Support Questions

ben_grant · ‎01-31-2018

having trouble with Ranger usersync from Active Directory. Just trying ldap, not ldaps at the moment. I can see in the usersync.log that it connect to my AD server & finds the users and groups I have set in my filters. When it goes to try to push these into Ranger, I'm getting

com.sun.jersey.api.client.UniformInterfaceException: GET http://fit-d-selgsv-21.sentry.com:6080/service/xusers/groups/?pageSize=1000&startIndex=0 returned a response status of 401 Unauthorized

It looks like the usersync can't push to Ranger.

ben_grant · ‎02-08-2018

we ended up just dropping the cluster, deploying Ranger & Ranger usersync, then enabling Kerberos. works perfect if you deploy ranger first.

View solution in original post

ben_grant · ‎01-31-2018

cworkhdfnew-folderusersync-issue2.zip I believe I enabled correctly & restarted. when I check the log files I don't see any extra Kerberos information.

vperiasamy · ‎01-31-2018

Kerberos debug messages will be in catalina.out

Not sure if ranger admin is properly spnego enabled. Please enable DEBUG for ranger admin logs.

One thing you can try is to manually kinit using rangerusersync keytab and perform the same request via Curl. http://fit-d-selgsv-21.sentry.com:6080/service/xusers/groups/?pageSize=1000☆tIndex=0

ben_grant · ‎01-31-2018

is there a way to change the usersync account so that it uses just username/password instead of Kerberos?

ben_grant · ‎02-08-2018

we ended up just dropping the cluster, deploying Ranger & Ranger usersync, then enabling Kerberos. works perfect if you deploy ranger first.

Cloudera Community

Support Questions

Ranger usersync 401 unauthorized