Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Ranger 1.2 Usersync Bad Credentials

avatar
New Contributor

Ranger 1.2 on HDP 3.1

The usersync process is able to connect to LDAP, pull down expected users. When the usersync attempts to connect to Ranger to add/update those new LDAP users, throws error.


usersync.log shows:

ERROR LdapUserGroupBuilder [UnixUserSyncThread] - sink.addOrUpdateUser failed with exception null, for user: hdfs, groups: [hdfs,hadoop] (and all users for that matter)

WARN PolicyMgrUserGroupBuilder [UnixUserSyncThread] Credentials response from ranger is 401


The xa_portal.log from Ranger Admin shows:

[http-bio-6080-exec-4] INFO org.apache.ranger.security.handler.RangerAuthenticationProvider (RangerAuthenticationProvider.java:148) - Authentication with SHA-256 failed. Now trying with MD5.

[http-bio-6080-exec-4] INFO org.apache.ranger.security.listener.SpringEventListener (SpringEventListener.java:86) - Login Unsuccessful:rangerusersync | Ip Address x.x.x.x | Bad Credentials

When I login to the Ranger UI with user "rangerusersync" with the known password, I can log in without issue.

Where is it getting (or rather not getting) the credentials for "rangerusersync" after getting the LDAP users successfully when trying to load to Ranger?

1 REPLY 1

avatar
Explorer

Hi @ryanth9893 

 

Were you able to figure out this issue? I am also facing a similar problem. 

 

ranger-admin.log

 

2021-06-16 09:13:19,417 [http-bio-6182-exec-3] INFO  org.apache.ranger.security.handler.RangerAuthenticationProvider (RangerAuthenticationProvider.java:148) - Authentication with SHA-256 failed. Now trying with MD5.
2021-06-16 09:13:19,418 [http-bio-6182-exec-3] INFO  org.apache.ranger.security.listener.SpringEventListener (SpringEventListener.java:86) - Login Unsuccessful:password123 | Ip Address:10.234.xx.xx | Bad Credentials
2021-06-16 09:13:19,419 [http-bio-6182-exec-3] DEBUG org.apache.ranger.common.db.JPABeanCallbacks (JPABeanCallbacks.java:45) - AddedByUserId is null or 0 and hence getting it from userSession for null
2021-06-16 09:13:19,419 [http-bio-6182-exec-3] DEBUG org.apache.ranger.common.db.JPABeanCallbacks (JPABeanCallbacks.java:62) - Security context not found for this request. Identity of originator of this change cannot be recorded
2021-06-16 09:13:19,429 [http-bio-6182-exec-3] DEBUG apache.ranger.security.web.authentication.RangerAuthenticationEntryPoint (RangerAuthenticationEntryPoint.java:82) - commence() X-Requested-With=null
2021-06-16 09:13:19,470 [http-bio-6182-exec-14] DEBUG org.apache.ranger.security.handler.RangerAuthenticationProvider (RangerAuthenticationProvider.java:142) - JDBC Authentication failure:
org.springframework.security.authentication.BadCredentialsException: Bad credentials
        at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:151)
        at org.apache.ranger.security.handler.RangerAuthenticationProvider.getJDBCAuthentication(RangerAuthenticationProvider.java:604)

 

 

Below is the RangerUserSync.log. Keep getting "Credentials response from ranger is 401."

16 Jun 2021 09:51:46  WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401.
16 Jun 2021 09:51:46  WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401.
16 Jun 2021 09:51:46  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - uSNChangedVal = 175293790and currentDeltaSyncTime = 175293790
16 Jun 2021 09:51:46  WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401.
16 Jun 2021 09:51:46  WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401.
16 Jun 2021 09:51:46  WARN LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Credentials response from ranger is 401

 

if you have figured out the issue then can you please help?