Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Who agreed with this topic

Cant access secured web UI - Solr UI (GSSException: Defective token detected)

Master Collaborator

Hi guys,

 I have a good old problem with accessing kerberized web http url from my browser, bumping into an error:

 

HTTP Status 403 - GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

 

My environment is a lab, so I have a non-domain computer (not joined to the Active Directory), I have Kerberos KDC running in one linux server, and then several linux servers running Hadoop. The cluster is kerberized, inside the cluster everything works with tickets (hdfs, impala-shell) but from outside I cant access the secured Solr site (and also I assume other sites, as namenode, resource manager web ui, it those would be secured as well).

 

I tried to google around this problem, read all posts here about spnego, tried everything so far:

1. adding the server running of the Solr into the trusted zones.

2. Downloaded Kerberos client for Windows, and sucessfully acquired a ticket

3. Under Run as Admin cmd: ksetup /addkdc MYREALM.LOCAL <kdchostip>

                                               ksetup /addhosttorealmmap <solrhost> MYREALM.LOCAL

4. Tried Chrome, IE, FireFox

 

But nothing helped. I guess the error is obvious, because the browser don't know WHERE  to contact the hadoop KDC server, even if I did the ksetup, it didnt helped. 

 

Running curl from any of the hadoop nodes:

 1. kinit hdpuser

 2. curl --negotiate -u : http://192.168.20.41:8983/solr/

works fine so the problem is around my browser, my OS or DNS or I dont know.

 

Any hints? 

Who agreed with this topic