Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger unix user sync fails with Kerberos cluster in HDP 3.0.1

Highlighted

Ranger unix user sync fails with Kerberos cluster in HDP 3.0.1

sheshk11
New Contributor

Created ‎12-04-2018 11:40 AM

Hi,

I've setup a HDP 3.0.1 cluster which is Kerberized.

However, the user sync is not happening with sync source as "Unix", min user id as "500".

Below is the error observed in the logs: 

04 Dec 2018 14:49:06  INFO UnixAuthenticationService [main] - Starting User Sync Service!
04 Dec 2018 14:49:06  WARN UnixUserGroupBuilder [UnixUserSyncThread] - DEPRECATED: Unix backend is configured to use /etc/passwd and /etc/group files directly instead of standard system mechanisms.
04 Dec 2018 14:49:06  INFO UserGroupSync [UnixUserSyncThread] - initializing sink: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
04 Dec 2018 14:49:06  INFO PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Using principal = rangerusersync/prd-lucy110.XXXXX.nm1@XXXXXX.COM and keytab = /etc/security/keytabs/rangerusersync.service.keytab
04 Dec 2018 14:49:07 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to build Group List :
com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1
        at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:176)
04 Dec 2018 14:49:07 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add portal user
04 Dec 2018 14:49:07 ERROR UnixUserGroupBuilder [UnixUserSyncThread] - sink.addOrUpdateUser failed with exception: Failed to add portal user, for user: jatin, groups: [jatin, dev]
04 Dec 2018 14:49:07 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add portal user
04 Dec 2018 14:49:07 ERROR UnixUserGroupBuilder [UnixUserSyncThread] - sink.addOrUpdateUser failed with exception: Failed to add portal user, for user: suraj.ghosh, groups: [suraj.ghosh, dev]

In the same machine I added a user "rangerusersync". Ran the python script "updatepolicymgrpassword.py" and provided same username and password. But still fails!

Please see the attached screenshot of Ranger Audit UI (Usersync tab). Is this normal ?

Also attached full logs. Please check :- usersync-log.txt

Note:- Ambari server is TLS (SSL) enabled. But not Ranger.

Can anyone please help me in resolving this issue? It would be highly appreciated.

Thanks,

Shesh Kumar


screenshot-2018-12-04-at-105200-pm.png
Reply
166 Views
0 Kudos
Don't have an account?
Register
Coming from Hortonworks? Activate your account here