Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Why "Unauthorized access. expected [null], found [fqdn.of.NN]" in RangerAdminRESTClient?

Highlighted

Why "Unauthorized access. expected [null], found [fqdn.of.NN]" in RangerAdminRESTClient?

Expert Contributor

With Ranger SSL authentication enabled for agents I see the following exception in the NameNodes logs:

ERROR client.RangerAdminRESTClient (RangerAdminRESTClient.java:getServicePoliciesIfUpdate(79)) - Error getting policies. request=https://ranger.host:6182/service/plugins/policies/download/ebipdev_hadoop?latKnownVersion=3&pluginId=hdfs@fqdn.of.NN-repo_hadoop, response={"httpStatusCode": 400, "statusCode":1, "msgDesc": "Unauthorized access. expected [null], found [fqdn.of.NN]","messageList":[{"OPER_NOT_ALLOWED_FOR_ENTITY", "rbKey":"xa.error.oper_not_allowed_for_state", "message": "Operation not allowed for entity"}]}, serviceName=repo_hadoop

Why is Ranger admin expecting null? What exactly went wrong with the SSL setup? Also, why is there a common.name setting for ranger agent plugin setting?

6 REPLIES 6
Highlighted

Re: Why "Unauthorized access. expected [null], found [fqdn.of.NN]" in RangerAdminRESTClient?

I think the key here is - oper_not_allowed_for_state

Can you check

  1. if HA is enabled, the namenode has failed over to the passive, so that the namenode is not in active state anymore.
  2. if the namenode has gone in safe mode for some reason?
Highlighted

Re: Why "Unauthorized access. expected [null], found [fqdn.of.NN]" in RangerAdminRESTClient?

Expert Contributor

It seems related to SSL client authentication.

Highlighted

Re: Why "Unauthorized access. expected [null], found [fqdn.of.NN]" in RangerAdminRESTClient?

Expert Contributor

common.name in the ranger agent plugin setting in ranger admin is the CN name of the keystore which you would have created during SSL configuration. When 2 way SSL is enabled between plugin and ranger policy manager this is needed for the https communication.

Highlighted

Re: Why "Unauthorized access. expected [null], found [fqdn.of.NN]" in RangerAdminRESTClient?

Expert Contributor

Keystore at the client side? What about NN HA?

Highlighted

Re: Why "Unauthorized access. expected [null], found [fqdn.of.NN]" in RangerAdminRESTClient?

Mentor

@hkropp has this been resolved? Can you accept the best answer or provide your own solution?

Highlighted

Re: Why "Unauthorized access. expected [null], found [fqdn.of.NN]" in RangerAdminRESTClient?

Explorer

Another possible cause for this are the following two Ranger settings:

ranger.service.https.attrib.clientAuth

ranger.service.https.attrib.client.auth

Change these settings from "false" to "want" if needed

Don't have an account?
Coming from Hortonworks? Activate your account here