Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search

Unable to Create principal with Windows KDC

Highlighted

Unable to Create principal with Windows KDC

Srs_karthik
New Contributor

Created ‎03-12-2018 05:47 AM

I want to enable security to my cluster in ambari (HDP-2.6.4.0) , for that I have followed this link to prepare my Windows KDC.

Environment used – CentOS7 and Windows 2102 KDC.

In Enable Kerberos Wizard, I have entered the Admin KDC credentials then on theStep 7(Kerberize cluster)am facing the issue on creating the principals from the Linux cluster.

Error details–

Operation(Principal creation), Status(Failed), Reason of failure(Failed to create principal, securecluster-030818@YOURDOMAIN.COM - can not check if principal exists: securecluster-030818@ YOURDOMAIN.COM), RequestId(72), TaskId(807), Principal(securecluster-030818@ YOURDOMAIN.COM)

Please any guide me to resolve this issue or I missed any pre requisites?

Reply
523 Views
1 REPLY 1
Highlighted

Re: Unable to Create principal with Windows KDC

rlevas
Guru

Created ‎03-12-2018 02:34 PM

There must more more to this error message. For some reason Ambari cannot query the Active Directory using the LDAP interface. This could be for one of several reasons. Not limited to the following:

  • The credentials provided to Ambari to use to communicate with the Active Directory does not have proper access to the specified container
  • The unlimited key JCE policy has not been installed in the JVM used by the Ambari server
  • The FQDN for the LDAP interface to the Active Directory is incorrect
  • Access to the Active Directory is being blocked by a firewall
  • The LDAPS URL is incorrect
    • Make sure the LDAP URL is actually an LDAPS URL - SSL is required to set passwords

By posting more the the error message we might have a better idea about what is going on.

Reply
329 Views
0 Kudos
Don't have an account?
Register
Announcements
Product Announcements
[ANNOUNCE] New Cloudera JDBC 2.6.20 Driver for Apache Impala Released
Product Announcements
Transition to private repositories for CDH, HDP and HDF
Product Announcements
[ANNOUNCE] New Applied ML Research from Cloudera Fast Forward: Few-Shot Text Classification
Product Announcements
[ANNOUNCE] New JDBC 2.6.13 Driver for Apache Hive Released
Product Announcements
[ANNOUNCE] Refreshed Research from Cloudera Fast Forward: Semantic Image Search and Federated Learning
View More Announcements