Support Questions

v_yernaux · ‎09-06-2018

Hello,

I tried to connect hive from a windows server via odbc but without success.

My cluster hadoop is kerberized, hive port is 10000 and is open between windows and all the cluster (I did a telnet serverhive2 10000 and it works)

I download HortonworksHiveODBC64.msi and install it.

I tried a lot of combination of parameters on "hortons Hive ODBC Driver DSN setup", none of them works, for sample this setting:

give me this error:

[Hortonworks][Hardy] (34) Error from server: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Permission denied).

[Hortonworks][Hardy] (34) Error from server: SASL(0): successful result: .

what have I to do to set correctly my odbc driver

vmurakami · ‎09-06-2018

Hello @vincent yernaux!
Guess you've something wrong with your Kerberos credentials/configuration.
Are you able to do a kinit on windows? If so, did you check the krb5.conf, credentials?
For further details check the Appendix A of the documentation below:

https://hortonworks.com/wp-content/uploads/2013/04/Hortonworks-Hive-ODBC-Driver-User-Guide.pdf

Hope this helps!

v_yernaux · ‎09-07-2018

Hello,

that's possible, there is may be something wrong with my kerberos setting on the windows server. when I try kinit, I got this:

c:\Program Files\MIT\Kerberos\bin>set KRB5_CONFIG="C:\Program Files\MIT\Kerberos\"
c:\Program Files\MIT\Kerberos\bin>set KRB5CCNAME=%USERPROFILE%\krb5cache
c:\Program Files\MIT\Kerberos\bin>"c:\Program Files\MIT\Kerberos\bin\kinit.exe"
kinit.exe: Configuration file does not specify default realm when parsing name vyea

however, in c:\Program Files\MIT\kerberos\krb5.conf, I have this:

[libdefaults]
  renew_lifetime = 7d
  forwardable = true
  default_realm = toto.org
  ticket_lifetime = 24h
  dns_lookup_realm = false
  dns_lookup_kdc = false
  default_ccache_name = c:\temp\krb5cache\krb5cc_%{uid}
  #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
  #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
[domain_realm]
  interpol.int = TOTO.ORG
  .interpol.int = TOTO.ORG
[logging]
  default = FILE:c:\temp\krb5\krb5kdc.log
  admin_server = FILE:c:\temp\krb5\kadmind.log
  kdc = FILE:c:\temp\krb5\krb5kdc.log
[realms]
  TOTO.ORG = {
    admin_server = dcibs11
    kdc = TOTO.ORG
  }

(I changed my company name of course)

vmurakami · ‎09-07-2018

Hello @vincent yernaux.

Right, perhaps you need to add some parameters to your kinit command, e.g.:

kinit -kt /etc/security/keytabs/nifi.service.keytab nifi/vmurakami-1@EXAMPLE.COM

So in this case, I'm getting a session with a principal called nifi/vmurakami-1 which has a keytab in the /etc/security/keytabs/

And I'd try to check the Delegation UID field from the ODBC window.

Hope this helps

v_yernaux · ‎09-20-2018

Hello,
finally, I found a way to make it work.
jdbc/hive or odbchive had the same problem: no ticket kerberos.
I tried to connect hive from windows environment (AD) and I get the message: GSS initiate failed

The solution was to execute the kinit.exe from java binary (not the one from windows nor MIT).

Support Questions

connexion to hive with hortonworks odbc