About Shelton

Shelton · ‎10-12-2017

@forest lin The kdc.conf looks fine, but your initial and final krb5.conf don't look correct you forgot to add the entry in lowercase see below !. Please backup of your current krb5.conf on all the hosts and replace them with the below exactly as it is. [libdefaults] renew_lifetime = 7d forwardable = true default_realm = ABC.COM ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = /tmp/krb5cc_%{uid} #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [domain_realm] abc.com = ABC.COM .abc.com = ABC.COM [logging] default = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log kdc = FILE:/var/log/krb5kdc.log [realms] ABC.COM = { admin_server = nn1-dev1-tbdp kdc = nn1-dev1-tbdp } Did you re-run the below to correctly setup the KDC and KDC Admin hostnames dpkg-reconfigure krb5-kdc Can you also validate that the host entries on all the hosts are the same and include the KDC server host entry? What the content of your kadm5.acl file? On the KDC server can you paste the output of the below command. Please obscure the domain name # kdestroy # kadmin.local Authenticating as principal root/admin@ABC.COM with password. kadmin.local: listprincs After validating and changing the above restart the services service krb5-kdc restart service krb5-admin-server restart Don't forget to enable auto-restart of kdc and kadmin use appropriate ubuntu command chkconfig krb5kdc on chkconfig kadmin on Now try the Ambari--> Kerberos wizard again it should succeed The logs are in these directories on the KDC and Clients default = /var/log/krb5kdc.log admin_server = /var/log/kadmind.log kdc = /var/log/krb5kdc.log Please revert

ilia987 · ‎10-18-2017

few minuets before i saw this post i just successfully solved the problem, i had two issues one i did not create hive db CREATE DATABASE hive; i base it on your post from https://community.hortonworks.com/answers/107905/view.html another issue i had i in the db url connection, i change it, to localhost. i am trying to accept your answer but i cant, don't have a button for it? next stage is to try it with non root install

Adilm · ‎10-05-2017

@Geoffrey Shelton Okot Problem resolved by simply Service Restart ) Thanks.

kamlepooja_raje · ‎10-06-2017

@Geoffrey Shelton Okot, Yes, that answers my doubt. Thank you so much for your response.

Shelton · ‎10-04-2017

@arjun more If you have KDC and AD integrated, this simply means the account to which the keytab is related has been disabled, locked, expired, or deleted. The AD service account should NEVER expire. If not could you validate the below steps Make sure the [realms] and [domain_realms] entries in cat /etc/krb5.conf is correct. Validate the contents of these 2 files /var/kerberos/krb5kdc/kdc.conf , /var/kerberos/krb5kdc/kadm5.acl Check the hdfs prinncipal # kadmin.local Authenticating as principal hdfs-uktehdpprod/admin@EUROPE.ODCORP.NET with password. kadmin.local: listprincs hdfs* hdfs-uktehdpprod@EUROPE.ODCORP.NET kadmin.local: Get the correct prncipal for hdfs # klist -kt /etc/security/keytabs/hdfs.headless.keytab Keytab name: FILE:/etc/security/keytabs/hdfs.headless.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 1 08/24/2017 15:42:23 hdfs-uktehdpprod@EUROPE.ODCORP.NET 1 08/24/2017 15:42:23 hdfs-uktehdpprod@EUROPE.ODCORP.NET 1 08/24/2017 15:42:23 hdfs-uktehdpprod@EUROPE.ODCORP.NET Try grabbing a valid Kerberos ticket # kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs-uktehdpprod@EUROPE.ODCORP.NET Validate the avalability period # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: hdfs-uktehdpprod@EUROPE.ODCORP.NET Valid starting Expires Service principal 10/04/2017 19:36:12 10/05/2017 19:36:12 krbtgt/EUROPE.ODCORP.NET@EUROPE.ODCORP.NET Please revert

Matthew_Arnold · ‎08-03-2018

@Benjamin Hopp @Chad Woodhead I had the exact same issue and tried bringing down both of my two NiFi nodes, waiting a few minutes, and brought them back online. Then I tried turning on the PutHDFS processor and it worked properly. Has anyone figured out why this solves the issue or what is causing this problem?

shehbazks98 · ‎09-24-2017

@geoffrey Shelton Thanks for the doc, after following the doc, I am able to see lineage in Atlas, But Cross Component scripts are not available on mention link in doc, you will find here https://github.com/hortonworks/data-tutorials/blob/archive-hdp-2.5/tutorials/hdp/hdp-2.5/cross-component-lineage-with-apache-atlas-across-apache-sqoop-hive-kafka-storm/assets/crosscomponent_scripts.zip?raw=true

Shelton · ‎09-19-2017

@PJ Okay good to know enjoy

Shelton · ‎09-18-2017

@Hiren Gala Can you give te screenshot and parameters used? The following are possible causes of this issue: 1. Incorrect port and/or Hive Service defined in connection. 2. Network issues. 3. The Hive server is not started. Please revert

xpelive · ‎09-07-2017

Thanks advince. The issue was resolved after changing the realms name from dev.com to DEV.COM

Online	Offline
Last Visited	‎12-11-2025 11:50 PM

Member Since	‎01-19-2017 04:35 AM
Last Visited	‎12-11-2025 11:50 PM
Posts	3,679
Kudos received	627

Cloudera Community

Re: Apache nifi memory consumption in kubernetes

Re: Nifi toolkit command for GitLabFlowRegistry

Re: Not able to delete the NiFi existing flow usin...

Re: Securing Nifi with SSL and using OIDC provider...

Re: External zookeeper and nifi cluster connection...

Re: Enable kerberos in HDP 2.6.2: "Test kerberos C...

Re: ambari cluster not working, error in history s...

Re: : Cannot open a hive connection with connect s...

Re: Unable to login in Ranger UI with Active Direc...

Re: Execution of '/usr/bin/kinit -kt /etc/security...

Re: NiFi PutHDFS Login Failure using kerberos

Re: i have configure Atlas on HDP 2.5 but i am una...

Re: Decommisiong status for a dead node

Re: Error connecting to hive database using Horton...

Re: Kerberos add_principal: Insufficient access t...