Cloudera Community
kabadou_rawia
user rank
Explorer

Re: How to resolve Error 401 Authentication requir...

by Explorer in Support Questions
‎11-14-2017 08:13 AM
‎11-14-2017 08:13 AM
@Geoffrey Shelton Okot Hello, the output of $klist as hue user is: Ticket cache: FILE:/tmp/krb5cc_1019 Default principal: hue/ambari@ROSAFI.COM Valid starting Expires Service principal 11/13/17 14:17:25 11/14/17 00:17:25 krbtgt/ROSAFI.COM@ROSAFI.COM renew until 11/20/17 14:17:25 I've tried to grab a kerberos ticket as mentioned above but i still get the same error when i access to my Hue UI. ... View more

How to resolve Error 401 Authentication required i...

by Explorer in Support Questions
‎11-13-2017 02:54 PM
‎11-13-2017 02:54 PM
Hello, I've enabled kerberos on my cluster and i've installed on it Hue. Hue was running correctly until kerberos is enabled. I've configured kerberos for Hue by following this link: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/kerb-config-hue.html When i accessed to my Hue UI and i navigate through it to Pig, Hive ... I got the errors mentioned in "error1.png" and "error2.png". How can i fix this issue? ... View more
Labels:

Re: Is the AES NI CPU necessary for encryption HDF...

by Explorer in Support Questions
‎10-31-2017 01:40 PM
‎10-31-2017 01:40 PM
@vperiasamy Thank you for your reply. I've skipped the first sub-step related to AES NI CPU and i proceeded with the second sub-step for libcrypto. When i tap $ hadoop checknative i got the same output mentioned in the tutorial. So, everything is working correctly. ... View more

Is the AES NI CPU necessary for encryption HDFS da...

by Explorer in Support Questions
‎10-31-2017 11:02 AM
‎10-31-2017 11:02 AM
Hello, I'm trying to configure and use HDFS data at rest encryption. I'm stuck at the step of preparing the environment as mentioned in the following link: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/AES-NI-CPU-support.html. When i do $ cat /proc/cpuinfo | grep aes i got nothing in return. So, AES NI is not enabled on my CPU. My questions are: 1- Is it possible to skip all these steps mentioned in the section "Prepare the environment" and proceed the next step which is "Create an Encryption Key"? If no: 2- How can enable AES NI CPU for the first sub-step? 3- How can i install version libcrypto.so mentioned in the second sub-step on my Ubuntu 14.04? I'll be grateful if someone could help me. ... View more

Re: How to test Ranger authorization?

by Explorer in Support Questions
‎10-30-2017 02:07 PM
‎10-30-2017 02:07 PM
@vperiasamy Thank you for your reply. I'll check the link above. I'll get back to you with my feedback after testing it. ... View more

How to test Ranger authorization?

by Explorer in Support Questions
‎10-30-2017 01:29 PM
‎10-30-2017 01:29 PM
Hello, I've installed Ranger on my kerberized cluster and it works correctly. I've followed this link https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.3/bk_Security_Guide/content/installing_ranger_using_ambari.html to install Ranger. I've tried to follow this link https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.3/bk_Security_Guide/content/hdfs_service.html to configure HDFS service for example in order to test Ranger functionalities, but i didn't understand the utility of this service and how can i test it after creating it? So, my question is how to check the utility of Ranger in my cluster and how to test the authorization which is the principal goal of Ranger? I would be grateful if someone could help me understand this issue. ... View more

How to test kerberos authentication?

by Explorer in Support Questions
‎10-30-2017 11:47 AM
‎10-30-2017 11:47 AM
Hello, I've installed kerberos on my cluster and it works correctly. My question is how to check the utility of Kerberos in my cluster and how to test the authentication which is the principal goal of kerberos? I'll be grateful if you help me to understand this issue. ... View more
Labels:

Re: How to fix test Kerberos client?

by Explorer in Support Questions
‎10-27-2017 04:55 PM
‎10-27-2017 04:55 PM
@Robert Levas Thank you for your detailed explanation. With these details, i've resolved my issue. It was a problem in my kadm5.acl. ... View more

Re: How to fix test Kerberos client?

by Explorer in Support Questions
‎10-27-2017 01:39 PM
‎10-27-2017 01:39 PM
@Robert Levas Thank you for your reply. I've tried the test above and the result are attached in "test.png". I've concluded that my admin account does not have the proper rights to create accounts. I've edited my /var/kerberos/krb5kdc/kadm5.acl from */admin * to */admin@ROSAFI.COM * and I've restarted my krb5-admin -server and krb5-kdc. From/var/log/ambari-server/ambari-server.log, i got this error as you have expected: 27 Oct 2017 15:42:45,206 ERROR [Server Action Executor Worker 2313] MITKerberosOperationHandler:207 - Failed to execute kadmin query: add_principal -pw "********" sparkcluster-102717@ROSAFI.COM STDOUT: Authenticating as principal admin/admin@ROSAFI.COM with password. Password for admin/admin@ROSAFI.COM: Enter password for principal "sparkcluster-102717@ROSAFI.COM": Re-enter password for principal "sparkcluster-102717@ROSAFI.COM": STDERR: WARNING: no policy specified for sparkcluster-102717@ROSAFI.COM; defaulting to no policy add_principal: Operation requires ``add'' privilege while creating "sparkcluster-102717@ROSAFI.COM". So, for now my questions are: 1- How can i set the proper rights to my admin account? 2- What is the difference between "kadmin.local" and "kadmin -p admin/admin"? Would you please help me to continue with resolving this issue? ... View more

How to fix test Kerberos client?

by Explorer in Support Questions
‎10-27-2017 11:36 AM
‎10-27-2017 11:36 AM
Hello, I'm trying to set up Kerberos automatically on my cluster, which is composed of 2 nodes (ambari-server and ambari-agent1). I've installed KDC and KDC admin server on ambari-server. I've followed this link https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/_launching_the_kerberos_wizard_automated_setup.html, the 2.Authentication and I'm stuck in Launching the kerberos Wizard (Automated Setup) when i tried to test kerberos client as shown in "error.png". I attached the logs that can be related to this issue in "1_log.png" from /var/log/krb5kdc.log and in "2_log.png" from /var/log/krb5.log. My question are: 1- What does this prerequisite "Ambari server and all cluster hosts have network access to both the KDC and KDC admin hosts" mentioned as the first one in "prerequisites for kerberos.png" mean? What are the necessary steps to be done to ensure this prerequisite? 2- Where can i find the default log attached to kerberos? 3- Is it possible that the test kerberos client is failed for ambari-server because I've installed on it both KDC and kerberos client? 4- How can i debug the errors mentioned in "1_log.png" and "2_log.png"? I'm really stuck, I'll be grateful if you try to help me resolve this issue? ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎12-06-2017 02:33 PM
Community Statistics
Member Since ‎08-30-2017 01:06 PM
Last Visited ‎12-06-2017 02:33 PM
Posts 83