Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}

{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}

Explorer

Hi,

We are facing strange thing, we have created a new user say snehal, created snehal@EXAMPLE.COM principal and snehal.keytab with this principal. And added "hadoop.proxyuser.snehal.groups=* , ,hadoop.proxyuser.snehal.hosts=* " properties in HDFS->config->custome-core site.

same way added property for webhcat also.

Now i am hitting > GET https://host:8443/gateway/default/webhdfs/v1/?op=GETHOMEDIRECTORY&user.name=snehal

I am getting

{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}} Non activated Name node :https://host:8443/gateway/default, Error Message: 403#@_#{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}

Tried many ways like, adding the user snehal in supergroup, also did "kdestroy -> kinit with snehal keytab and principal" many times with different users also, Restarted ambari-server. But no luck.

Thanks,

Snehal

2 REPLIES 2
Highlighted

Re: {"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}

@Snehal Shelgaonkar

Can you check if hadoop.proxyuser.knox.groups=* and hadoop.proxyuser.knox.hosts=* are set?

Highlighted

Re: {"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}

Explorer

Yes @Sindhu I have set that too.

hadoop.proxyuser.knox.hosts=* and hadoop.proxyuser.knox.groups=*

Didnt work. Same exception.

Also One more thing to mention here. I have 2 principal knox@EXAMPLE.COM and snehal@EXAMPLE.COM with knox.keytab and snehal.keytab resp. Tried kinit both alternatively. Could not get this issue resolved. I am able to connect with knox user but not with snehal user.

Is there any specific way to add user other than knox to access Knox gateway URLs.?

Don't have an account?
Coming from Hortonworks? Activate your account here