Member since
09-10-2015
261
Posts
85
Kudos Received
43
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1192 | 11-15-2018 10:21 PM | |
614 | 09-05-2018 09:03 PM | |
1213 | 03-19-2018 09:15 PM | |
909 | 03-16-2018 08:40 PM | |
500 | 02-09-2018 05:25 PM |
11-06-2017
03:41 PM
Knox plugin downloads policies upon first Knox request, not during the startup of Knox gateway. Send a Knox request to see if plugin downloads the policies. Information about this should be available in Knox gateway log, so you can check there.
... View more
11-01-2017
12:14 PM
What version of Ranger/HDP are you using? See https://issues.apache.org/jira/browse/RANGER-1632 - this fix is available in HDP 2.6.3 In your case, see if you can change the username attribute to sync the names as per your requirement.
... View more
11-01-2017
11:16 AM
Glad you resolved the issue. Please note that hostnames should be used for kerberos, ip address will not work.
... View more
10-31-2017
01:53 PM
I am glad it is working for you now. Please accept the answer if your issue is resolved.
... View more
10-31-2017
11:43 AM
AES NI is a performance accelerator, so it is not required to use HDFS TDE (transparent data encryption).
... View more
10-30-2017
01:57 PM
You can refer this tutorial series https://hortonworks.com/hadoop-tutorial/securing-data-lake-auditing-user-access-using-hdp-security/
... View more
10-27-2017
02:49 PM
Looks like Nifi is sending the user name as "cn=rverma,ou=People,dc=ex,dc=com", but in ranger access is given to user "rverma". Check if you can sync users in ranger with the full name Nifi is using. You can refer the below articles. https://community.hortonworks.com/articles/58769/hdf-20-enable-ranger-authorization-for-hdf-compone.html https://community.hortonworks.com/articles/57980/hdf-20-apache-nifi-integration-with-apache-ambarir.html https://issues.apache.org/jira/browse/RANGER-1224
... View more
10-27-2017
01:12 PM
I see "stderr:
Python script has been killed due to timeout after waiting 300 secs" in all the logs attached. So you need to check your kerberos config and investigate why Ambari is taking so much time to complete the kerberization step.
... View more
10-27-2017
01:09 PM
Can you please clarify what you are trying to do? Only if you use unix authentication, credValidator needs to be used.
... View more
10-25-2017
01:39 PM
If you see groups/users from AD in ranger then that confirms LDAP/AD sync is working. In that case, can you clarify the real issue you are running into?
... View more
10-25-2017
01:01 PM
Can you clarify your issue? I don't see any ranger related logs in the attachment.
... View more
10-25-2017
12:59 PM
Check the authentication method set on ranger admin. This needs to be LDAP/AD and right properties need to be configured. See https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configure_ranger_authentication.html
... View more
10-24-2017
04:03 PM
User holger_gov does not have privileges to create policy. User has to have ADMIN role in ranger or needs to be delegated admin for the specified resource. Can you check this? See https://community.hortonworks.com/content/kbentry/88202/apache-ranger-delegated-admin.html for delegated admin feature. Also, ranger version in HDP 2.6.1 should be ranger 0.7.
... View more
10-20-2017
02:15 PM
You can create the database yourself or let ranger install scripts to create it for you - in that case you need to provide right privileges to the admin user as mentioned in the docs. Name does not have to "ranger", you can configure it as per your env.
... View more
10-13-2017
05:16 PM
You need to fix this issue first. See why hive plugin is not able to download policies from Ranger. Do you see any errors in ranger admin logs? WARN [Thread-14]: client.RangerAdminRESTClient (RangerAdminRESTClient.java:getServicePoliciesIfUpdated(154)) - Error getting policies. secureMode=false, user=hive (auth:SIMPLE), response={"httpStatusCode":400,"statusCode":0}, serviceName=dev_hive
... View more
10-13-2017
01:47 PM
Can you please post the resolution here?
... View more
10-13-2017
01:46 PM
Can you make sure hive configs are updated correctly with ranger authz enabled?
... View more
10-13-2017
01:42 PM
ranger-admin-site.xml will not have the password in plain text, so '_' you see is correct. Make sure your keystore has only one right entry and ranger SSL configs are correct.
... View more
10-10-2017
04:07 PM
1 Kudo
Can you clear the browser cache and try? This might be a browser issue.
... View more
10-02-2017
05:23 PM
DB audit support will not be available from HDP 2.5. So your best bet is to migrate to Solr based audit.
... View more
10-02-2017
05:10 PM
As @Ramesh Mani mentioned above, the best option is to move to use audit on Solr. DB Audit support is not available from HDP 2.5. For this particular case, check if you have any error in xa_portal.log
... View more
10-02-2017
04:59 PM
2017-09-29 11:31:21,835 ERROR hadoop.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(205)) - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 52e, v2580] The above error means there is something wrong in the LDAP config for the knox sso topology. @lmccay might be able to provide more insight here.
... View more
10-02-2017
04:56 PM
You can just fill in the password directly.
... View more
09-22-2017
07:56 PM
Usually the delete calls for users do a soft delete, i.e. they change the status of the user to be not visible. Try passing forceDelete=true to the URL to achieve hard delete.
... View more
09-18-2017
06:07 PM
Hi - you need to provide authentication to ranger for the API call.
... View more
09-12-2017
05:33 PM
If it is a kerberos env, you need to make sure loadbalancer hostname is added to spnego keytab as documented in this link - see step 32 onwards.
... View more
09-11-2017
05:20 PM
ok, can you elaborate on what the error is? Do you see any error in resource manager logs?
... View more
09-11-2017
05:03 PM
Can you post the details on the policies? Do you see any error in hive server log?
... View more