Support Questions

varun_rathinam · ‎12-17-2016

Hi,

I'm preparing Kerberos setup in HDP 2.5 from hortonworks doc.

when i create database it shows as below;

[root@sandbox krb5kdc]# /usr/sbin/kdb5_util create -s

Loading random data Initializing database '/var/kerberos/krb5kdc/principal' for realm 'NIMBUS.CO', master key name 'K/M@NIMBUS.CO' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: Re-enter KDC database master key to verify: kdb5_util:

File exists while creating database '/var/kerberos/krb5kdc/principal'a

when i remove the already created principal file, still this issue is there. tell me how to resolve this issue?

rajkumar_singh · ‎12-17-2016

@Varun R please try these steps

service krb5kdc stop

service kadmin stop

kdb5_util destroy

varun_rathinam · ‎12-17-2016

Hi Rajkumar,

Thanks for responding.

I did above commands, still this issue is not resolved. Failed to stop krb5kdc,kadmin services and also i cant able to destroy. When i destroy make it shows no such entry in database shows.

KuldeepK · ‎12-18-2016

@Varun R

Can you please try to remove /var/kerberos/krb5kdc/principal* files and try again?

rm -rf /var/kerberos/krb5kdc/principal*
service krb5kdc restart
service kadmin restart

If there is any issue with the restart, make sure to kill the processes and start it again.

e.g.

kill -9 <pid-of-krb5kdc>
service krb5kdc start

Hope this helps!

varun_rathinam · ‎12-19-2016

principal has been successfully created by using kadmin.local -q "addprinc varun/admin". Realm and DNS hostnames and domain names set correctly.when i connect to principal.

kadmin -p varun/admin 
Authenticating as principal varun/admin with password. 
kadmin: Cannot resolve network address for admin server in requested realm while initializing kadmin interface

aquilodran · ‎11-13-2018

Hi Varun,

Did you configure the /etc/hosts? this called my attention:

kadmin: Cannot resolve network address for admin server in requested realm while initializing kadmin interface

make sure to use the fully qualified domain names in all the configurations since Kerberos it is really picky with that.

Regards,

AQ

olaf_weiser · ‎11-13-2018

I think you need to delete those files as well, then it works...

[root@centos10 krb5kdc]# ll
total 28
-rw------- 1 root root 29 Nov 13 09:36 kadm5.acl
-rw------- 1 root root 29 Nov 13 09:24 kadm5.acl.rpmsave
-rw------- 1 root root 29 Nov 13 09:36 kadm5.acly
-rw------- 1 root root 448 Nov 13 09:35 kdc.conf
-rw------- 1 root root 448 Nov 13 09:24 kdc.conf.rpmsave
-rw------- 1 root root 8192 Nov 13 09:27 principal <<<<<<<<<<<<<<<<<
-rw------- 1 root root 0 Nov 13 09:37 principal.ok<<<<<<<<<<<<<<<<<

then it works

[root@centos10 ~]# /usr/sbin/kdb5_util create -r BEER.LOC -s
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'BEER.LOC',
master key name 'K/M@BEER.LOC'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
[root@centos10 ~]#

Cloudera Community

Support Questions

kerberos setup fails