Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}

Labels:
sshelgao
Explorer

Created ‎06-25-2018 06:40 AM

Hi,

We are facing strange thing, we have created a new user say snehal, created snehal@EXAMPLE.COM principal and snehal.keytab with this principal. And added "hadoop.proxyuser.snehal.groups=* , ,hadoop.proxyuser.snehal.hosts=* " properties in HDFS->config->custome-core site.

same way added property for webhcat also.

Now i am hitting > GET https://host:8443/gateway/default/webhdfs/v1/?op=GETHOMEDIRECTORY&user.name=snehal

I am getting

{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}} Non activated Name node :https://host:8443/gateway/default, Error Message: 403#@_#{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}

Tried many ways like, adding the user snehal in supergroup, also did "kdestroy -> kinit with snehal keytab and principal" many times with different users also, Restarted ambari-server. But no luck.

Thanks,

Snehal

1,148 Views
0 Kudos
2 REPLIES 2

ssubhas
Guru

Created ‎06-25-2018 07:12 AM

@Snehal Shelgaonkar

Can you check if hadoop.proxyuser.knox.groups=* and hadoop.proxyuser.knox.hosts=* are set?

1,054 Views
0 Kudos

sshelgao
Explorer

Created ‎06-25-2018 09:12 AM

Yes @Sindhu I have set that too.

hadoop.proxyuser.knox.hosts=* and hadoop.proxyuser.knox.groups=*

Didnt work. Same exception.

Also One more thing to mention here. I have 2 principal knox@EXAMPLE.COM and snehal@EXAMPLE.COM with knox.keytab and snehal.keytab resp. Tried kinit both alternatively. Could not get this issue resolved. I am able to connect with knox user but not with snehal user.

Is there any specific way to add user other than knox to access Knox gateway URLs.?

1,054 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Community Announcements
March 2023 Community Highlights
What's New @ Cloudera
Cloudera DataFlow Designer for self-service data flow development is now generally available to all CDP Public Cloud customers
What's New @ Cloudera
Cloudera Operational Database (COD) UI provides the JWT configuration details to connect to your HBase client
What's New @ Cloudera
Cloudera Operational Database (COD) UI allows storage type selection when creating an operational database
What's New @ Cloudera
Release of Cloudera Streaming Analytics (CSA) 1.9.0 for CDP 7.1.7 SP2 & CDP 7.1.8
View More Announcements