Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

rest api via knox only admin can access

Labels:
avatar
author-rank sen_ke
Contributor

Created ‎10-13-2017 06:00 AM

Hi All:

when curl via knox i only can use admin (-u admin:admin-password) to access and can't use other account or will reply :

HTTP/1.1 401 Unauthorized Date: Fri, 13 Oct 2017 05:45:38 GMT Set-Cookie: rememberMe=deleteMe; Path=/gateway/default; Max-Age=0; Expires=Thu, 12-Oct-2017 05:45:38 GMT WWW-Authenticate: BASIC realm="application" Content-Length: 0 Server: Jetty(9.2.15.v20160210)

my command:

curl -i -k -u user1:Hadoop -X PUT 'https://knoxHost:8443/gateway/default/webhdfs/v1/user1/senfile1?op=CREATE'

folder permission:

drwxr-xr-x - user1 hdfs 0 2017-10-05 11:08 /user1

Knox users-ldif:

# entry for user1

dn: uid=user1,ou=people,dc=hadoop,dc=apache,dc=org objectclass:top objectclass:person objectclass:organizationalPerson objectclass:inetOrgPerson cn: user1 sn: user1 uid: user1 userPassword:Hadoop

Ranger (Sync Source is Unix) HDFS config: add user1 to default all-path policy

Ranger knox config: add user1 to default all-topology, service policy

if any wrong in my config?

2,051 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank sen_ke
Contributor

Created ‎10-16-2017 02:00 AM

oh! i think i solved this problem,

after add user1, i restart knox all service, and start DEMO LDAP, and DEMO LDAP looks no restart,

so i stop DEMO LDAP then restart again, it's worked!

thanks @Aditya Sirna

View solution in original post

1,872 Views
3 REPLIES 3

avatar
author-rank asirna
Super Guru

Created ‎10-13-2017 12:29 PM

@Sen Ke,

Can you please attach the gateway.log (/var/log/knox/gateway.log)

1,872 Views
0 Kudos

avatar
author-rank sen_ke
Contributor

Created ‎10-16-2017 01:44 AM

@Aditya Sirna

2017-10-16 09:40:15,499 INFO hadoop.gateway (KnoxLdapRealm.java:getUserDn(691)) - Computed userDn: uid=user1,ou=people,dc=hadoop,dc=apache,dc=org using dnTemplate for principal: user1

2017-10-16 09:40:15,509 INFO hadoop.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(203)) - Could not login: org.apache.shiro.authc.UsernamePasswordToken - user1, rememberMe=false (10.243.91.58)

2017-10-16 09:40:15,509 ERROR hadoop.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(205)) - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=user1,ou=people,dc=hadoop,dc=apache,dc=org]

1,872 Views
0 Kudos

avatar
author-rank sen_ke
Contributor

Created ‎10-16-2017 02:00 AM

oh! i think i solved this problem,

after add user1, i restart knox all service, and start DEMO LDAP, and DEMO LDAP looks no restart,

so i stop DEMO LDAP then restart again, it's worked!

thanks @Aditya Sirna

1,873 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements