About rizalt

rizalt · ‎06-11-2024

Everyone, can help me How to create keytab krb5.keytab in kerberos ? when I list keytab use " klist -k" show error like below root@master1:~# klist -k Keytab name: FILE:/etc/krb5.keytab klist: Key table file '/etc/krb5.keytab' not found while starting keytab scan

rizalt · ‎06-11-2024

I tried command kinit to make sure the password is correct, but message kinit is " password incorrect while getting initial credential" like below root@master1:~# kinit nm/slave1.hadoop.com@HADOOP.COM Password for nm/slave1.hadoop.com@HADOOP.COM: kinit: Password incorrect while getting initial credentials What should recreate principal/change the password ? Please give me suggestion, I'm sure the password is correct

rizalt · ‎06-10-2024

Thks @Scharan the repply Yes, I can like below root@slave1:~# klist -kt /etc/security/keytabs/nm.service.keytab Keytab name: FILE:/etc/security/keytabs/nm.service.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 2 06/11/2024 11:05:54 nm/slave1.hadoop.com@HADOOP.COM 2 06/11/2024 11:05:54 nm/slave1.hadoop.com@HADOOP.COM root@slave1:~#

rizalt · ‎06-10-2024

Hi Everyone can help me, I'm strat NodeManger in ambari but show error "failure to login: for principal: nm/slave1.hadoop.com@HADOOP.COM from keytab /etc/security/keytabs/nm.service.keytab" for detail like below 2024-06-11 09:30:28,202 INFO impl.MetricsSystemImpl (MetricsSystemImpl.java:shutdown(611)) - NodeManager metrics system shutdown complete. 2024-06-11 09:30:28,202 ERROR nodemanager.NodeManager (NodeManager.java:initAndStartNodeManager(965)) - Error starting NodeManager org.apache.hadoop.yarn.exceptions.YarnRuntimeException: Failed NodeManager login at org.apache.hadoop.yarn.server.nodemanager.NodeManager.serviceInit(NodeManager.java:488) at org.apache.hadoop.service.AbstractService.init(AbstractService.java:164) at org.apache.hadoop.yarn.server.nodemanager.NodeManager.initAndStartNodeManager(NodeManager.java:962) at org.apache.hadoop.yarn.server.nodemanager.NodeManager.main(NodeManager.java:1042) Caused by: org.apache.hadoop.security.KerberosAuthException: failure to login: for principal: nm/slave1.hadoop.com@HADOOP.COM from keytab /etc/security/keytabs/nm.service.keytab javax.security.auth.login.LoginException: Unable to obtain password from user at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:2012) at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1365) at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1125) at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:324) at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:288) at org.apache.hadoop.yarn.server.nodemanager.NodeManager.doSecureLogin(NodeManager.java:295) at org.apache.hadoop.yarn.server.nodemanager.NodeManager.serviceInit(NodeManager.java:486) ... 3 more Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:903) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:766) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:618) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:587) at org.apache.hadoop.security.UserGroupInformation$HadoopLoginContext.login(UserGroupInformation.java:2091) at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:2001) ... 9 more 2024-06-11 09:30:28,204 INFO nodemanager.NodeManager (LogAdapter.java:info(51)) - SHUTDOWN_MSG: any suggestions?

rizalt · ‎06-07-2024

@Shelton I'm using Ubuntu 22.04 & using ODP (https://clemlabs.s3.eu-west-3.amazonaws.com/ubuntu22/odp-release/1.2.2.0-46/ODP)

rizalt · ‎06-06-2024

@Shelton @Majeti I found in the kdf.conf for "admin_keytab" path /etc/krb5kdc/kadm5.keytab not found, where i can create kadm5.keyab? please see below any suggestions?

rizalt · ‎06-06-2024

@Shelton I'm following your step, but show an error like below root@master1:~# sudo systemctl restart krb5-kdc Job for krb5-kdc.service failed because the control process exited with error code. See "systemctl status krb5-kdc.service" and "journalctl -xeu krb5-kdc.service" for details. root@master1:~# systemctl status krb5-kdc.service × krb5-kdc.service - Kerberos 5 Key Distribution Center Loaded: loaded (/lib/systemd/system/krb5-kdc.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Fri 2024-06-07 00:33:16 UTC; 5min ago Process: 13894 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5-kdc.pid $DAEMON_ARGS (code=exited, status=1/FAILURE) CPU: 92ms Jun 07 00:33:16 master1.hadoop.com systemd[1]: Starting Kerberos 5 Key Distribution Center... Jun 07 00:33:16 master1.hadoop.com krb5kdc[13894]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system Jun 07 00:33:16 master1.hadoop.com krb5kdc[13894]: krb5kdc: Configuration file does not specify default realm, attempt> Jun 07 00:33:16 master1.hadoop.com krb5kdc[13894]: Configuration file does not specify default realm - while attemptin> Jun 07 00:33:16 master1.hadoop.com systemd[1]: krb5-kdc.service: Control process exited, code=exited, status=1/FAILURE Jun 07 00:33:16 master1.hadoop.com systemd[1]: krb5-kdc.service: Failed with result 'exit-code'. Jun 07 00:33:16 master1.hadoop.com systemd[1]: Failed to start Kerberos 5 Key Distribution Center.

