@glupu @Ian Shrum Try the below URL's for learning ropes HDP sandbox https://hortonworks.com/tutorial/sandbox-deployment-and-install-guide/section/1/ https://hortonworks.com/tutorial/sandbox-deployment-and-install-guide/section/2/ https://hortonworks.com/tutorial/sandbox-deployment-and-install-guide/section/3/ ... View more

@Bala K Yes please add the x.x.x.x dev-addc.fda.eyfids.net dev-addc line in the /etc/hosts on the KDC server and to force TCP protocol between the KDC and AD Server and the following line in the krb5.conf: [libdefaults] udp_preference_limit = 1 Remember we want to eliminate the host not found error ... View more

@Bala K The errors logged in krb5kdc.log Feb 19 18:59:23 qa-hdp-mitkdc.fdaqa.eyfids.net krb5kdc[1064](info): TGS_REQ (8 etypes {18 17 20 19 16 23 25 26}) : LOOKING_UP_SERVER: authtime 0, bigsql/qa-hdp-node5.fdaqa.eyfids.net@FDAQA.EYFIDS.NET for host/qa-hdp-node1.fdaqa.eyfids.net@FDAQA.EYFIDS.NET, Server not found in Kerberos database host/qa-hdp-node2.fdaqa.eyfids.net@FDAQA.EYFIDS.NET, Server not found in Kerberos database host/qa-hdp-node3.fdaqa.eyfids.net@FDAQA.EYFIDS.NET, Server not found in Kerberos database host/qa-hdp-node4.fdaqa.eyfids.net@FDAQA.EYFIDS.NET, Server not found in Kerberos database host/qa-hdp-node5.fdaqa.eyfids.net@FDAQA.EYFIDS.NET, Server not found in Kerberos database FQDN is always required by Kerberos make sure the entries in /etc/hosts reflect that too. A workaround is to set the LDAP server name directly rather than relying on DNS. Please do the necessary changes and revert. ... View more

@Bala K Also, ensure the clock is synchronized between the KDc and AD !! ... View more

@Bala K can the AD user successfully grab a ticket? # kinit aduser@FDA.EYFIDS.NET Then # Klist Can you share the above outputs and also the zip and share the following /var/log/krb5default.log /var/log/kadmind.log /var/log/krb5kdc.log Cheers ... View more

@Bala K Add the below line CAPATHS in the krb5.conf for cross-realm authentication, a database is needed to construct the authentication paths between the realms. From your previous posting add it below Note the (.) dot after the = sign on the second line [domain_realm] xxxx xxxxxx [capaths] FDA.EYFIDS.NET = { FDAQA.EYFIDS.NET = . } On the KDC do you have a principal krbtgt/FDAQA.EYFIDS.NET@FDA.EYFIDS.NET ? you can check with # kadmin.local list_princs If not add as below addprinc -e "aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal" krbtgt/FDAQA.EYFIDS.NET@FDA.EYFIDS.NET In Ambari -> HDFS -> configs -> Advanced -> hadoop.security.auth_to_local Can you remove these 2 rules RULE:[1:$1@$0](^.*@FDA\.EYFIDS\.NET$)s/^(.*)@FDA\.EYFIDS\.NET$/$1/g RULE:[2:$1@$0](^.*@FDA\.EYFIDS\.NET$)s/^(.*)@FDA\.EYFIDS\.NET$/$1/g Replace them with RULE:[1:$1@$0](.*@FDA.EYFIDS.NET)s/@.*// Regenerate all Hadoop service principals and their respective keytabs and restart all stale components Try and revert ... View more

@Bala K There is an error with your auth_to_local entry for RULE:[2:$1...... In Ambari -> HDFS -> configs -> Advanced -> hadoop.security.auth_to_local RULE:[1:$1@$0](^.*@FDA\.EYFIDS\.NET$)s/^(.*)@FDA\.EYFIDS\.NET$/$1/g RULE:[2:$1@$0](^.*@FDA\.EYFIDS\.NET$)s/^(.*)@FDA\.EYFIDS\.NET$/$1/g Could you change it to the below note the RULE[2 ....line has not '@' RULE:[1:$1@$0](^.*@FDA\.EYFIDS\.NET$)s/^(.*)@FDA\.EYFIDS\.NET$/$1/g RULE:[2:$1@$0](^.*FDA\.EYFIDS\.NET$)s/^(.*)@FDA\.EYFIDS\.NET$/$1/g Please let me know if that helped ... View more

WOW thats interesting but when you can PSI they blame The hortonworks team saying its the "sponsor" responsible this is quite annoying and discouraging ... View more

@Matt Andruff Ensure the entries in your /etc/hosts are not pointing just to host names, they should be FQDN. ... View more

@Sana Faraz From WinSCP just drag and drop from left to right and the error you are getting img3.png is due to the fact that you dont have an entry for the sandbox on your C:\Windows\System32\drivers\etc\hosts please get the ip of your sandbox # ifconfig then use the IP if eg 192.168.0.154 then the host's entry on your windows laptop/desktop should be in the format IP/FQDN/ALIAS eg 192.168.0.154 sandbox.hortonworks.com sandbox Now from you windows run the cmd ping sandbox.hortonworks.com or sandbox If it response then your connection between the windows and sandbox is okay and proceed with the copy ... View more