Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger user group sync not working in UnixUserSync method

Ranger user group sync not working in UnixUserSync method

New Contributor

I am using HDP Sandbox 2.5 vmware image and have kerberized the cluster using the web UI.
I have created a user as user1 and this user1 belongs to group1(which also created by me). But the problem is this user and group is not reflecting in Ranger because of which I am not able assign any policy to this user or group. Attaching the logs of usersync process :

Any help/clues to resolve this problem is appreciated

com.sun.jersey.api.client.UniformInterfaceException: POST http://sandbox.hortonworks.com:6080/service/xusers/users/userinfo returned a response status of 401 Unauthorized
        at com.sun.jersey.api.client.WebResource.handle(WebResource.java:686)
        at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
        at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:568)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.getUsergroupInfo(PolicyMgrUserGroupBuilder.java:567)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.access$500(PolicyMgrUserGroupBuilder.java:72)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder$2.run(PolicyMgrUserGroupBuilder.java:539)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder$2.run(PolicyMgrUserGroupBuilder.java:535)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:360)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.addUserGroupInfo(PolicyMgrUserGroupBuilder.java:535)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.addOrUpdateUser(PolicyMgrUserGroupBuilder.java:340)
        at org.apache.ranger.unixusersync.process.UnixUserGroupBuilder.updateSink(UnixUserGroupBuilder.java:140)
        at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
        at java.lang.Thread.run(Thread.java:745)
22 Aug 2017 16:45:55 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add User :
com.sun.jersey.api.client.UniformInterfaceException: POST http://sandbox.hortonworks.com:6080/service/users/default returned a response status of 401 Unauthorized
        at com.sun.jersey.api.client.WebResource.handle(WebResource.java:686)
        at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
        at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:568)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.getMUser(PolicyMgrUserGroupBuilder.java:838)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.access$800(PolicyMgrUserGroupBuilder.java:72)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder$5.run(PolicyMgrUserGroupBuilder.java:811)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder$5.run(PolicyMgrUserGroupBuilder.java:807)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:360)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.addMUser(PolicyMgrUserGroupBuilder.java:807)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.addOrUpdateUser(PolicyMgrUserGroupBuilder.java:335)
        at org.apache.ranger.unixusersync.process.UnixUserGroupBuilder.updateSink(UnixUserGroupBuilder.java:140)
        at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
        at java.lang.Thread.run(Thread.java:745)
22 Aug 2017 16:45:55 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add User Group Info :
com.sun.jersey.api.client.UniformInterfaceException: POST http://sandbox.hortonworks.com:6080/service/xusers/users/userinfo returned a response status of 401 Unauthorized
        at com.sun.jersey.api.client.WebResource.handle(WebResource.java:686)
        at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
        at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:568)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.getUsergroupInfo(PolicyMgrUserGroupBuilder.java:567)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.access$500(PolicyMgrUserGroupBuilder.java:72)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder$2.run(PolicyMgrUserGroupBuilder.java:539)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder$2.run(PolicyMgrUserGroupBuilder.java:535)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:360)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.addUserGroupInfo(PolicyMgrUserGroupBuilder.java:535)
        at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.addOrUpdateUser(PolicyMgrUserGroupBuilder.java:340)
        at org.apache.ranger.unixusersync.process.UnixUserGroupBuilder.updateSink(UnixUserGroupBuilder.java:140)
        at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
        at java.lang.Thread.run(Thread.java:745)
22 Aug 2017 16:45:55  INFO UserGroupSync [UnixUserSyncThread] - End: initial load of user/group from source==>sink
22 Aug 2017 16:45:55  INFO UserGroupSync [UnixUserSyncThread] - Done initializing user/group source and sink

6 REPLIES 6

Re: Ranger user group sync not working in UnixUserSync method

Mentor

@sachin gupta

For users and groups to appear in Ranger you need to Synchronize LDAP Users and Groups did you do that if so can you upload the logs?

Re: Ranger user group sync not working in UnixUserSync method

New Contributor

I am not using LDAP as of now and want only os level users and groups to be synced in Ranger. Do I have to use LDAP ?

Re: Ranger user group sync not working in UnixUserSync method

New Contributor

Have you check your properties in Ambari -> ranger -> Advanced ranger-ugsync-site

If not please refer to this page

Re: Ranger user group sync not working in UnixUserSync method

New Contributor

yes the keytabs are there and working, I have already gone through all these pages.

Re: Ranger user group sync not working in UnixUserSync method

Mentor

@sachin gupta

I have just span a HDP 2.6 single node cluster with Ranger 0.70 and KMS 0.70. I will proceed to create user1 and group_1. Can you tell me the unix ID's if you

# cat /etc/passwd
# cat /etc/group

Revert

Re: Ranger user group sync not working in UnixUserSync method

New Contributor

group1:x:1026:user1

user1:x:1026:1026::/home/user1:/bin/bash