Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

Ranger unix user sync fails with Kerberos cluster in HDP 3.0.1

sheshk11
Explorer

Created ‎12-04-2018 11:40 AM

Hi,

I've setup a HDP 3.0.1 cluster which is Kerberized.

However, the user sync is not happening with sync source as "Unix", min user id as "500".

Below is the error observed in the logs: 

04 Dec 2018 14:49:06  INFO UnixAuthenticationService [main] - Starting User Sync Service!
04 Dec 2018 14:49:06  WARN UnixUserGroupBuilder [UnixUserSyncThread] - DEPRECATED: Unix backend is configured to use /etc/passwd and /etc/group files directly instead of standard system mechanisms.
04 Dec 2018 14:49:06  INFO UserGroupSync [UnixUserSyncThread] - initializing sink: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
04 Dec 2018 14:49:06  INFO PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Using principal = rangerusersync/prd-lucy110.XXXXX.nm1@XXXXXX.COM and keytab = /etc/security/keytabs/rangerusersync.service.keytab
04 Dec 2018 14:49:07 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to build Group List :
com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1
        at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:176)
04 Dec 2018 14:49:07 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add portal user
04 Dec 2018 14:49:07 ERROR UnixUserGroupBuilder [UnixUserSyncThread] - sink.addOrUpdateUser failed with exception: Failed to add portal user, for user: jatin, groups: [jatin, dev]
04 Dec 2018 14:49:07 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add portal user
04 Dec 2018 14:49:07 ERROR UnixUserGroupBuilder [UnixUserSyncThread] - sink.addOrUpdateUser failed with exception: Failed to add portal user, for user: suraj.ghosh, groups: [suraj.ghosh, dev]

In the same machine I added a user "rangerusersync". Ran the python script "updatepolicymgrpassword.py" and provided same username and password. But still fails!

Please see the attached screenshot of Ranger Audit UI (Usersync tab). Is this normal ?

Also attached full logs. Please check :- usersync-log.txt

Note:- Ambari server is TLS (SSL) enabled. But not Ranger.

Can anyone please help me in resolving this issue? It would be highly appreciated.

Thanks,

Shesh Kumar


screenshot-2018-12-04-at-105200-pm.png
Preview file
486 KB
1,588 Views
0 Kudos
2 REPLIES 2

Priyanka26
Explorer

Created ‎02-08-2021 11:05 AM

@sheshk11 Hi Shesh - We are experiencing a similar issue in our environment. Were you able to resolve this issue, if so, can you please share the steps

1,144 Views
0 Kudos

AmirMirza
Explorer

Created ‎02-09-2021 01:10 AM

Can you check user id of ranger usersync on your Linux server. It seems the user id is less than 500.

If yes, ask your sysadmin to change user id of all Hadoop users according beyond 500.

 

If you are still facing the issue, do share ranger usersync and admin logs.

Have you enabled plugins for services under ambari -> ranger -> ranger plugins

1,124 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
CDP Public Cloud: May 2023 Release Summary
What's New @ Cloudera
Cloudera Operational Database (COD) provides enhancements to the --scale-type CDP CLI option
What's New @ Cloudera
Cloudera Operational Database (COD) UI supports creating a smaller cluster using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports scaling up the clusters vertically
Product Announcements
CDP Public Cloud: April 2023 Release Summary
View More Announcements