About vperiasamy

vperiasamy · ‎01-29-2018

This means, password for "admin" user or "amb_ranger_admin" user in ranger has changed, but not updated in Ambari. Please refer https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.4/bk_security/content/updating_ranger_admin_passwords.html

vperiasamy · ‎11-20-2017

What error are you getting when accessing ranger?

vperiasamy · ‎11-20-2017

Yes, please make sure to meet DB pre-requisites before creating cluster using blueprint.

vperiasamy · ‎11-07-2017

Glad it worked for you. For Knox plugin, first time policy download happens upon first Knox request. After that any policy modifications should be sync'ed by Knox plugin within 30 seconds. i.e. Every 30 seconds, Knox plugin checks for policy updates from Ranger Admin server. If your issue is resolved, please accept the answer.

vperiasamy · ‎11-06-2017

Knox plugin downloads policies upon first Knox request, not during the startup of Knox gateway. Send a Knox request to see if plugin downloads the policies. Information about this should be available in Knox gateway log, so you can check there.

vperiasamy · ‎11-01-2017

What version of Ranger/HDP are you using? See https://issues.apache.org/jira/browse/RANGER-1632 - this fix is available in HDP 2.6.3 In your case, see if you can change the username attribute to sync the names as per your requirement.

vperiasamy · ‎11-01-2017

Glad you resolved the issue. Please note that hostnames should be used for kerberos, ip address will not work.

vperiasamy · ‎10-31-2017

I am glad it is working for you now. Please accept the answer if your issue is resolved.

vperiasamy · ‎10-31-2017

AES NI is a performance accelerator, so it is not required to use HDFS TDE (transparent data encryption).

vperiasamy · ‎10-30-2017

You can refer this tutorial series https://hortonworks.com/hadoop-tutorial/securing-data-lake-auditing-user-access-using-hdp-security/

vperiasamy · ‎10-27-2017

This support should be added on the Nifi side. I think this is already in the plan for next HDF release and see the below are already in NIFI repo. https://issues.apache.org/jira/browse/NIFI-3653 https://issues.apache.org/jira/browse/NIFI-4032

vperiasamy · ‎10-27-2017

Looks like Nifi is sending the user name as "cn=rverma,ou=People,dc=ex,dc=com", but in ranger access is given to user "rverma". Check if you can sync users in ranger with the full name Nifi is using. You can refer the below articles. https://community.hortonworks.com/articles/58769/hdf-20-enable-ranger-authorization-for-hdf-compone.html https://community.hortonworks.com/articles/57980/hdf-20-apache-nifi-integration-with-apache-ambarir.html https://issues.apache.org/jira/browse/RANGER-1224

vperiasamy · ‎10-27-2017

I see "stderr: Python script has been killed due to timeout after waiting 300 secs" in all the logs attached. So you need to check your kerberos config and investigate why Ambari is taking so much time to complete the kerberization step.

vperiasamy · ‎10-27-2017

Can you please clarify what you are trying to do? Only if you use unix authentication, credValidator needs to be used.

vperiasamy · ‎10-25-2017

If you see groups/users from AD in ranger then that confirms LDAP/AD sync is working. In that case, can you clarify the real issue you are running into?

vperiasamy · ‎10-25-2017

Can you clarify your issue? I don't see any ranger related logs in the attachment.

vperiasamy · ‎10-25-2017

Check the authentication method set on ranger admin. This needs to be LDAP/AD and right properties need to be configured. See https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configure_ranger_authentication.html

vperiasamy · ‎10-25-2017

are you setting up the unix authentication?

vperiasamy · ‎10-24-2017

User holger_gov does not have privileges to create policy. User has to have ADMIN role in ranger or needs to be delegated admin for the specified resource. Can you check this? See https://community.hortonworks.com/content/kbentry/88202/apache-ranger-delegated-admin.html for delegated admin feature. Also, ranger version in HDP 2.6.1 should be ranger 0.7.