rizalt · ‎06-05-2024

@Majeti . my issue is when Ambari tests Kerberos client always shows a dialog box like this My previous settings were like this I have the principal admin/admin@HADOOP.COM and the password is correct, root@master1:~# kadmin -p admin/admin Authenticating as principal admin/admin with password. Password for admin/admin@HADOOP.COM: kadmin: listprincs HTTP/master1.hadoop.com@HADOOP.COM K/M@HADOOP.COM admin/admin@HADOOP.COM admin/master1.hadoop.com@HADOOP.COM hdfs/master1.hadoop.com@HADOOP.COM kadmin/admin@HADOOP.COM kadmin/changepw@HADOOP.COM krbtgt/HADOOP.COM@HADOOP.COM Any suggestions for this issue?

rizalt · ‎06-05-2024

@Shelton /etc/host root@master1:~# hostname -f master1.hadoop.com /etc/hosts 127.0.0.1 localhost 192.168.122.10 master1.hadoop.com 192.168.122.11 slave1.hadoop.com 192.168.122.12 slave2.hadoop.com # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters /etc/krb5.conf [libdefaults] renew_lifetime = 7d forwardable = true default_realm = HADOOP.COM ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = /tmp/krb5cc_%{uid} #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [logging] default = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log kdc = FILE:/var/log/krb5kdc.log [realms] HADOOP.COM = { admin_server = master1.hadoop.com kdc = master1.hadoop.com } kadm5.acl */admin@HADOOP.COM * event create ticket show error root@master1:~# systemctl restart krb5-kdc root@master1:~# systemctl restart krb5-admin-server root@master1:~# kinit -kt /etc/security/keytabs/hdfs.keytab hdfs/master1.hadoop.com@HADOOP.COM kinit: Client 'hdfs/master1.hadoop.com@HADOOP.COM' not found in Kerberos database while getting initial credentials

rizalt · ‎06-05-2024

@Majed im my cluster master1,slave1 & slave2 kinit logged in fine without errors, listed below root@master1:~# kinit admin/admin@HADOOP.COM Password for admin/admin@HADOOP.COM: root@master1:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin/admin@HADOOP.COM Valid starting Expires Service principal 06/05/2024 07:17:16 06/05/2024 17:17:16 krbtgt/HADOOP.COM@HADOOP.COM renew until 06/05/2024 07:17:16 root@master1:~# root@slave1:~# kinit admin/admin@HADOOP.COM Password for admin/admin@HADOOP.COM: root@slave1:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin/admin@HADOOP.COM Valid starting Expires Service principal 06/05/2024 07:19:26 06/05/2024 17:19:26 krbtgt/HADOOP.COM@HADOOP.COM renew until 06/05/2024 07:19:26 root@slave1:~# root@slave2:~# kinit admin/admin@HADOOP.COM Password for admin/admin@HADOOP.COM: root@slave2:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin/admin@HADOOP.COM Valid starting Expires Service principal 06/05/2024 07:20:19 06/05/2024 17:20:19 krbtgt/HADOOP.COM@HADOOP.COM renew until 06/05/2024 07:20:19 root@slave2:~#

Online	Offline
Last Visited	‎01-03-2025 05:05 AM

Member Since	‎02-22-2024 05:16 AM
Last Visited	‎01-03-2025 05:05 AM
Posts	27
Kudos received	13

Cloudera Community

How to make krb5.keytab

Re: Failure to login: for principal NodeManager Fr...

Re: Failure to login: for principal NodeManager Fr...

Failure to login: for principal NodeManager From k...

Re: [KERBEROS] Failed to kinit as the KDC administ...

Re: [KERBEROS] Failed to kinit as the KDC administ...

Re: [KERBEROS] Failed to kinit as the KDC administ...

Re: [KERBEROS] Failed to kinit as the KDC administ...

Re: [KERBEROS] Failed to kinit as the KDC administ...

Re: [KERBEROS] Failed to kinit as the KDC administ...