted by LDAPS. I created the admin user in the domain with full administrator properties of the environment. And I enter the correct data of the user but when the ambari goes to create principals the ambari presents the following error

2017-09-04 15: 17: 49,600 - Failed to create master, hadoopcetax-090417@cetax.corp - Can not create principal: hadoopcetax-090417@cetax.corp

2017-09-04 15: 17: 49,386 -Processing identities ... 2017-09-04 15: 17: 49,596 - Main processing, hadoopcetax-090417@cetax.corp

Can someone help me? I do not know what else to do.

Best Regards,

Rui Ornellas Junior

2 REPLIES 2

avatar
Master Mentor

@Rui Ornellas Junior

Did you follow a specific document if so can you share the link?

Can you copy and paste your krb5.conf remember to mask important info!

Here is a great Hortonworks document

avatar

Hi @Rui Ornellas Junior

The problem is probably the case of your realm name. Realm names MUST be all capital letters according to the widely accepted realm naming convention. The MIT Kerberos library appears to adhere to this convention and tends to generate failures when the convention is not satisfied.

On top of this, the case of the realm name MUST match the case of your KDC. If the realm name known to you KDC is lowercase, then you will need to fix the KDC (or Active Directory). Many have tried to get around this case issue with no luck.