Cloudera Community
rizalt
user rank
Rising Star

[AMBARI] Skipping unlimited key JCE policy check a...

by Rising Star in Support Questions
‎06-11-2024 08:38 PM
1 Kudo
‎06-11-2024 08:38 PM
1 Kudo
Hi Everyone can help me please, I started NodeManager via ambari but showing an error like below Skipping unlimited key JCE policy check and setup since the Java VM is not managed by Ambari   ... View more
Labels:

How to make krb5.keytab

by Rising Star in Support Questions
‎06-11-2024 06:53 PM
‎06-11-2024 06:53 PM
Everyone, can help me How to create keytab krb5.keytab in kerberos ? when I list keytab use " klist -k" show error like below root@master1:~# klist -k Keytab name: FILE:/etc/krb5.keytab klist: Key table file '/etc/krb5.keytab' not found while starting keytab scan   ... View more
Labels:

Re: Failure to login: for principal NodeManager Fr...

by Rising Star in Support Questions
‎06-11-2024 12:56 AM
‎06-11-2024 12:56 AM
I tried command kinit to make sure the password is correct, but message kinit is " password incorrect while getting initial credential" like below   root@master1:~# kinit nm/slave1.hadoop.com@HADOOP.COM Password for nm/slave1.hadoop.com@HADOOP.COM: kinit: Password incorrect while getting initial credentials   What should recreate principal/change the password ? Please give me suggestion, I'm sure the password is correct   ... View more

Re: Failure to login: for principal NodeManager Fr...

by Rising Star in Support Questions
‎06-10-2024 09:19 PM
‎06-10-2024 09:19 PM
Thks @Scharan the repply Yes, I can like below root@slave1:~# klist -kt /etc/security/keytabs/nm.service.keytab Keytab name: FILE:/etc/security/keytabs/nm.service.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 2 06/11/2024 11:05:54 nm/slave1.hadoop.com@HADOOP.COM 2 06/11/2024 11:05:54 nm/slave1.hadoop.com@HADOOP.COM root@slave1:~# ... View more

Failure to login: for principal NodeManager From k...

by Rising Star in Support Questions
‎06-10-2024 07:47 PM
1 Kudo
‎06-10-2024 07:47 PM
1 Kudo
Hi Everyone can help me, I'm strat NodeManger in ambari but show error "failure to login: for principal: nm/slave1.hadoop.com@HADOOP.COM from keytab /etc/security/keytabs/nm.service.keytab"  for detail like below   2024-06-11 09:30:28,202 INFO impl.MetricsSystemImpl (MetricsSystemImpl.java:shutdown(611)) - NodeManager metrics system shutdown complete. 2024-06-11 09:30:28,202 ERROR nodemanager.NodeManager (NodeManager.java:initAndStartNodeManager(965)) - Error starting NodeManager org.apache.hadoop.yarn.exceptions.YarnRuntimeException: Failed NodeManager login at org.apache.hadoop.yarn.server.nodemanager.NodeManager.serviceInit(NodeManager.java:488) at org.apache.hadoop.service.AbstractService.init(AbstractService.java:164) at org.apache.hadoop.yarn.server.nodemanager.NodeManager.initAndStartNodeManager(NodeManager.java:962) at org.apache.hadoop.yarn.server.nodemanager.NodeManager.main(NodeManager.java:1042) Caused by: org.apache.hadoop.security.KerberosAuthException: failure to login: for principal: nm/slave1.hadoop.com@HADOOP.COM from keytab /etc/security/keytabs/nm.service.keytab javax.security.auth.login.LoginException: Unable to obtain password from user at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:2012) at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1365) at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1125) at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:324) at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:288) at org.apache.hadoop.yarn.server.nodemanager.NodeManager.doSecureLogin(NodeManager.java:295) at org.apache.hadoop.yarn.server.nodemanager.NodeManager.serviceInit(NodeManager.java:486) ... 3 more Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:903) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:766) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:618) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:587) at org.apache.hadoop.security.UserGroupInformation$HadoopLoginContext.login(UserGroupInformation.java:2091) at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:2001) ... 9 more 2024-06-11 09:30:28,204 INFO nodemanager.NodeManager (LogAdapter.java:info(51)) - SHUTDOWN_MSG:   any suggestions? ... View more
Labels:

Re: [KERBEROS] Failed to kinit as the KDC administ...

by Rising Star in Support Questions
‎06-07-2024 04:07 PM
1 Kudo
‎06-07-2024 04:07 PM
1 Kudo
@Shelton   I'm using Ubuntu 22.04 & using ODP (https://clemlabs.s3.eu-west-3.amazonaws.com/ubuntu22/odp-release/1.2.2.0-46/ODP) ... View more

