About sriramhadoop27

sriramhadoop27 · ‎11-14-2018

Hi, Here is the issue: Before AD integration on HS2: Users authentication via zeppelin login is successful and users are able to execute notebook via %jdbc(hive) interpreter. After AD integration on HS2: Users authentication via zeppelin login is successful but users are not able to execute hive queries via %jdbc(hive) interpreter Please refer to the below issue raised by me on the same. https://community.hortonworks.com/questions/227457/zeppelin-jdbc-interpreter-issue-when-hs2-is-integr.html Your input is very helpful.

sriramhadoop27 · ‎11-14-2018

@Jay Kumar, Many thanks for your time. i) Here, when HS2 is integrated with AD only below properties are added in hive: a) Domain Name b) LDAP URL. --> Checked connectivity via beeline and it worked ( given Username and password is accepted ) Issue is only when running a simple query in zeppelin notebook. When I execute a notebook ( same user name and password is used to log in to zeppelin ) I got the error Notebook entry is: %jdbc(hive) show databases In one line: ************************* HS2 integration with AD verification is successful when verified against beeline command manually; but via zeppelin jdbc(hive) interpreter it is not working. ************************ Please let me know in case of any question.

sriramhadoop27 · ‎11-14-2018

Hi, In our environment, zeppelin worked fine when HS2 authentication is set to NONE. But, when HS2 is integrated with AD, beeline ( used the same jdbc url in jdbc configuration ) works fine after AD integration but when user executes query via zeepelin notebook below issue is observed: **************************************************************** Could not open client transport for any of the Server URI's in ZooKeeper: Peer indicated failure: Error validating the login **************************************************************** Here are the logs from Zookeeper and HS2. Logs are attached in attachments section and jdbc properties are attached. Zookeeper throws no noticeable error. ==> zookeeper.log <== 2018-11-14 14:06:07,705 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197] - Accepted socket connection from /XXX.XX.X.XX:40246 2018-11-14 14:06:07,705 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@827] - Processing ruok command from /XXX.XX.X.XX:40246 2018-11-14 14:06:07,709 - INFO [Thread-11787:NIOServerCnxn@1008] - Closed socket connection for client /XXX.XX.X.XX:40246 (no session established for client) 2018-11-14 14:07:07,720 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197] - Accepted socket connection from /XXX.XX.X.XX:40360 2018-11-14 14:07:07,721 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@827] - Processing ruok command from /XXX.XX.X.XX:40360 2018-11-14 14:07:07,732 - INFO [Thread-11788:NIOServerCnxn@1008] - Closed socket connection for client /XXX.XX.X.XX:40360 (no session established for client) 2018-11-14 14:08:07,648 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197] - Accepted socket connection from /XXX.XX.X.XX:40490 2018-11-14 14:08:07,651 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@827] - Processing ruok command from /XXX.XX.X.XX:40490 2018-11-14 14:08:07,652 - INFO [Thread-11789:NIOServerCnxn@1008] - Closed socket connection for client /XXX.XX.X.XX:40490 (no session established for client) ==> /var/log/hive/hiveserver2.log <== 2018-11-14 14:08:15,574 ERROR [HiveServer2-Handler-Pool: Thread-77]: transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: LDAP Authentication failed for user [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1]]] at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109) at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539) at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283) at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41) at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216) at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) Logs and jdbc properties are attached in attachments. Thanks for your time.zeppelinissue.txtzeppelin-error1.jpgzeppelin-error2.jpg

sriramhadoop27 · ‎10-26-2018

@Abhilash Chandrasekharan ...were you able to enable HA for mysql database? If yes, could you please help us by posting the steps you followed.

sriramhadoop27 · ‎10-25-2018

@Felix Albani This is in regard to the changing the block size of an existing file from 64mb to 128mb. We are facing some issues when we delete the files. So, is there a way to change the block size of an existing file, without removing the file.

sriramhadoop27 · ‎10-23-2018

@sneethiraj Can non-admin user ( not admin ) assign ROLE or modify ROLE? Straight question - Is admin user the only user who can assign/modify ROLE to a user?

sriramhadoop27 · ‎09-10-2018

@spolavarapu...In my case - OS is not integrated with AD and on OS level id <username> does not give any details. Is this an issue? Integration of OS with AD is mandatory?

sriramhadoop27 · ‎09-10-2018

@Saurabh, Is OS integrated with AD or LDAP? id <username> should reflect group on OS. In my case, OS is not integrated with LDAP.

sriramhadoop27 · ‎09-07-2018

Hi, Verified various links but could not come up with solution. Ranger policy is not applied to a user when policy has user group name but is successful when applied to user directly. Here is the information: a) HDP - 2.6.5; Ranger - 0.7.0; CentOS 6.5; Windows 2012 R2 is used as AD ( has full admin privileges on AD ) b) Settings: Incremental Sync - Enabled Username Attribute - sAMAccountName; User Object Class: user; User Search Filter: cn=*; user search scop: sub; User Group Name Attribute - memberOf,ismemberof; Group User Map Sync - False or disabled. Enable Group Sync - Enabled; Group Member Attribute - member; Group Name Attribute - sAMAccountName; Group Object Class - group;Group Search Filter - CN=*; Enable Group Search First - False or disabled. c) On OS side: hdfs groups <username> gives the group name of the user and the same user name ( with exact case ) is present in Ranger Groups Still the user is not able to access hive databases in spite of policy allowing members of group to which the user belongs to. Can someone please help me on this. @spolavarapu @Felix Albani or anyone can help me on this.

sriramhadoop27 · ‎07-26-2018

Everyone following this article. Make sure value is set for property zeppelin.jdbc.auth.type in jdbc interpreter either as SIMPLE or KERBEROS. In my case, impersonation did not happen properly when the property has null value, and I changed the value to SIMPLE.

Online	Offline
Last Visited	‎08-14-2019 06:45 PM

Member Since	‎12-27-2016 11:29 AM
Last Visited	‎08-14-2019 06:45 PM
Posts	156
Kudos received	2

Cloudera Community

Re: Ambari Setup, and the Zeppelin Livy Interprete...

Does HS2 integration with AD impact zeppelin confi...

Re: zeppelin jdbc interpreter issue when HS2 is i...

zeppelin jdbc interpreter issue when HS2 is integ...

Re: High Availability for MySQL Database

Re: How to change the block size of existing files...

Re: Apache Ranger - Delegated Admin

Re: Ranger policy for group not working...Checked ...

Re: Ranger policy for group not working...Checked ...

Ranger policy for group not working...Checked all ...

Re: How to enable user impersonation for JDBC inte...