Support Questions
Find answers, ask questions, and share your expertise

Service Accounts Creation

Solved Go to solution
Highlighted

Service Accounts Creation

Rising Star

During the Ambari installation, if all the hosts already integrated with AD via SSSD, and all the service accounts already available in AD, will Ambari still try to create those accounts locally?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Service Accounts Creation

Explorer

@dsun yes, you can.

First, you need to ensure those service accounts are created in the AD and the cluster hosts all connect to AD and those users are valid.

Second, set ignore_groupsusers_create=true in cluster-env.xml then start install HDP

View solution in original post

3 REPLIES 3

Re: Service Accounts Creation

Explorer

@dsun yes, you can.

First, you need to ensure those service accounts are created in the AD and the cluster hosts all connect to AD and those users are valid.

Second, set ignore_groupsusers_create=true in cluster-env.xml then start install HDP

View solution in original post

Highlighted

Re: Service Accounts Creation

@dsun

In addition to @xin.wang If all the accounts are created in AD/LDAP, if you are installing the services for the 1st time, while installing you get an option asking whether to Ambari to manage service accounts and UID's or skip managing. If you check on asking Ambari not to manage service accounts, it will automatically skip creation of local service accounts.

If Ambari is already installed now you are trying to add new service where service account in AD the run below command, which will set Ambari not create any users or groups locally:

/var/lib/ambari-server/resources/scripts/configs.sh
-u admin -p password -port 8080 set ambarihostserver.com clustername cluster-env ignore_groupsusers_create true

Hope this helped you.

Highlighted

Re: Service Accounts Creation

Rising Star

Thanks for the comments, will try it out.

Don't have an account?