@Geoffrey Shelton Okot Thank you for your time. I tried with different ways. Now i am able to start kadmin and enabled too. Able to get generate Principals. [root@Host krb5kdc]# kadmin.local Authenticating as principal root/admin@RELAY.COM with password. kadmin.local: when i do keytab file to generate ls: cannot access /etc/security/keytabs: No such file or directory I do Klist it says empty. After I do all these I went to ambari and enable kerberos and selected as existing KDC and Principal as root/admin@RELAY.COM and password that we generated when we creating these principal. Still in test client is is failed. Error in KDC Host : 2017-08-29 11:04:22,427 - Failed to create principal, phddata-08291@RELAY.COM - Failed to create service principal for phddata-08291@RELAY.COM STDOUT: Authenticating as principal root/admin@RELAY.COM with password. Password for root/admin@RELAY.COM: Enter password for principal "phddata-08291@RELAY.COM": Re-enter password for principal "phddata-08297@RELAY.COM": STDERR: WARNING: no policy specified for phddata-08291@RELAY.COM; defaulting to no policy add_principal: Operation requires ``add'' privilege while creating "phddata-08291@RELAY.COM". ... View more

1. yes 2. -bash: cd: /etc/security/keytabs/*: No such file or directory 3. kadmin.local: Can not fetch master key (error: No such file or directory). while initializing kadmin.local interface 4. Yes [kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] RELAY.COM = { #master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab [libdefaults] renew_lifetime = 7d forwardable = true default_realm = RELAY.COM ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = /tmp/krb5cc_%{uid} #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [domain_realm] host.com = RELAY.COM .host.com = RELAY.COM [logging] default = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log kdc = FILE:/var/log/krb5kdc.log [realms] RELAY.COM = { admin_server = ambari and kerberos hostname where installed kdc = host } * /admin@RELAY.COM * ... View more

@Geoffrey Shelton Okot looks like there will be lot of mess up on my cluster. I follow same steps not able to do kinit. kinit: Client 'host/*@RELAY.COM' not found in Kerberos database while getting initial credentials How do i reset everything and re do from Scratch ... View more

@Geoffrey Shelton Okot Thank you so much for your help. These are the configs i specified On ambari server Configs here : kdc.conf [kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] RELAY.COM = { #master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab cat kadm5.acl * /admin@RELAY.COM * [libdefaults] renew_lifetime = 7d forwardable = true default_realm = RELAY.COM ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = /tmp/krb5cc_%{uid} #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [logging] default = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log kdc = FILE:/var/log/krb5kdc.log [realms] RELAY.COM = { admin_server = RELAY.COM kdc = IP kdc = IP kdc = IP kdc = IP kdc = IP kdc = IP } krb5kdc.service - Kerberos 5 KDC Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Fri 2017-08-25 10:53:48 PDT; 3s ago Process: 22602 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid $KRB5KDC_ARGS (code=exited, status=1/FAILURE) Main PID: 1911 (code=exited, status=0/SUCCESS) Aug 25 10:53:48 systemd[1]: Starting Kerberos 5 KDC... Aug 25 10:53:48 krb5kdc[22602]: krb5kdc: cannot initialize realm RELAY.COM - see log file for details Aug 25 10:53:48 : krb5kdc.service: control process exited, code=exited status=1 Aug 25 10:53:48: Failed to start Kerberos 5 KDC. Aug 25 10:53:48 Unit krb5kdc.service entered failed state. Aug 25 10:53:48 krb5kdc.service failed. ... View more

@Geoffrey Shelton Okot followed all these steps when i am starting Krb5kdc and kadmin I am Getting error like these. Job for krb5kdc.service failed because the control process exited with error code. See "systemctl status krb5kdc.service" and "journalctl -xe" for details. ... View more

Thank You. ... View more

@Geoffrey Shelton Okot If you can share step by step that much heplful to get done. ... View more

@Geoffrey Shelton Okot Yes I did created principal as admin/admin@host.com and OS is centos 7 ... View more

@Sonu Sahi I added directories and mounted in data nodes only. If i attach to master nodes does it act like datanode ? ... View more