About Adija1

Adija1 · ‎02-09-2016

Hello Gurus :) HDP 2.3.2 Ambari 2.1.2.1 I'm trying to setup HiveServer2 with LDAP authentication. It seems pretty straightforward: I performed the following: Changed HiveServer2 Authentication to LDAP Then i setup my LDAP server url (as the Ambari requested): Restarted the Hive but hiveserver2.log shows the following during it's startup: ERROR [HiveServer2-Handler-Pool: Thread-56]: transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error validating LDAP user [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]]] According to the error LDAP 49 - 52e the problem is with the credentials that were passed to the LDAP server. I don't find any field \ parameter in which i set the LDAP user & password for authentication... Needless to say that the authentication acts as if it is set to NONE (which is a major problem....) Any ideas ? Thanks in advance Adi J.

Adija1 · ‎02-09-2016

After changing amb_ranger_admin password in ranger and in Ambari - problem resolved. What i don't understand is why. I didn't change this user's password in the first place. I didn't even know this user exists. I only changed the user called "admin" in Ranger WEB UI & in Ambari. I never ever touched, edited, updated, changed a user called amb_ranger_admin. Not in Ambari & not in Ranger. But after setting a new password for this amb_ranger_admin user - in Ambari & in Ranger - problem solved. Thank you all for your responses. I rewarded points to everyone 🙂

Adija1 · ‎02-07-2016

Very similar. The error you posted refers to HDFS. Mine looks practically the same just with HIVE instead of HDFS.

Adija1 · ‎02-07-2016

Tried every combination including reverting back to the default admin password in Ranger - still no luck. HiveServer2 won't start as long as it it's Auth are configured using Ranger. "No JSON object could be decoded" 😞 Thx a million for trying !

Adija1 · ‎02-07-2016

Please check if Hive is set for Ranger (Under Security just like in my screenshot). It might be set to NONE or SQLstdAuth

Adija1 · ‎02-07-2016

I updated the 2 locations as described in official docs. Not just one.

Adija1 · ‎02-07-2016

I was referring to HiveServer2 - not Namenode. In my scenario the Ranger is managing Hive authorization. So unless Hive isn't set to use Ranger - you won't have this issue.

Adija1 · ‎02-07-2016

I appreciate your offer but no support agreement yet unfortunately. We are still in (advanced) POC stages... Thanks a lot anyways ! Highly appreciated.

Adija1 · ‎02-07-2016

This bug prohibits us from using Ranger which is a great tool for permission governance.

Adija1 · ‎02-07-2016

Hi Neeraj and thank you for your reply ! I've went through this doc and did set the password in both of these places in Ambari >> Ranger. (Both under "Admin Settings" >>> Ranger Admin user's password for Ambari" & under Advanced ranger-env >>> admin password).However - problem remains. It is very easy to reproduce - just change Ranger's admin password in UI + both places in Ambari and see for yourself. HiveServer2, if configured to authorize using Ranger, won't start. It has been confirmed and consistent on two different clusters.

Online	Offline
Last Visited	‎09-20-2018 02:06 PM

Member Since	‎02-04-2016 06:49 AM
Last Visited	‎09-20-2018 02:06 PM
Posts	132
Kudos received	52

Cloudera Community

Re: Connection failed to DataNode:50075 sometimes

Re: decommision datanode and keep other service

Re: Ambari-Agent high cpu & Datanode without heart...

Re: Permissions problem in Capacity Scheduler view...

Re: Ranger Audit stopped working after server rebo...

LDAP: error code 49 when setting LDAP auth for Hiv...

Re: HiveServer2 won't start after changing Ranger'...

Re: HiveServer2 won't start after changing Ranger'...

Re: HiveServer2 won't start after changing Ranger'...

Re: HiveServer2 won't start after changing Ranger'...

Re: HiveServer2 won't start after changing Ranger'...

Re: HiveServer2 won't start after changing Ranger'...

Re: HiveServer2 won't start after changing Ranger'...

Re: HiveServer2 won't start after changing Ranger'...

Re: HiveServer2 won't start after changing Ranger'...