Support Questions

Srinivas-M · ‎08-27-2023

I am trying to configure CDP 7.1.8 with Active Directory. Once the Kerberos Configuration is enabled, during the last step where the services are started, the Zookeeper service is failing to start with the following exception.

I had checked the encryption types enabled on the Active Directory as well as the encryption types with which the principal are created. Also, I could see that the kinit using the generated keytabs works fine for the zookeeper service and other services as well.

Is there anything that is missing in the configuration ?

---

5:01:27.233 AM 	WARN 	SaslServerCallbackHandler 	

No password found for user: null

5:01:27.235 AM 	ERROR 	QuorumPeerMain 	

Unexpected exception, exiting abnormally
java.io.IOException: Could not configure server because SASL configuration did not allow the  ZooKeeper server to authenticate itself properly: javax.security.auth.login.LoginException: No password provided
	at org.apache.zookeeper.server.ServerCnxnFactory.configureSaslLogin(ServerCnxnFactory.java:243)
	at org.apache.zookeeper.server.NettyServerCnxnFactory.configure(NettyServerCnxnFactory.java:506)
	at org.apache.zookeeper.server.quorum.QuorumPeerMain.runFromConfig(QuorumPeerMain.java:151)
	at org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:125)
	at org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:84)

willx · ‎08-28-2023

Hi @Srinivas-M ,

Questions:

- What are the current encryption types?

- What is the JDK version?

- Are other services running well? hdfs/hbase/yarn etc.

You can try following steps:

- Did you try to kinit a keytab from the latest process directory of zookeeper (/var/run/cloudera-scm-agent/process/<latest_process_folder_of_zookeeper>/zookeeper.keytab)

- Try to re-generate keytab and principals via CM and restart the zookeeper.

A similar issue was in this KB.

https://my.cloudera.com/knowledge/ERROR-quot-java-io-IOException-Could-not-configure-server?id=27363...

View solution in original post

willx · ‎08-28-2023

Hi @Srinivas-M ,

Questions:

- What are the current encryption types?

- What is the JDK version?

- Are other services running well? hdfs/hbase/yarn etc.

You can try following steps:

- Did you try to kinit a keytab from the latest process directory of zookeeper (/var/run/cloudera-scm-agent/process/<latest_process_folder_of_zookeeper>/zookeeper.keytab)

- Try to re-generate keytab and principals via CM and restart the zookeeper.

A similar issue was in this KB.

https://my.cloudera.com/knowledge/ERROR-quot-java-io-IOException-Could-not-configure-server?id=27363...

Srinivas-M · ‎08-28-2023

Thanks @willx for the response. I had earlier regenerated the keytabs and principals multiple times. For some reason, only the zookeeper principals seems have been locked up and not getting generated. I had discovered that while trying to manually remove the principals. Once I removed those principals forcefully and regenerated the keytabs and the principals from the CM, the issue got resolved.

Cloudera Community

Support Questions

Services not starting up after Enabling Kerberos with Active Directory

"kinit: Preauthentication failed while getting ini...

HDF 2.x/3.0: Use Ambari to enable kerberos for HDF...

Some services failing to come up after enabling ke...

One Way Trust - MIT KDC to Active Directory

Enable Kerberos Wizard failed to create principals...

How to configure Zeppelin for Active Directory use...

Issue with enable Kerberos with existing active d...

Extracting Active Directory LDAPS SSL Ccertificate

HBase does not start after enabling Kerberos on cl...

kerberos authentication without LDAP/Active Direct...