Re: [KERBEROS] Failed to kinit as the KDC administ...

by Rising Star in Support Questions
‎06-06-2024 08:44 PM
1 Kudo
‎06-06-2024 08:44 PM
1 Kudo
@Shelton @Majeti  I found in the kdf.conf for "admin_keytab" path /etc/krb5kdc/kadm5.keytab not found, where i can create kadm5.keyab? please see below any suggestions?   ... View more

Re: [KERBEROS] Failed to kinit as the KDC administ...

by Rising Star in Support Questions
‎06-06-2024 05:35 PM
1 Kudo
‎06-06-2024 05:35 PM
1 Kudo
@Shelton  I'm following your step, but show an error like below   root@master1:~# sudo systemctl restart krb5-kdc Job for krb5-kdc.service failed because the control process exited with error code. See "systemctl status krb5-kdc.service" and "journalctl -xeu krb5-kdc.service" for details. root@master1:~# systemctl status krb5-kdc.service × krb5-kdc.service - Kerberos 5 Key Distribution Center Loaded: loaded (/lib/systemd/system/krb5-kdc.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Fri 2024-06-07 00:33:16 UTC; 5min ago Process: 13894 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5-kdc.pid $DAEMON_ARGS (code=exited, status=1/FAILURE) CPU: 92ms Jun 07 00:33:16 master1.hadoop.com systemd[1]: Starting Kerberos 5 Key Distribution Center... Jun 07 00:33:16 master1.hadoop.com krb5kdc[13894]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system Jun 07 00:33:16 master1.hadoop.com krb5kdc[13894]: krb5kdc: Configuration file does not specify default realm, attempt> Jun 07 00:33:16 master1.hadoop.com krb5kdc[13894]: Configuration file does not specify default realm - while attemptin> Jun 07 00:33:16 master1.hadoop.com systemd[1]: krb5-kdc.service: Control process exited, code=exited, status=1/FAILURE Jun 07 00:33:16 master1.hadoop.com systemd[1]: krb5-kdc.service: Failed with result 'exit-code'. Jun 07 00:33:16 master1.hadoop.com systemd[1]: Failed to start Kerberos 5 Key Distribution Center.     ... View more

Re: [KERBEROS] Failed to kinit as the KDC administ...

by Rising Star in Support Questions
‎06-05-2024 05:38 PM
‎06-05-2024 05:38 PM
@Majeti . my issue is  when Ambari tests Kerberos client always shows a dialog box like this My previous settings were like this I have the principal admin/admin@HADOOP.COM and the password is correct,   root@master1:~# kadmin -p admin/admin Authenticating as principal admin/admin with password. Password for admin/admin@HADOOP.COM: kadmin: listprincs HTTP/master1.hadoop.com@HADOOP.COM K/M@HADOOP.COM admin/admin@HADOOP.COM admin/master1.hadoop.com@HADOOP.COM hdfs/master1.hadoop.com@HADOOP.COM kadmin/admin@HADOOP.COM kadmin/changepw@HADOOP.COM krbtgt/HADOOP.COM@HADOOP.COM   Any suggestions for this issue?       ... View more

Re: [KERBEROS] Failed to kinit as the KDC administ...

by Rising Star in Support Questions
‎06-05-2024 01:06 AM
1 Kudo
‎06-05-2024 01:06 AM
1 Kudo
@Shelton  /etc/host root@master1:~# hostname -f master1.hadoop.com /etc/hosts 127.0.0.1 localhost 192.168.122.10 master1.hadoop.com 192.168.122.11 slave1.hadoop.com 192.168.122.12 slave2.hadoop.com # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters   /etc/krb5.conf [libdefaults] renew_lifetime = 7d forwardable = true default_realm = HADOOP.COM ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = /tmp/krb5cc_%{uid} #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [logging] default = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log kdc = FILE:/var/log/krb5kdc.log [realms] HADOOP.COM = { admin_server = master1.hadoop.com kdc = master1.hadoop.com } kadm5.acl */admin@HADOOP.COM * event create ticket show error   root@master1:~# systemctl restart krb5-kdc root@master1:~# systemctl restart krb5-admin-server root@master1:~# kinit -kt /etc/security/keytabs/hdfs.keytab hdfs/master1.hadoop.com@HADOOP.COM kinit: Client 'hdfs/master1.hadoop.com@HADOOP.COM' not found in Kerberos database while getting initial credentials         ... View more
Contact Me
Online
Offline
Last Visited
‎06-29-2025 11:03 PM
Community Statistics
Member Since ‎02-22-2024 05:16 AM
Last Visited ‎06-29-2025 11:03 PM
Posts 28
Kudos received 13