Member since
07-25-2015
6
Posts
0
Kudos Received
1
Solution
My Accepted Solutions
| Title | Views | Posted |
|---|---|---|
| 8554 | 07-27-2015 04:02 AM |
08-06-2015
07:44 AM
Hi, i have implemented kerberos in cloudera CDH-5.3 successfully and now able to restart the cluster and all services successfully. But when i open hdfs service in the remote machine's web browser and goto - NameNode Web UI (Active)-> and click ->Utilities- Browse the file System, i get this error - "Permission denied when trying to open /webhdfs/v1/?op=LISTSTATUS: GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)" Why am i getting this error and not able to browse the files in my hdfs?? Is it due to any files permission that need to be changed?? I googled the above error but all that i get is they are pointing towards kerberos implementation on webserver, but i have not implemented any kerberos on webserver so i think i don't need to do any changes in web browser's settings.
... View more
Labels:
08-05-2015
07:39 AM
Hi, I am trying to implement Kerberos security on cloudera CDH-5.3. In kerberos implementation wizard it generates principals for all the services. The prinicpal generated are as follows - kadmin.local: listprincs HTTP/01hw310845.India.ABC.com@INDIA.ABC.COM K/M@INDIA.ABC.COM cloudera-scm@INDIA.ABC.COM hdfs/01hw310845.India.ABC.com@INDIA.ABC.COM hive/01hw310845.India.ABC.com@INDIA.ABC.COM hue/01hw310845.India.ABC.com@INDIA.ABC.COM impala/01hw310845.India.ABC.com@INDIA.ABC.COM kadmin/01hw310845.india.ABC.com@INDIA.ABC.COM kadmin/admin@INDIA.ABC.COM kadmin/changepw@INDIA.ABC.COM krbtgt/INDIA.ABC.COM@INDIA.ABC.COM mapred/01hw310845.India.ABC.com@INDIA.ABC.COM yarn/01hw310845.India.ABC.com@INDIA.ABC.COM zookeeper/01hw310845.India.ABC.com@INDIA.ABC.COM But when i try to start all the services in the cluster it gives following error - Failed to start namenode. java.io.IOException: Login failure for hdfs/01hw310845.india.abc.com@INDIA.ABC.COM from keytab hdfs.keytab at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:947) at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:242) at org.apache.hadoop.hdfs.server.namenode.NameNode.loginAsNameNodeUser(NameNode.java:560) at org.apache.hadoop.hdfs.server.namenode.NameNode.initialize(NameNode.java:579) at org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:754) at org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:738) at org.apache.hadoop.hdfs.server.namenode.NameNode.createNameNode(NameNode.java:1427) at org.apache.hadoop.hdfs.server.namenode.NameNode.main(NameNode.java:1493) Caused by: javax.security.auth.login.LoginException: Client not found in Kerberos database (6) - CLIENT_NOT_FOUND at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:763) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) at javax.security.auth.login.LoginContext.login(LoginContext.java:595) at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:938) ... 7 more Caused by: KrbException: Client not found in Kerberos database (6) - CLIENT_NOT_FOUND at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:82) at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:319) at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:364) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:735) ... 20 more Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:143) at sun.security.krb5.internal.ASRep.init(ASRep.java:65) at sun.security.krb5.internal.ASRep.<init>(ASRep.java:60) at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60) ... 23 more The problem seems to be that principal name that cloudera uses to authenticate is in SMALL LETTERS of FQDN while the generated princpals are in CAPITAL LETTERS. How to ensure that cloudera generates the principals(domain name) from - /etc/host file without converting it into small case
... View more
07-27-2015
04:02 AM
Thanks for your response. I removed the previous version by issuing yum list|grep my version then I yum removed all the prvious versions. Thanks
... View more
07-25-2015
08:26 AM
I am getting this error on the same host Cluster Installation Detecting CDH versions on all hosts Detected multiple CDH versions. All hosts should have the same CDH version. Check Again The following host(s) are running CDH 5.3.0: 01HWxxxxxxxxxxxcs.com The following host(s) are running CDH 5.1.3: 01HWxxxxxxxxxxxcs.com Ensure that all hosts have the same CDH version and then click Check Again to proceed.
... View more
Labels: