Member since
12-27-2016
156
Posts
2
Kudos Received
1
Solution
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1060 | 07-02-2018 11:52 AM |
11-14-2018
10:34 AM
Hi, Here is the issue: Before AD integration on HS2: Users authentication via zeppelin login is successful and users are able to execute notebook via %jdbc(hive) interpreter. After AD integration on HS2: Users authentication via zeppelin login is successful but users are not able to execute hive queries via %jdbc(hive) interpreter Please refer to the below issue raised by me on the same. https://community.hortonworks.com/questions/227457/zeppelin-jdbc-interpreter-issue-when-hs2-is-integr.html Your input is very helpful.
... View more
Labels:
- Labels:
-
Apache Hive
-
Apache Zeppelin
11-14-2018
10:26 AM
@Jay Kumar, Many thanks for your time. i) Here, when HS2 is integrated with AD only below properties are added in hive: a) Domain Name b) LDAP URL. --> Checked connectivity via beeline and it worked ( given Username and password is accepted ) Issue is only when running a simple query in zeppelin notebook. When I execute a notebook ( same user name and password is used to log in to zeppelin ) I got the error Notebook entry is: %jdbc(hive) show databases In one line: ************************* HS2 integration with AD verification is successful when verified against beeline command manually; but via zeppelin jdbc(hive) interpreter it is not working. ************************ Please let me know in case of any question.
... View more
11-14-2018
08:51 AM
Hi, In our environment, zeppelin worked fine when HS2 authentication is set to NONE. But, when HS2 is integrated with AD, beeline ( used the same jdbc url in jdbc configuration ) works fine after AD integration but when user executes query via zeepelin notebook below issue is observed: **************************************************************** Could not open client transport for any of the Server URI's in ZooKeeper: Peer indicated failure: Error validating the login **************************************************************** Here are the logs from Zookeeper and HS2. Logs are attached in attachments section and jdbc properties are attached. Zookeeper throws no noticeable error. ==> zookeeper.log <==
2018-11-14 14:06:07,705 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197] - Accepted socket connection from /XXX.XX.X.XX:40246
2018-11-14 14:06:07,705 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@827] - Processing ruok command from /XXX.XX.X.XX:40246
2018-11-14 14:06:07,709 - INFO [Thread-11787:NIOServerCnxn@1008] - Closed socket connection for client /XXX.XX.X.XX:40246 (no session established for client)
2018-11-14 14:07:07,720 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197] - Accepted socket connection from /XXX.XX.X.XX:40360
2018-11-14 14:07:07,721 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@827] - Processing ruok command from /XXX.XX.X.XX:40360
2018-11-14 14:07:07,732 - INFO [Thread-11788:NIOServerCnxn@1008] - Closed socket connection for client /XXX.XX.X.XX:40360 (no session established for client)
2018-11-14 14:08:07,648 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197] - Accepted socket connection from /XXX.XX.X.XX:40490
2018-11-14 14:08:07,651 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@827] - Processing ruok command from /XXX.XX.X.XX:40490
2018-11-14 14:08:07,652 - INFO [Thread-11789:NIOServerCnxn@1008] - Closed socket connection for client /XXX.XX.X.XX:40490 (no session established for client) ==> /var/log/hive/hiveserver2.log <==
2018-11-14 14:08:15,574 ERROR [HiveServer2-Handler-Pool: Thread-77]: transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure
javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: LDAP Authentication failed for user [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1]]]
at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)
at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283)
at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) Logs and jdbc properties are attached in attachments. Thanks for your time.zeppelinissue.txtzeppelin-error1.jpgzeppelin-error2.jpg
... View more
Labels:
- Labels:
-
Apache Hive
-
Apache Zeppelin
10-26-2018
09:23 AM
@Abhilash Chandrasekharan ...were you able to enable HA for mysql database? If yes, could you please help us by posting the steps you followed.
... View more
10-25-2018
07:22 AM
@Felix Albani This is in regard to the changing the block size of an existing file from 64mb to 128mb. We are facing some issues when we delete the files. So, is there a way to change the block size of an existing file, without removing the file.
... View more
10-23-2018
08:35 AM
@sneethiraj Can non-admin user ( not admin ) assign ROLE or modify ROLE? Straight question - Is admin user the only user who can assign/modify ROLE to a user?
... View more
09-10-2018
06:24 PM
@spolavarapu...In my case - OS is not integrated with AD and on OS level id <username> does not give any details. Is this an issue? Integration of OS with AD is mandatory?
... View more
09-10-2018
02:31 PM
@Saurabh, Is OS integrated with AD or LDAP? id <username> should reflect group on OS. In my case, OS is not integrated with LDAP.
... View more
09-07-2018
12:04 AM
Hi, Verified various links but could not come up with solution. Ranger policy is not applied to a user when policy has user group name but is successful when applied to user directly. Here is the information: a) HDP - 2.6.5; Ranger - 0.7.0; CentOS 6.5; Windows 2012 R2 is used as AD ( has full admin privileges on AD ) b) Settings: Incremental Sync - Enabled Username Attribute - sAMAccountName; User Object Class: user; User Search Filter: cn=*; user search scop: sub; User Group Name Attribute - memberOf,ismemberof; Group User Map Sync - False or disabled. Enable Group Sync - Enabled; Group Member Attribute - member; Group Name Attribute - sAMAccountName; Group Object Class - group;Group Search Filter - CN=*; Enable Group Search First - False or disabled. c) On OS side: hdfs groups <username> gives the group name of the user and the same user name ( with exact case ) is present in Ranger Groups Still the user is not able to access hive databases in spite of policy allowing members of group to which the user belongs to. Can someone please help me on this. @spolavarapu @Felix Albani or anyone can help me on this.
... View more
Labels:
- Labels:
-
Apache Ranger
07-26-2018
05:47 AM
Everyone following this article. Make sure value is set for property zeppelin.jdbc.auth.type in jdbc interpreter either as SIMPLE or KERBEROS. In my case, impersonation did not happen properly when the property has null value, and I changed the value to SIMPLE.
... View more