@Robin Dong In Linux only iptables controls the Kernel based firewall. You might have firewalld in CentOS7 or ufw in Ubuntu but they're just an abstraction layer on top of iptables. So if 'iptables -L' doesn't show anything then it's all good. The Ambari iptables check is rudimentary and it doesn't know if the rules that exist still allow all the traffic. It only checks for 'service iptables status' or 'systemctl status firewalld', which means there are no filter tables. But please be aware of the cloud firewall as well. For example in AWS even instances in the same Security Group are not allowed by default to communicate with each another and this must be enabled explicitly: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html#sg-rules-other-instances ... View more

@Bhavin Tandel I had a similar issue recently and while the Ambari YARN Queue Manager View doesn't offer a configurable URL, a workaround I found was to add the cluster as a Remote Cluster (using the alias URL when defining the Ambari Cluster URL) and then point the View to the remote cluster. This seemed to work just fine. ... View more

Hi @Narasimma varman After reading your message again it looks like you're trying to follow https://community.hortonworks.com/articles/7341/nifi-user-authentication-with-ldap.html which at a close look is using the Demo LDAP as part of Knox. The Knox Demo LDAP listens on port 33389 however it's not started automatically when you start Knox. Please make sure you go to Knox in Ambari and select Start Demo LDAP from the Service Actions as per the screenshot from the link above: https://community.hortonworks.com/storage/attachments/956-1.jpg You can verify if the Demo LDAP has started and listening on port 33389 by running: netstat -tnlp|grep 33389 If you see a process listening then you can configure ambari-server setup-ldap with the following options (use admin-password when asked for the Manager password): # ambari-server setup-ldap Using python /usr/bin/python Setting up LDAP properties... Primary URL* {host:port} (localhost:33389): localhost:33389 Secondary URL {host:port} : Use SSL* [true/false] (false): User object class* (person): person User name attribute* (uid): uid Group object class* (groupofnames): groupofnames Group name attribute* (cn): cn Group member attribute* (member): member Distinguished name attribute* (dn): dn Base DN* (dc=hadoop,dc=apache,dc=org): dc=hadoop,dc=apache,dc=org Referral method [follow/ignore] (follow): Bind anonymously* [true/false] (false): false Manager DN* (uid=admin,ou=people,dc=hadoop,dc=apache,dc=org): uid=admin,ou=people,dc=hadoop,dc=apache,dc=org Enter Manager Password* : Re-enter password: ==================== Review Settings ==================== authentication.ldap.managerDn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org authentication.ldap.managerPassword: ***** Save settings [y/n] (y)? y Saving...done Ambari Server 'setup-ldap' completed successfully. You might also need to turn off pagination as the Knox LDAP doesn't support it: echo "authentication.ldap.pagination.enabled=false" >> /etc/ambari-server/conf/ambari.properties Now, don't forget to restart Ambari Server and be careful that after running ambari-server sync-ldap --all, the admin user password will change to admin-password Other users can be found by running this: cat /etc/knox/conf/users.ldif|egrep "^uid|^userPassword" And you can add new users by changing Advanced users-ldif under the Knox Config in Ambari. Good luck! ... View more