vperiasamy · ‎10-20-2017

You can create the database yourself or let ranger install scripts to create it for you - in that case you need to provide right privileges to the admin user as mentioned in the docs. Name does not have to "ranger", you can configure it as per your env.

vperiasamy · ‎10-13-2017

You need to fix this issue first. See why hive plugin is not able to download policies from Ranger. Do you see any errors in ranger admin logs? WARN [Thread-14]: client.RangerAdminRESTClient (RangerAdminRESTClient.java:getServicePoliciesIfUpdated(154)) - Error getting policies. secureMode=false, user=hive (auth:SIMPLE), response={"httpStatusCode":400,"statusCode":0}, serviceName=dev_hive

vperiasamy · ‎10-13-2017

Can you please post the resolution here?

vperiasamy · ‎10-13-2017

Can you make sure hive configs are updated correctly with ranger authz enabled?

vperiasamy · ‎10-13-2017

ranger-admin-site.xml will not have the password in plain text, so '_' you see is correct. Make sure your keystore has only one right entry and ranger SSL configs are correct.

vperiasamy · ‎10-10-2017

Can you clear the browser cache and try? This might be a browser issue.

vperiasamy · ‎10-03-2017

Were you able to resolve this? Any error is knox gateway logs?

vperiasamy · ‎10-02-2017

DB audit support will not be available from HDP 2.5. So your best bet is to migrate to Solr based audit.

vperiasamy · ‎10-02-2017

As @Ramesh Mani mentioned above, the best option is to move to use audit on Solr. DB Audit support is not available from HDP 2.5. For this particular case, check if you have any error in xa_portal.log

vperiasamy · ‎10-02-2017

2017-09-29 11:31:21,835 ERROR hadoop.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(205)) - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 52e, v2580] The above error means there is something wrong in the LDAP config for the knox sso topology. @lmccay might be able to provide more insight here.

vperiasamy · ‎10-02-2017

You can just fill in the password directly.

Online	Offline
Last Visited	‎11-06-2020 08:48 AM

Date Registered	‎09-10-2015 10:36 PM
Last Visited	‎11-06-2020 08:48 AM
Total Messages Posted	261
Total Kudos Received	83

Re: ranger doesn't show resource based policies

Re: Ranger and Ranger-Kms relation

Re: "Java patch PatchPasswordEncryption_J10001 is ...

Re: Unable to log storm audit events to hdfs (sand...

Re: ranger user sync from text file

Re: Ranger Admin Password check warning alert

Re: Not able to Install ApacheRanger(Manual) on HD...

Re: Ranger fails to install with Blueprint

Re: Knox policy synchronization

Re: Knox policy synchronization

Re: Ranger Active directory Integration showing us...

Re: Fail to refer to policies on Ranger Admin HA a...

Re: Is the AES NI CPU necessary for encryption HDF...

Re: Is the AES NI CPU necessary for encryption HDF...

Re: How to test Ranger authorization?

Re: How to enable LDAP Group Authorization for Ni...

Re: How to give permissions to users to access Nif...

Re: Fail to refer to policies on Ranger Admin HA a...

Re: Ranger 0.7.2 PasswordValidator FAILED

Re: Ranger 0.7.2 PasswordValidator FAILED

Re: Fail to refer to policies on Ranger Admin HA a...

Re: Ranger 0.7.2 PasswordValidator FAILED

Re: Ranger 0.7.2 PasswordValidator FAILED

Re: Ranger fails with error "Error creating policy...

Re: Is it necessary to create a database ranger?

Re: Hive LDAP Connection is too slow. Ranger Polic...

Re: Error whilesending Ranger 0.6 Audit to log4j K...

Re: Ranger Authorization error in Hive View 2.0

Re: ranger error Keystore password was incorrect a...

Re: Ranger 0.7.0 UI Not Loading Policies

Re: Knox LDAP Integration

Re: Ranger audits in DB

Re: Ranger Audit not available in Ranger UI. Audit...

Re: Setting up Knox with LDAP

Re: How to make a secret --> SECRET:ranger-env:1:r...