Support Questions

Rajacloud · ‎09-07-2016

Hi – After installing and configuring kerberos,

1) I have created the principal file under the path '/var/kerberos/krb5kdc' using the command "./kdb5_util create -s"
2) Entered into Kerberos admin using the command "sudo kadmin.local"
3) Have added a new prinicpal under kadmin.local using the command "addprinc <princ_name>
And after doing all these I have executed the command "kinit <princ_name>, I am getting the following error:
"kinit: Cannot contact any KDC for realm ‘CLOUDERA’ while getting initial credentials" when doing the step 'Import KDC Account Manager Credentials'.

Please help me out to sort this issue at the earliest.

Thanks,
Muthuraja.S

saranvisa · ‎12-10-2016

It seems you are enabling Kerberos using Cloudera Manager Wizard.

Generally we may get into two different issue for KDC while Import KDC Account Manager Credentials. Let me give tips for both of them

Pre-request:

a. Make sure all the configuration files are updated with proper REALM

b. Make sure kerberos DB has been created

c. Make sure principals are created

1. Issue: kinit: Cannot contact any KDC for realm 'REALM NAME' while getting initial credentials

Ans: Start the required services as follows

service kadmin start

service krb5kdc start

2. Issue: kinit: Cannot find KDC for requested realm while getting initial credentials

Ans: Before press the "Import KDC Account Manager Credentials" button. Make sure the configuration files are updated in Cloudera Manager (Note: This is different from the configuration file update that i've mentioned in the prerequest section. This is a direct update in CM)

CM -> Adminstration-> Setting -> REALM = REALM Name
CM -> Adminstration-> Setting -> KDC SERVER HOST = HOST Name

Thanks

Kumar

prubud · ‎05-16-2019

this helped thanks!