Support Questions
Find answers, ask questions, and share your expertise

Problems with auth in kerberized HDP cluster after update

Explorer

Hello

I have troubles after updating RHEL 7.6 to 7.7.

After this update, hadoop services are not able to start.

In logs i see, that hadoop services are trying to auth with sAMAccountName instead of userPrincipalName.

My auth_to_local rules are based on UPN's.

I already checked /etc/krb5.conf(controlled by Ambari), /etc/sssd/sssd.conf and /var/lib/sss/pubconf for changes but they are same like for the update

I have tried to get user id with id command and got same result in 7.6 and 7.7 RHEL.

 

 

[root@rhel7.6host] id hdfs-user@DOMAIN.TEST
id($XXXX-$XXXXXXXXX) 

[root@rhel7.7host] id hdfs-user@DOMAIN.TEST
id($XXXX-$XXXXXXXXX) 

 

 

Did i miss some config change in RHEL or HDP?

How can i force Hadoop services to use UPN's back?