Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}

Highlighted

{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}

New Contributor

Hi,

We are facing strange thing, we have created a new user say snehal, created snehal@EXAMPLE.COM principal and snehal.keytab with this principal. And added "hadoop.proxyuser.snehal.groups=* , ,hadoop.proxyuser.snehal.hosts=* " properties in HDFS->config->custome-core site.

same way added property for webhcat also.

Now i am hitting > GET https://host:8443/gateway/default/webhdfs/v1/?op=GETHOMEDIRECTORY&user.name=snehal

I am getting

{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}} Non activated Name node :https://host:8443/gateway/default, Error Message: 403#@_#{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}

Tried many ways like, adding the user snehal in supergroup, also did "kdestroy -> kinit with snehal keytab and principal" many times with different users also, Restarted ambari-server. But no luck.

Thanks,

Snehal

2 REPLIES 2

Re: {"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}

@Snehal Shelgaonkar

Can you check if hadoop.proxyuser.knox.groups=* and hadoop.proxyuser.knox.hosts=* are set?

Re: {"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}

New Contributor

Yes @Sindhu I have set that too.

hadoop.proxyuser.knox.hosts=* and hadoop.proxyuser.knox.groups=*

Didnt work. Same exception.

Also One more thing to mention here. I have 2 principal knox@EXAMPLE.COM and snehal@EXAMPLE.COM with knox.keytab and snehal.keytab resp. Tried kinit both alternatively. Could not get this issue resolved. I am able to connect with knox user but not with snehal user.

Is there any specific way to add user other than knox to access Knox gateway URLs.?