Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger unix user sync fails with Kerberos cluster in HDP 3.0.1

Highlighted

Ranger unix user sync fails with Kerberos cluster in HDP 3.0.1

New Contributor

Hi,

I've setup a HDP 3.0.1 cluster which is Kerberized.

However, the user sync is not happening with sync source as "Unix", min user id as "500".

Below is the error observed in the logs:

04 Dec 2018 14:49:06  INFO UnixAuthenticationService [main] - Starting User Sync Service!
04 Dec 2018 14:49:06  WARN UnixUserGroupBuilder [UnixUserSyncThread] - DEPRECATED: Unix backend is configured to use /etc/passwd and /etc/group files directly instead of standard system mechanisms.
04 Dec 2018 14:49:06  INFO UserGroupSync [UnixUserSyncThread] - initializing sink: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
04 Dec 2018 14:49:06  INFO PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Using principal = rangerusersync/prd-lucy110.XXXXX.nm1@XXXXXX.COM and keytab = /etc/security/keytabs/rangerusersync.service.keytab
04 Dec 2018 14:49:07 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to build Group List :
com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1
        at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:176)
04 Dec 2018 14:49:07 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add portal user
04 Dec 2018 14:49:07 ERROR UnixUserGroupBuilder [UnixUserSyncThread] - sink.addOrUpdateUser failed with exception: Failed to add portal user, for user: jatin, groups: [jatin, dev]
04 Dec 2018 14:49:07 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add portal user
04 Dec 2018 14:49:07 ERROR UnixUserGroupBuilder [UnixUserSyncThread] - sink.addOrUpdateUser failed with exception: Failed to add portal user, for user: suraj.ghosh, groups: [suraj.ghosh, dev]

In the same machine I added a user "rangerusersync". Ran the python script "updatepolicymgrpassword.py" and provided same username and password. But still fails!

Please see the attached screenshot of Ranger Audit UI (Usersync tab). Is this normal ?

Also attached full logs. Please check :- usersync-log.txt

Note:- Ambari server is TLS (SSL) enabled. But not Ranger.

Can anyone please help me in resolving this issue? It would be highly appreciated.

Thanks,

Shesh Kumar


screenshot-2018-12-04-at-105200-pm.png
Don't have an account?
Coming from Hortonworks? Activate your account here