Cloudera Community
Announcements
Now Live: Explore expert insights and technical deep dives on the new Cloudera Community BlogsRead the Announcement
Shelton
user rank
Master Mentor

Re: ambari-server sync-ldap: Exiting with exit co...

by Master Mentor in Support Questions
‎05-09-2018 07:12 AM
‎05-09-2018 07:12 AM
@heta desai Can you paste the error here and also the ambari error ... View more

Re: Upon enabling kerberos, Zookeeper doesn't star...

by Master Mentor in Support Questions
‎05-09-2018 06:59 AM
‎05-09-2018 06:59 AM
@Erkan ŞİRİN Can you repost the latest error ! And how I can reproduce it ... View more

Re: NameNode keeps going down

by Master Mentor in Support Questions
‎05-08-2018 10:41 PM
‎05-08-2018 10:41 PM
@Subramanian Govindasamy Any updates? ... View more

Re: Cluster non operational after enabling Kerbero...

by Master Mentor in Support Questions
‎05-08-2018 09:39 PM
‎05-08-2018 09:39 PM
@Sadek M I think you also forgot the entry [domain_realm] I have added it to your original krb5.conf, please backup your current krb5.conf and just copy and paste the one below, [libdefaults] renew_lifetime = 7d forwardable = true default_realm = MYREALM.FS ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = /tmp/krb5cc_%{uid} #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [domain_realm] .myrealm.fs = MYREALM.FS myrealm.fs = MYREALM.FS [logging] default = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log kdc = FILE:/var/log/krb5kdc.log [realms] MYREALM.FS = { admin_server = mykdc.local kdc = mykdc.local } Then restart below Kerberos daemons # service krb5kdc start # service kadmin restart Please let me know ... View more

Re: NameNode keeps going down

by Master Mentor in Support Questions
‎05-08-2018 09:22 PM
‎05-08-2018 09:22 PM
@Subramanian Govindasamy Did you set a one way trust MIT KDC to Active Directory if so can you share your /etc/krb5.conf entry ... View more

Re: Upon enabling kerberos, Zookeeper doesn't star...

by Master Mentor in Support Questions
‎05-08-2018 03:09 PM
1 Kudo
‎05-08-2018 03:09 PM
1 Kudo
@Erkan ŞİRİN You issue looks the NTPD service ie The clock on you system (Linux/UNIX) is too far off from the correct time or not in sync wit the AD 2012R". Your machine needs to be within less than 5 minutes of the Kerberos servers in order to get any tickets. ... View more

Re: ambari-server sync-ldap: Exiting with exit co...

by Master Mentor in Support Questions
‎05-08-2018 02:36 PM
‎05-08-2018 02:36 PM
@heta desai Your sync process failed! If you do not know the root entry of the LDAP server you are connecting to, you can query a special "meta" entry outside of the normal LDAP DIT for information about what DIT root entries it knows about ldapsearch -H ldap://server_domain_or_IP -x -LLL -s base -b "" namingContexts The admin entry typically uses the simpleSecurityObject objectClass in order to gain the ability to set a password in the entry. You can use this to search for entry with this class: ldapsearch -H ldap://server_domain_or_IP -x -LLL -b "dc=example,dc=com" "(objectClass=simpleSecurityObject)" dn This will give you a list of the entries that use this class. Usually there is only one Performing the Bind Once you have an entry and password, you can perform a simple bind during your request to authenticate yourself to the LDAP server. ldapsearch -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W You should get the same result as our anonymous bind, indicating that our credentials were accepted. Rerun the Ambari ldap setup Use value obtained from above ambari-server setup-ldap You should have users and groups now pulled from the LDAP Then run ldap sync ambari-server sync-ldap --existing Your users should now be visible in Ambari and if you enabled ranger usersync then your user should be available in Ranger too !!! ... View more

Re: Default password for 'spark' user?

by Master Mentor in Support Questions
‎05-08-2018 01:55 PM
1 Kudo
‎05-08-2018 01:55 PM
1 Kudo
@ Kumar Deepak Then as root do switch command # su - spark Run your job ... View more

Re: Cluster non operational after enabling Kerbero...

by Master Mentor in Support Questions
‎05-08-2018 01:51 PM
1 Kudo
‎05-08-2018 01:51 PM
1 Kudo
@Sadek M A properly functioning DNS server for your domain and functioning DNS resolvers on machines participating in your Kerberos realm is essential for the proper operation of your realm. Kerberos can use DNS as a service location protocol, by using the DNS SRV record as defined in RFC 2052 or use a TXT record to locate the appropriate realm for a given host or domain name. Are you using a MIT Kerberos? Can you update your krb5.conf on all the nodes by adding: [libdefaults] rdns = false Your problem is a DNS issue, that's the reason I wanted the entries in /etc/hosts. A workaround if you cluster is small you could propagate the correct hosts' files, while you resolve the DNS issue. Setting Up KDC Discovery Over DNS To use KDC discovery over DNS, the following records should be placed in the zone file corresponding to the Kerberos realm. In most cases, since the Kerberos realm name is simply an uppercase version of the DNS domain owned by the organization, these DNS entries are placed into the organization’s existing DNS zone file. Note, however, if the Kerberos realm and DNS domain differ, then a new zone must be created with the name of the Kerberos realm typical your network team should be able to help with the DNS zone update ! Your zone file example _kerberos._udp.MYREALM.FS. IN SRV 10 0 88 {your_kdc_server}.myrealm.fs. _kerberos._tcp.MYREALM.FS. IN SRV 10 0 88 {your_kdc_server}.myrealm.fs. _kerberos-adm._tcp.MYREALM.FS. IN SRV 1 0 749 {your_kdc_server}.myrealm.fs. Hope that helps ... View more

Re: ambari-server sync-ldap: Exiting with exit co...

by Master Mentor in Support Questions
‎05-08-2018 01:19 PM
‎05-08-2018 01:19 PM
@heta desai From the above, your LDAP config pulls no data (users/groups) from the server so that means you have a problem with you ldapsearch function What entries were added to your /etc/ambari-server/conf/ambari.properties can you compare it with the backup if you took one. such as authentication.ldap.baseDn= authentication.ldap.managerDn= authentication.ldap.primaryUrl= authentication.ldap.bindAnonymously= authentication.ldap.dnAttribute= authentication.ldap.groupMembershipAttr= authentication.ldap.groupNamingAttr= authentication.ldap.groupObjectClass= authentication.ldap.useSSL= authentication.ldap.userObjectClass= authentication.ldap.usernameAttribute= These are AD-related but should be similar ... View more
Contact Me
Online
Offline
Last Visited
‎12-11-2025 11:50 PM
Community Statistics
Member Since ‎01-19-2017 04:35 AM
Last Visited ‎12-11-2025 11:50 PM
Posts 3,679
Kudos received 627