Created on 09-06-2018 01:39 PM - edited 08-18-2019 01:24 AM
Hello,
I tried to connect hive from a windows server via odbc but without success.
My cluster hadoop is kerberized, hive port is 10000 and is open between windows and all the cluster (I did a telnet serverhive2 10000 and it works)
I download HortonworksHiveODBC64.msi and install it.
I tried a lot of combination of parameters on "hortons Hive ODBC Driver DSN setup", none of them works, for sample this setting:
give me this error:
[Hortonworks][Hardy] (34) Error from server: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Permission denied).
[Hortonworks][Hardy] (34) Error from server: SASL(0): successful result: .
what have I to do to set correctly my odbc driver
Created 09-06-2018 02:56 PM
Hello @vincent yernaux!
Guess you've something wrong with your Kerberos credentials/configuration.
Are you able to do a kinit on windows? If so, did you check the krb5.conf, credentials?
For further details check the Appendix A of the documentation below:
https://hortonworks.com/wp-content/uploads/2013/04/Hortonworks-Hive-ODBC-Driver-User-Guide.pdf
Hope this helps!
Created 09-07-2018 01:13 PM
Hello,
that's possible, there is may be something wrong with my kerberos setting on the windows server. when I try kinit, I got this:
c:\Program Files\MIT\Kerberos\bin>set KRB5_CONFIG="C:\Program Files\MIT\Kerberos\" c:\Program Files\MIT\Kerberos\bin>set KRB5CCNAME=%USERPROFILE%\krb5cache c:\Program Files\MIT\Kerberos\bin>"c:\Program Files\MIT\Kerberos\bin\kinit.exe" kinit.exe: Configuration file does not specify default realm when parsing name vyea
however, in c:\Program Files\MIT\kerberos\krb5.conf, I have this:
[libdefaults] renew_lifetime = 7d forwardable = true default_realm = toto.org ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = c:\temp\krb5cache\krb5cc_%{uid} #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [domain_realm] interpol.int = TOTO.ORG .interpol.int = TOTO.ORG [logging] default = FILE:c:\temp\krb5\krb5kdc.log admin_server = FILE:c:\temp\krb5\kadmind.log kdc = FILE:c:\temp\krb5\krb5kdc.log [realms] TOTO.ORG = { admin_server = dcibs11 kdc = TOTO.ORG }
(I changed my company name of course)
Created 09-07-2018 02:27 PM
Hello @vincent yernaux.
Right, perhaps you need to add some parameters to your kinit command, e.g.:
kinit -kt /etc/security/keytabs/nifi.service.keytab nifi/vmurakami-1@EXAMPLE.COM
So in this case, I'm getting a session with a principal called nifi/vmurakami-1 which has a keytab in the /etc/security/keytabs/
And I'd try to check the Delegation UID field from the ODBC window.
Hope this helps
Created 09-20-2018 09:11 AM
Hello,
finally, I found a way to make it work.
jdbc/hive or odbchive had the same problem: no ticket kerberos.
I tried to connect hive from windows environment (AD) and I get the message: GSS initiate failed
The solution was to execute the kinit.exe from java binary (not the one from windows nor MIT).