@Sam Red 1.You will need to create a user home for the one running the view in this case admin as root # su - hdfs $hdfs dfs -mkdir /user/admin $hdfs dfs -chown admin:hdfs /user/admin That should resolve the "'userhome' check failed: Authentication required " 2. For the kerberos authentication for both hive and the file, view create a new view and l WebHDFS Authentication = auth=KERBEROS;proxyuser=ambari-server-$cluster@REALM To configure the views hive/files create a new view see below example Instance name = Test2 Displayname =Test2 Description =Test Files or hive Keep all the other parameters as is and only change the WebHDFS Authentication see attached screenshot the value for proxyuser should be the values obtained in the screenshot 1 using the filter ambari-server for hive and hdfs are identical Please let me know if that helped ... View more

@Joshua Adeleke This is what it means " The 401 Unauthorized error is an HTTP status code that means the page you were trying to access cannot be loaded until you first log in with a valid user ID" How to Fix the 401 Unauthorized Error Check for errors in the URL. It's possible that the 401 Unauthorized error appeared because the URL was typed incorrectly or the link that was clicked on points to the wrong URL - one that is for authorized users only. If you're sure the URL is valid, visit the website's main page and look for a link that says Login or Secure Access. Enter your credentials here and then try the page again. If you don't have credentials, follow the instructions provided on the website for setting up an account. If you're sure the page you're trying to reach shouldn't need authorization, the 401 Unauthorized error message may be a mistake. At that point, it's probably best to contact the webmaster or other website contact and inform them of the problem. Tip: The webmaster of some websites can be reached via email at webmaster@website.com, replacing website.com with the actual website name. The 401 Unauthorized error can also appear immediately after login, which is an indication that the website received your username and password but found something about them to be invalid (e.g. your password is incorrect). Follow whatever process is in place at the website to regain access to their system. ... View more

@pooja shrivastava Have you resolved the issue. ... View more

@Sam Red I told you ....:-) now pat my back with a reward the beer is for next time !!!!! Enjoy Hadoop ... View more

@pavan p Can you check the latest logs in /var/log/hadoop-yarn/yarn especially yarn-yarn-nodemanager-NodeManagerFQDN.out Please revert ... View more

@Sam Red I am happy we have advanced at times it such trivial things like extra space or the [domain_realm] you forgot that messes us up but once we have gone through it, we have the memories 🙂 I am NOT yes sure why you can't find the keytabs , once again let's give it this try sequentially. Once on the console as root check my steps [root@gulu ~]# cd /etc/security/keytabs/ [root@gulu keytabs]# ls activity-analyzer.headless.keytab ams-hbase.regionserver.keytab hbase.service.keytab knox.service.keytab rangeradmin.service.keytab smokeuser.headless.keytab activity-explorer.headless.keytab ams-zk.service.keytab You should definitely see many keytabs here or try # locate hive.service.keytab The issue of Failed to create principal, phddata-08291@RELAY.COM I tried adding the principal in my KDC see # kadmin.local Authenticating as principal root/admin@TEST.COM with password. kadmin.local: addprinc phddata-08291@TEST.COM WARNING: no policy specified for phddata-08291@TEST.COM; defaulting to no policy Enter password for principal "phddata-08291@TEST.COM": xxxxxx In the above, the password for phddata-08291@TEST.COM is the KDC password and you got to confirm it twice. To generate the keytab for user phddata-08291 do the following as root an invoke the ktutil (keytab utility) on the KDC # cd /etc/security/keytabs # sudo ktutil ktutil: addent -password -p phddata-08291@TEST.COM -k 1 -e RC4-HMAC Password for phddata-08291@TEST.COM: xxxx ktutil: wkt phddata-08291.keytab ktutil: q # chown phddata-08291:phddata-08291 phddata-08291.keytab Infact you can copy and pass these commands in ktutil and give the password you earlier created, the phddata-08291.keytab should be visible in /etc/security/keytabs but owned by root:root until you run the last chown command I hope that helps you and remember to reward me if that works ,I am sure it will work ... View more

@John Koop You will have to give this last try I downloaded a VM image a couple of hours ago. And below is what I exactly did. 1. Network I used Bridged Adapter 2. Memory 12 GB 3. Booted the sandbox 4. on the initial login <ALt + F5> 5. password root/hadoop 6. At the prompt as root 7. switched to the docker image # ssh -p2222 root@127.0.0.1 # ambari-admin-password-reset entered admin and confirmed 7. The above step initialized the ambari server and successfully 8. Could access ambari UI through http://sandbox-host:8080 There we go ... View more

@Dominik Ludwig Can you create a local user and give him/her Cluster Administrator see attached screenshot. After assigning to role to the user click the blue Arrow to save then retry ... View more

@Sam Red Solution to issue No.2 If you kerberized the cluster using the Ambari tool then the keytabs MUST have been generated under /etc/security/keytabs can you validate that you have the keytabs by running the below command as root,you should see a couple of keytabs # ls -al /etc/security/keytabs Solution to issue No.3 Notice you have to logon to kadmin interface as user root If your previously run the sudo yum install -y krb5-server krb5-libs krb5-workstation then kadmin was installed see attached my intercation with kadmin my kdc host FQDN is osaka.test.com and my REALM is TEST Solution to issue No.4 I can already see some error in your /etc/krb5.conf it should look like this. I have adjusted the correct entries but you need to change ONLY the 2 entries of FQDN_of_KDC with the below output from the server where you install the KDC server # hostname -f Your /etc/krb5.conf should look like this [libdefaults] renew_lifetime = 7d forwardable = true default_realm = RELAY.COM ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = /tmp/krb5cc_%{uid} #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [domain_realm] relay.com = RELAY.COM .relay.com = RELAY.COM [logging] default = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log kdc = FILE:/var/log/krb5kdc.log [realms] RELAY.COM = { admin_server = FQDN_of_KDC kdc = FQDN_of_KDC } Please let me know if you need ! ... View more