Support Questions

ryanth9893 · ‎07-26-2019

Ranger 1.2 on HDP 3.1

The usersync process is able to connect to LDAP, pull down expected users. When the usersync attempts to connect to Ranger to add/update those new LDAP users, throws error.

usersync.log shows:

ERROR LdapUserGroupBuilder [UnixUserSyncThread] - sink.addOrUpdateUser failed with exception null, for user: hdfs, groups: [hdfs,hadoop] (and all users for that matter)

WARN PolicyMgrUserGroupBuilder [UnixUserSyncThread] Credentials response from ranger is 401

The xa_portal.log from Ranger Admin shows:

[http-bio-6080-exec-4] INFO org.apache.ranger.security.handler.RangerAuthenticationProvider (RangerAuthenticationProvider.java:148) - Authentication with SHA-256 failed. Now trying with MD5.

[http-bio-6080-exec-4] INFO org.apache.ranger.security.listener.SpringEventListener (SpringEventListener.java:86) - Login Unsuccessful:rangerusersync | Ip Address x.x.x.x | Bad Credentials

When I login to the Ranger UI with user "rangerusersync" with the known password, I can log in without issue.

Where is it getting (or rather not getting) the credentials for "rangerusersync" after getting the LDAP users successfully when trying to load to Ranger?

dmahato · ‎06-16-2021

Hi @ryanth9893

Were you able to figure out this issue? I am also facing a similar problem.

ranger-admin.log

2021-06-16 09:13:19,417 [http-bio-6182-exec-3] INFO org.apache.ranger.security.handler.RangerAuthenticationProvider (RangerAuthenticationProvider.java:148) - Authentication with SHA-256 failed. Now trying with MD5.
2021-06-16 09:13:19,418 [http-bio-6182-exec-3] INFO org.apache.ranger.security.listener.SpringEventListener (SpringEventListener.java:86) - Login Unsuccessful:password123 | Ip Address:10.234.xx.xx | Bad Credentials
2021-06-16 09:13:19,419 [http-bio-6182-exec-3] DEBUG org.apache.ranger.common.db.JPABeanCallbacks (JPABeanCallbacks.java:45) - AddedByUserId is null or 0 and hence getting it from userSession for null
2021-06-16 09:13:19,419 [http-bio-6182-exec-3] DEBUG org.apache.ranger.common.db.JPABeanCallbacks (JPABeanCallbacks.java:62) - Security context not found for this request. Identity of originator of this change cannot be recorded
2021-06-16 09:13:19,429 [http-bio-6182-exec-3] DEBUG apache.ranger.security.web.authentication.RangerAuthenticationEntryPoint (RangerAuthenticationEntryPoint.java:82) - commence() X-Requested-With=null
2021-06-16 09:13:19,470 [http-bio-6182-exec-14] DEBUG org.apache.ranger.security.handler.RangerAuthenticationProvider (RangerAuthenticationProvider.java:142) - JDBC Authentication failure:
org.springframework.security.authentication.BadCredentialsException: Bad credentials
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:151)
at org.apache.ranger.security.handler.RangerAuthenticationProvider.getJDBCAuthentication(RangerAuthenticationProvider.java:604)

Below is the RangerUserSync.log. Keep getting "Credentials response from ranger is 401."

16 Jun 2021 09:51:46 WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401.
16 Jun 2021 09:51:46 WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401.
16 Jun 2021 09:51:46 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal = 175293790and currentDeltaSyncTime = 175293790
16 Jun 2021 09:51:46 WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401.
16 Jun 2021 09:51:46 WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401.
16 Jun 2021 09:51:46 WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401

if you have figured out the issue then can you please help?

Cloudera Community

Support Questions

Ranger 1.2 Usersync Bad Credentials