Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Services not starting up after Enabling Kerberos with Active Directory

avatar
Explorer

I am trying to configure CDP 7.1.8 with Active Directory. Once the Kerberos Configuration is enabled, during the last step where the services are started, the Zookeeper service is failing to start with the following exception.

 

I had checked the encryption types enabled on the Active Directory as well as the encryption types with which the principal are created. Also, I could see that the kinit using the generated keytabs works fine for the zookeeper service and other services as well.

 

Is there anything that is missing in the configuration ?

---

 

5:01:27.233 AM 	WARN 	SaslServerCallbackHandler 	

No password found for user: null

5:01:27.235 AM 	ERROR 	QuorumPeerMain 	

Unexpected exception, exiting abnormally
java.io.IOException: Could not configure server because SASL configuration did not allow the  ZooKeeper server to authenticate itself properly: javax.security.auth.login.LoginException: No password provided
	at org.apache.zookeeper.server.ServerCnxnFactory.configureSaslLogin(ServerCnxnFactory.java:243)
	at org.apache.zookeeper.server.NettyServerCnxnFactory.configure(NettyServerCnxnFactory.java:506)
	at org.apache.zookeeper.server.quorum.QuorumPeerMain.runFromConfig(QuorumPeerMain.java:151)
	at org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:125)
	at org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:84)

 

 

1 ACCEPTED SOLUTION

avatar
Master Collaborator

Hi @Srinivas-M ,

 

Questions:

- What are the current encryption types?

- What is the JDK version?

- Are other services running well? hdfs/hbase/yarn etc.

 

You can try following steps:

- Did you try to kinit a keytab from the latest process directory of zookeeper (/var/run/cloudera-scm-agent/process/<latest_process_folder_of_zookeeper>/zookeeper.keytab)

- Try to re-generate keytab and principals via CM and restart the zookeeper.

 

A similar issue was in this KB.

https://my.cloudera.com/knowledge/ERROR-quot-java-io-IOException-Could-not-configure-server?id=27363...

View solution in original post

2 REPLIES 2

avatar
Master Collaborator

Hi @Srinivas-M ,

 

Questions:

- What are the current encryption types?

- What is the JDK version?

- Are other services running well? hdfs/hbase/yarn etc.

 

You can try following steps:

- Did you try to kinit a keytab from the latest process directory of zookeeper (/var/run/cloudera-scm-agent/process/<latest_process_folder_of_zookeeper>/zookeeper.keytab)

- Try to re-generate keytab and principals via CM and restart the zookeeper.

 

A similar issue was in this KB.

https://my.cloudera.com/knowledge/ERROR-quot-java-io-IOException-Could-not-configure-server?id=27363...

avatar
Explorer

Thanks @willx for the response. I had earlier regenerated the keytabs and principals multiple times. For some reason, only the zookeeper principals seems have been locked up and not getting generated. I had discovered that while trying to manually remove the principals. Once I removed those principals forcefully and regenerated the keytabs and the principals from the CM, the issue got resolved.