Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

newly created user can't log in to ambari

Labels:
avatar
author-rank Carolyn author-rank
Guru

Created ‎12-15-2016 02:44 PM

I created a new internal user in Ranger. When I attempt to log in to ambari with that user, I get the following error message:

"Unable to sign in. Invalid username/password combination."

I went to ranger and changed the password to make sure it was correct. Then tried again but I still got the same error.

Ranger is syncing to unix.

1,801 Views
1 ACCEPTED SOLUTION

avatar
author-rank slachterman
Guru

Created ‎12-15-2016 03:02 PM

@cduby that's expected behavior. Internal Ranger users can log into the Ranger UI, depending on their permissions, (and have Ranger policies assigned to them), but not necessarily the Ambari UI. Ambari has its own local users that are stored in Ambari's database.

Ranger syncing external users from Unix doesn't affect this.

View solution in original post

1,507 Views
0 Kudos
3 REPLIES 3

avatar
author-rank slachterman
Guru

Created ‎12-15-2016 03:02 PM

@cduby that's expected behavior. Internal Ranger users can log into the Ranger UI, depending on their permissions, (and have Ranger policies assigned to them), but not necessarily the Ambari UI. Ambari has its own local users that are stored in Ambari's database.

Ranger syncing external users from Unix doesn't affect this.

1,508 Views
0 Kudos

avatar
author-rank Carolyn author-rank
Guru

Created ‎12-15-2016 03:10 PM

@slachterman

How do I add users in ambari in the sandbox? I log in as raj_ops but I don't see any way to add users. Maybe I need to log in as a different user?

Also, how do Ranger and Ambari negotiate the internal users. For example, if I log into hive view as a local ambari user, how does it map that user to a ranger user? Do you have to sync with AD or unix to make that work?

1,507 Views
0 Kudos

avatar
author-rank slachterman
Guru

Created ‎12-15-2016 06:31 PM

@cduby you'll need to log in to Ambari as a user that has access to Manage Users and Groups, like the admin user.

It just matches on the username string (noting that mapping rules may modify that value), based on the authenticated user (the Hive view makes use of impersonation, for which ever system user is running Ambari Server). Best practice is to use LDAP for both Ambari and Ranger, pointing to the same LDAP, so that both systems use the same source of truth for user and group identities.

1,507 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
View More Announcements